Autoexec.exe - Rookit spyware/virus?

December 31, 2009 at 17:09:22
Specs: Windows XP, Pentium 4 2.4GHZ
Hello, I am currently having an issue with my PC. My "avast! Antivirus" program is detecting some kind of file that is infected by malware. The filename of the infected file is C:\autoexec.exe

Here's a picture of my avast! Warning window: http://img704.imageshack.us/img704/...

Can anyone help me with this problem?


See More: Autoexec.exe - Rookit spyware/virus?

Report •


#1
December 31, 2009 at 18:47:31
Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
December 31, 2009 at 19:42:48
Malwarebytes log:

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.2180

12/31/2009 10:11:52 PM
mbam-log-2009-12-31 (22-11-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 6546
Time elapsed: 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\d3dx10_3532.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\d3dx10_3732.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\34625efe724 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\d3dx10_3532.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\d3dx10_3532.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\d3dx10_3532.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\d3dx10_3732.dll (Trojan.Tracur) -> Delete on reboot.

---------------------------------
---------------------------------
---------------------------------

RSIT Logs:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Isaac Sagoe III at 2009-12-31 22:34:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (36%) free of 153 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:00 PM, on 12/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP2 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Isaac Sagoe III\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Isaac Sagoe III.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

----

2nd RSIT log file -

info.txt logfile of random's system information tool 1.06 2009-12-31 22:35:04

======Uninstall list======

-->"C:\Program Files\Creative\SB Live! 24-bit\Program\Ctzapxx.EXE" /U /S
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu" -c"C:\WINDOWS\StiRegstEng.dll"
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D1A81AA-ED90-11D6-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E142615E-5ED8-4511-9BF0-0284BFA25766}\Setup.exe" -l0x9 -uninst
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Batman: Arkham Asylum-->"C:\Program Files\Steam\steam.exe" steam://uninstall/35010
Belarc Advisor 7.2-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Capoeira Fighter 3-->C:\PROGRA~1\SHOCKW~1.COM\CAPOEI~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\CAPOEI~1\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Online Reference Guide-->C:\Program Files\epson\guide\uninstall.exe
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}\setup.exe" -l0x9 MyUninstall
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
gigabeat T400 Documents-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D7B7609-5F9F-43B3-8709-9D8673531CA7}\Setup.exe" -l0x9 -removeonly
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Global Agenda - Beta-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17030
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Ink Monitor-->C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Left 4 Dead 2-->"C:\program files\steam\steam.exe" steam://uninstall/550
LimeWire 5.3.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{B45FABE7-D101-4D99-A671-E16DA40AF7F0}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411-->MsiExec.exe /X{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}
Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mirror's Edge-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17410
Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
NBA 2K10-->"C:\program files\steam\steam.exe" steam://uninstall/40920
Ninja Blade-->"C:\program files\steam\steam.exe" steam://uninstall/37010
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
Nvidia Omega Drivers v2.169.21 Setup Files-->"C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe" "/U:C:\Program Files\Nvidia Omega Drivers\v2.169.21\Omega Uninstall.xml"
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
Presto! BizCard 4.1 Eng-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{54326DF1-1A48-4CA7-9845-B4178EBE93B5}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SIW version 2009.10.22-->"C:\Program Files\SIW\unins000.exe"
SkillGround Game Manager-->rundll32 C:\WINDOWS\system32\SkillGround\SkillGround.dll,SkillGround_Execute UNINSTALL
Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{734BB64A-5A3D-4624-867D-6358B7068496}\SETUP.EXE" -l0x9
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars Jedi Knight: Jedi Academy-->"C:\Program Files\Steam\steam.exe" steam://uninstall/6020
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
Torchlight-->"C:\program files\steam\steam.exe" steam://uninstall/41500
Twin USB Vibration Gamepad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA12FD6D-169A-11D7-A6A9-00C026281E5A}\setup.exe" -l0x9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [WiniGuard] C:\Program Files\WiniGuard Software\WiniGuard\WiniGuard.exe -min [2009-01-15]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 091231-0]

======System event log======

Computer Name: ISAAC
Event Code: 16
Message:
Record Number: 3219
Source Name: Windows Update Agent
Time Written: 20091012012208.000000-240
Event Type: error
User:

Computer Name: ISAAC
Event Code: 20
Message: Printer Driver HP LaserJet 2200 Series PCL for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, HPLJ2200.GPD, UNIDRV.HLP, PCL5ERES.DLL, UNIRES.DLL, hpcfont.dll, hpcstr.dll, hpcljx.hlp, hpcmacro.gpd, hpcfont.gpd, TTFSUB.GPD, STDNAMES.GPD.

Record Number: 3215
Source Name: Print
Time Written: 20091011235512.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ISAAC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3213
Source Name: Tcpip
Time Written: 20091011132408.000000-240
Event Type: warning
User:

Computer Name: ISAAC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3184
Source Name: Tcpip
Time Written: 20091011121137.000000-240
Event Type: warning
User:

Computer Name: ISAAC
Event Code: 10010
Message: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Record Number: 3181
Source Name: DCOM
Time Written: 20091011020312.000000-240
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: ISAAC
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.0.3526, faulting module npswf32.dll, version 10.0.32.18, fault address 0x002e5b9a.

Record Number: 12592
Source Name: Application Error
Time Written: 20091019082815.000000-240
Event Type: error
User:

Computer Name: ISAAC
Event Code: 1517
Message: Windows saved user ISAAC\Isaac Sagoe III registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 12477
Source Name: Userenv
Time Written: 20091016082106.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ISAAC
Event Code: 1517
Message: Windows saved user ISAAC\Isaac Sagoe III registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 12388
Source Name: Userenv
Time Written: 20091013121924.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ISAAC
Event Code: 1517
Message: Windows saved user ISAAC\Isaac Sagoe III registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 12305
Source Name: Userenv
Time Written: 20091011124031.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ISAAC
Event Code: 1517
Message: Windows saved user ISAAC\Isaac Sagoe III registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 12234
Source Name: Userenv
Time Written: 20091009080911.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


Report •

#3
December 31, 2009 at 20:07:45
LimeWire is a p2p program that puts your computer at risk by allowing a shared folder to bypass your antivirus through an open port. Probably how you were infected. I suggest that you uninstall it at least until the computer is cleaned.

Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 17 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

(((Please download Combofix with internet explorer instead of FireFox.)))

Remember..your Avast antivirus, Spybot's TeaTimer, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

Related Solutions

#4
December 31, 2009 at 21:34:14
Combofix log
----

ComboFix 09-12-31.07 - Isaac Sagoe III 01/01/2010 0:25.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1640 [GMT -5:00]
Running from: c:\documents and settings\Isaac Sagoe III\Desktop\Guhaboo.exe
AV: avast! antivirus 4.8.1368 [VPS 091231-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Isaac Sagoe III\Application Data\02000000f9b4ef14724C.manifest
c:\documents and settings\Isaac Sagoe III\Application Data\02000000f9b4ef14724O.manifest
c:\documents and settings\Isaac Sagoe III\Application Data\02000000f9b4ef14724P.manifest
c:\documents and settings\Isaac Sagoe III\Application Data\02000000f9b4ef14724S.manifest
c:\documents and settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles\l4nw5s7c.default\extensions\{047ff633-b725-4d0d-9365-2be705cd8c2c}
c:\documents and settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles\l4nw5s7c.default\extensions\{047ff633-b725-4d0d-9365-2be705cd8c2c}\chrome.manifest
c:\documents and settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles\l4nw5s7c.default\extensions\{047ff633-b725-4d0d-9365-2be705cd8c2c}\chrome\xulcache.jar
c:\documents and settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles\l4nw5s7c.default\extensions\{047ff633-b725-4d0d-9365-2be705cd8c2c}\defaults\preferences\xulcache.js
c:\documents and settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles\l4nw5s7c.default\extensions\{047ff633-b725-4d0d-9365-2be705cd8c2c}\install.rdf
c:\documents and settings\Isaac Sagoe III\Application Data\SystemProc
c:\documents and settings\Isaac Sagoe III\My Documents\OldReg.reg
C:\install.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\0121mixed.bin
c:\windows\system32\Data
c:\windows\system32\FFq2a0Zvuc19SrY.vbs
c:\windows\system32\threat448y.bin

.
((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2010-01-01 05:20 . 2010-01-01 05:20 152576 ----a-w- c:\documents and settings\Isaac Sagoe III\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-01 03:34 . 2010-01-01 03:35 -------- d-----w- C:\rsit
2010-01-01 03:06 . 2010-01-01 03:06 5061519 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-31 05:03 . 2009-12-31 05:03 41472 ----a-w- C:\autoexec.exe
2009-12-29 15:13 . 2009-12-29 15:13 10 ----a-w- C:\confin.sys
2009-12-29 14:30 . 2009-12-29 14:30 -------- d-sh--w- c:\documents and settings\Isaac Sagoe III\IECompatCache
2009-12-26 23:20 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-26 23:20 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-26 23:20 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-26 23:20 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-26 23:20 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-26 23:20 . 2009-12-26 23:20 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-26 21:53 . 2009-12-26 21:53 -------- d-----w- C:\879e650680d6f918b811cf6fbe034931
2009-12-26 21:53 . 2009-12-26 23:39 -------- d-----w- C:\62fc4ded165176a04f725f
2009-12-26 21:53 . 2009-12-26 21:53 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-12-26 10:45 . 2009-12-26 10:45 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\2K Sports
2009-12-26 10:25 . 2009-12-26 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-12-26 10:25 . 2009-12-26 10:26 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-26 10:24 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-12-26 10:24 . 2009-11-21 02:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-12-26 10:24 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-12-26 10:24 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-12-26 10:24 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-12-26 10:24 . 2009-12-26 10:24 -------- d-----w- C:\NVIDIA
2009-12-26 10:21 . 2009-12-26 10:21 290816 ----a-w- c:\documents and settings\Isaac Sagoe III\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-12-26 10:21 . 2009-12-26 10:21 290816 ----a-w- c:\documents and settings\Isaac Sagoe III\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-12-26 10:21 . 2009-12-26 10:21 290816 ----a-w- c:\documents and settings\Isaac Sagoe III\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-12-26 10:21 . 2009-12-26 10:21 290816 ----a-w- c:\documents and settings\Isaac Sagoe III\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-12-26 02:16 . 2009-12-26 02:16 -------- d--h--r- c:\documents and settings\Isaac Sagoe III\Application Data\SecuROM
2009-12-25 19:52 . 2009-12-25 19:52 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\runic games
2009-12-24 23:16 . 2010-01-01 05:20 79488 ----a-w- c:\documents and settings\Isaac Sagoe III\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-22 13:26 . 2009-12-22 13:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-22 13:15 . 2009-12-22 13:15 -------- d-----w- c:\windows\system32\scripting
2009-12-22 13:15 . 2009-12-22 13:15 -------- d-----w- c:\windows\l2schemas
2009-12-22 13:15 . 2009-12-22 13:15 -------- d-----w- c:\windows\system32\en
2009-12-22 13:15 . 2009-12-22 13:15 -------- d-----w- c:\windows\system32\bits
2009-12-21 14:05 . 2009-12-21 14:05 -------- d-----w- c:\program files\SIW
2009-12-21 03:40 . 2009-12-21 03:40 138240 ----a-w- c:\documents and settings\Isaac Sagoe III\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-12-21 03:40 . 2009-12-21 03:40 138240 ----a-w- c:\documents and settings\Isaac Sagoe III\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-12-21 03:40 . 2009-12-21 03:40 138240 ----a-w- c:\documents and settings\Isaac Sagoe III\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-12-21 03:40 . 2009-12-21 03:40 138240 ----a-w- c:\documents and settings\Isaac Sagoe III\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-12-20 13:29 . 2009-12-20 13:29 -------- d-sh--w- c:\documents and settings\Isaac Sagoe III\PrivacIE
2009-12-19 08:06 . 2009-12-19 08:07 -------- d-----w- C:\1cc4aa2300d34808ac693799d0
2009-12-19 08:01 . 2009-12-19 08:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-19 02:46 . 2009-12-19 02:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-19 02:45 . 2009-12-19 02:45 -------- d-sh--w- c:\documents and settings\Isaac Sagoe III\IETldCache
2009-12-19 02:42 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-19 02:42 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-19 02:42 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-19 02:42 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-19 02:42 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-19 02:42 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-19 02:41 . 2009-12-20 08:00 -------- d-----w- c:\windows\ie8updates
2009-12-19 02:41 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-19 02:39 . 2009-12-19 02:41 -------- dc-h--w- c:\windows\ie8
2009-12-18 08:10 . 2009-12-18 08:10 -------- d-----w- c:\program files\MSXML 6.0
2009-12-18 08:02 . 2009-12-22 13:13 -------- d-----w- c:\windows\ServicePackFiles
2009-12-17 08:19 . 2004-08-04 03:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-12-17 08:19 . 2004-08-04 03:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-12-17 08:19 . 2004-08-04 03:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-12-17 08:19 . 2004-08-04 03:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-12-17 08:19 . 2004-08-04 03:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-12-17 08:19 . 2004-08-04 03:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2009-12-17 08:17 . 2004-08-04 03:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-12-17 08:06 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-17 08:06 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-17 08:05 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-17 08:05 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-17 08:05 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-17 08:05 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-17 08:05 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-17 08:05 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-17 08:05 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-17 08:05 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-17 08:05 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-17 08:05 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-17 08:05 . 2009-08-05 01:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-17 08:05 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-17 08:04 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-17 08:04 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-17 08:04 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-17 08:03 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-17 08:03 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-17 08:03 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-17 08:02 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-17 08:02 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-17 08:00 . 2009-12-23 08:00 -------- d--h--w- c:\windows\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 05:33 . 2009-01-06 00:47 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\DNA
2010-01-01 05:22 . 2008-12-02 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-01 05:21 . 2009-01-13 12:57 -------- d-----w- c:\program files\Java
2010-01-01 05:19 . 2009-01-13 12:59 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\LimeWire
2010-01-01 05:09 . 2009-02-16 04:54 -------- d-----w- c:\program files\Steam
2010-01-01 04:30 . 2009-01-13 12:56 -------- d-----w- c:\program files\LimeWire
2010-01-01 03:13 . 2009-01-06 00:47 -------- d-----w- c:\program files\DNA
2010-01-01 03:06 . 2009-01-17 05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 07:13 . 2009-12-31 07:13 0 ----a-w- c:\windows\system32\715.tmp
2009-12-30 19:55 . 2009-01-17 05:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 19:54 . 2009-01-17 05:27 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 21:52 . 2009-01-08 15:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 10:21 . 2009-04-20 02:32 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-26 10:21 . 2009-04-20 02:32 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\SystemRequirementsLab
2009-12-26 01:41 . 2008-12-02 04:25 76192 -c--a-w- c:\documents and settings\Isaac Sagoe III\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-26 01:39 . 2009-03-10 05:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-25 20:52 . 2009-01-29 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-22 13:17 . 2008-12-02 03:43 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:34 . 2008-12-03 03:03 -------- d-----w- c:\program files\Trillian
2009-12-20 18:33 . 2009-07-17 00:48 -------- d-----w- c:\program files\Winamp
2009-12-20 01:48 . 2008-12-02 04:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-29 20:38 . 2009-06-09 01:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-26 02:23 . 2009-05-04 04:06 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\IGN_DLM
2009-11-25 00:22 . 2009-11-24 23:50 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\Winamp
2009-11-24 23:54 . 2008-12-02 04:59 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-12-02 04:59 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-12-02 04:59 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-12-02 04:59 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-12-02 04:59 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-12-02 04:59 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-02 04:59 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-02 04:59 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-12-02 04:59 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 02:34 . 2008-12-02 04:58 592488 -c--a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2008-12-02 04:54 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 02:34 . 2008-12-02 04:54 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2008-12-02 04:54 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2008-12-02 04:54 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2008-12-02 04:54 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2008-12-02 04:54 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2008-12-02 04:54 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 01:32 . 2009-11-21 01:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-21 01:32 . 2009-11-21 01:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-21 01:32 . 2009-11-21 01:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-21 01:32 . 2009-11-21 01:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-21 01:32 . 2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-21 01:32 . 2009-11-21 01:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-20 02:42 . 2008-12-02 04:14 592488 -c--a-w- c:\windows\system32\NVUNINST.EXE
2009-11-19 12:02 . 2009-11-18 13:24 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\gtk-2.0
2009-11-14 13:28 . 2009-11-14 13:28 -------- d-----w- c:\program files\GIMP-2.0
2009-11-10 23:24 . 2009-11-10 23:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 23:23 . 2009-11-10 23:19 -------- d-----w- c:\program files\Microsoft
2009-11-10 23:23 . 2009-11-10 23:23 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-10 23:23 . 2009-01-16 17:48 -------- d-----w- c:\program files\Windows Live
2009-11-10 23:23 . 2009-11-10 23:23 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 23:21 . 2009-11-10 23:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-06 15:59 . 2009-11-06 15:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 15:59 . 2009-11-06 15:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Steam"="c:\program files\steam\steam.exe" [2009-10-27 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"EPSON Stylus Photo 925"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2002-08-05 258116]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]

c:\documents and settings\Isaac Sagoe III\Start Menu\Programs\Startup\
PowerReg SchedulerV2.exe [2008-12-30 256000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 06:31 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 15:43 57344 ----a-w- c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\half-life\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\synergy\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\source sdk base\\hl2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\day of defeat source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\jedi academy\\GameData\\jasp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\jedi academy\\GameData\\jamp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum\\Binaries\\BmLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\nba 2k10\\nba2k10.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\global agenda beta server\\Binaries\\globalagenda.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum\\Batman_Revoker.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ninja blade\\NinjaBlade.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57860:TCP"= 57860:TCP:Pando Media Booster
"57860:UDP"= 57860:UDP:Pando Media Booster

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/1/2008 11:59 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/1/2008 11:59 PM 20560]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles\l4nw5s7c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles\l4nw5s7c.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles\l4nw5s7c.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 00:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-688789844-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:af,56,b4,07,54,cd,5d,69,6b,ae,90,e6,4a,4a,f0,4a,36,73,11,1e,d7,
7f,b5,7d,c6,12,5b,59,ee,6a,80,47,ef,4d,64,97,d0,0f,cf,d6,40,7b,d5,29,c9,c2,\
"rkeysecu"=hex:bc,86,07,16,a0,8d,18,af,b5,f7,22,fa,d8,ba,91,c2
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\wbem\wbemcomn.dll
.
Completion time: 2010-01-01 00:36:33
ComboFix-quarantined-files.txt 2010-01-01 05:36
ComboFix2.txt 2009-01-17 16:41
ComboFix3.txt 2009-01-17 06:36
ComboFix4.txt 2009-01-08 16:24

Pre-Run: 59,437,260,800 bytes free
Post-Run: 59,839,332,352 bytes free

- - End Of File - - 29167429F45C5CD07529AD071B9BDD60


Report •

#5
December 31, 2009 at 21:55:01
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
C:\autoexec.exe
C:\confin.sys

Folder::
C:\autoexec.exe
C:\confin.sys

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.


Report •

#6
December 31, 2009 at 22:18:51
ComboFix Log
-------------------------

ComboFix 09-12-31.07 - Isaac Sagoe III 01/01/2010 1:05.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1432 [GMT -5:00]
Running from: c:\documents and settings\Isaac Sagoe III\Desktop\Guhaboo.exe
Command switches used :: c:\documents and settings\Isaac Sagoe III\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091231-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"C:\autoexec.exe"
"C:\confin.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autoexec.exe
C:\confin.sys

.
((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2010-01-01 03:34 . 2010-01-01 03:35 -------- d-----w- C:\rsit
2009-12-29 14:30 . 2009-12-29 14:30 -------- d-sh--w- c:\documents and settings\Isaac Sagoe III\IECompatCache
2009-12-26 23:20 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-26 23:20 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-26 23:20 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-26 23:20 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-26 23:20 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-26 23:20 . 2009-12-26 23:20 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-26 21:53 . 2009-12-26 21:53 -------- d-----w- C:\879e650680d6f918b811cf6fbe034931
2009-12-26 21:53 . 2009-12-26 23:39 -------- d-----w- C:\62fc4ded165176a04f725f
2009-12-26 21:53 . 2009-12-26 21:53 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-12-26 10:45 . 2009-12-26 10:45 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\2K Sports
2009-12-26 10:25 . 2009-12-26 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-12-26 10:25 . 2009-12-26 10:26 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-26 10:24 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-12-26 10:24 . 2009-11-21 02:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-12-26 10:24 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-12-26 10:24 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-12-26 10:24 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-12-26 10:24 . 2009-12-26 10:24 -------- d-----w- C:\NVIDIA
2009-12-26 02:16 . 2009-12-26 02:16 -------- d--h--r- c:\documents and settings\Isaac Sagoe III\Application Data\SecuROM
2009-12-25 19:52 . 2009-12-25 19:52 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\runic games
2009-12-22 13:26 . 2009-12-22 13:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-22 13:15 . 2009-12-22 13:15 -------- d-----w- c:\windows\system32\scripting
2009-12-22 13:15 . 2009-12-22 13:15 -------- d-----w- c:\windows\l2schemas
2009-12-22 13:15 . 2009-12-22 13:15 -------- d-----w- c:\windows\system32\en
2009-12-22 13:15 . 2009-12-22 13:15 -------- d-----w- c:\windows\system32\bits
2009-12-21 14:05 . 2009-12-21 14:05 -------- d-----w- c:\program files\SIW
2009-12-20 13:29 . 2009-12-20 13:29 -------- d-sh--w- c:\documents and settings\Isaac Sagoe III\PrivacIE
2009-12-19 08:06 . 2009-12-19 08:07 -------- d-----w- C:\1cc4aa2300d34808ac693799d0
2009-12-19 08:01 . 2009-12-19 08:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-19 02:46 . 2009-12-19 02:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-19 02:45 . 2009-12-19 02:45 -------- d-sh--w- c:\documents and settings\Isaac Sagoe III\IETldCache
2009-12-19 02:42 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-19 02:42 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-19 02:42 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-19 02:42 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-19 02:42 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-19 02:42 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-19 02:41 . 2009-12-20 08:00 -------- d-----w- c:\windows\ie8updates
2009-12-19 02:41 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-19 02:39 . 2009-12-19 02:41 -------- dc-h--w- c:\windows\ie8
2009-12-18 08:10 . 2009-12-18 08:10 -------- d-----w- c:\program files\MSXML 6.0
2009-12-18 08:02 . 2009-12-22 13:13 -------- d-----w- c:\windows\ServicePackFiles
2009-12-17 08:19 . 2004-08-04 03:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-12-17 08:19 . 2004-08-04 03:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-12-17 08:19 . 2004-08-04 03:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-12-17 08:19 . 2004-08-04 03:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-12-17 08:19 . 2004-08-04 03:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-12-17 08:19 . 2004-08-04 03:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2009-12-17 08:17 . 2004-08-04 03:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-12-17 08:06 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-17 08:06 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-17 08:05 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-17 08:05 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-17 08:05 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-17 08:05 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-17 08:05 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-17 08:05 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-17 08:05 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-17 08:05 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-17 08:05 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-17 08:05 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-17 08:05 . 2009-08-05 01:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-17 08:05 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-17 08:04 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-17 08:04 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-17 08:04 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-17 08:03 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-17 08:03 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-17 08:03 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-17 08:02 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-17 08:02 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-17 08:00 . 2009-12-23 08:00 -------- d--h--w- c:\windows\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 06:11 . 2009-02-16 04:54 -------- d-----w- c:\program files\Steam
2010-01-01 06:10 . 2009-01-06 00:47 -------- d-----w- c:\program files\DNA
2010-01-01 06:10 . 2009-01-06 00:47 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\DNA
2010-01-01 05:22 . 2008-12-02 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-01 05:21 . 2009-01-13 12:57 -------- d-----w- c:\program files\Java
2010-01-01 05:19 . 2009-01-13 12:59 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\LimeWire
2010-01-01 04:30 . 2009-01-13 12:56 -------- d-----w- c:\program files\LimeWire
2010-01-01 03:06 . 2009-01-17 05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 07:13 . 2009-12-31 07:13 0 ----a-w- c:\windows\system32\715.tmp
2009-12-30 19:55 . 2009-01-17 05:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 19:54 . 2009-01-17 05:27 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 21:52 . 2009-01-08 15:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 10:21 . 2009-04-20 02:32 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-26 10:21 . 2009-04-20 02:32 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\SystemRequirementsLab
2009-12-26 01:41 . 2008-12-02 04:25 76192 -c--a-w- c:\documents and settings\Isaac Sagoe III\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-26 01:39 . 2009-03-10 05:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-25 20:52 . 2009-01-29 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-22 13:17 . 2008-12-02 03:43 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:34 . 2008-12-03 03:03 -------- d-----w- c:\program files\Trillian
2009-12-20 18:33 . 2009-07-17 00:48 -------- d-----w- c:\program files\Winamp
2009-12-20 01:48 . 2008-12-02 04:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-29 20:38 . 2009-06-09 01:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-26 02:23 . 2009-05-04 04:06 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\IGN_DLM
2009-11-25 00:22 . 2009-11-24 23:50 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\Winamp
2009-11-24 23:54 . 2008-12-02 04:59 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-12-02 04:59 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-12-02 04:59 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-12-02 04:59 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-12-02 04:59 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-12-02 04:59 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-02 04:59 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-02 04:59 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-12-02 04:59 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 02:34 . 2008-12-02 04:58 592488 -c--a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2008-12-02 04:54 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 02:34 . 2008-12-02 04:54 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2008-12-02 04:54 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2008-12-02 04:54 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2008-12-02 04:54 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2008-12-02 04:54 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2008-12-02 04:54 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 01:32 . 2009-11-21 01:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-21 01:32 . 2009-11-21 01:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-21 01:32 . 2009-11-21 01:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-21 01:32 . 2009-11-21 01:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-21 01:32 . 2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-21 01:32 . 2009-11-21 01:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-20 02:42 . 2008-12-02 04:14 592488 -c--a-w- c:\windows\system32\NVUNINST.EXE
2009-11-19 12:02 . 2009-11-18 13:24 -------- d-----w- c:\documents and settings\Isaac Sagoe III\Application Data\gtk-2.0
2009-11-14 13:28 . 2009-11-14 13:28 -------- d-----w- c:\program files\GIMP-2.0
2009-11-10 23:24 . 2009-11-10 23:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 23:23 . 2009-11-10 23:19 -------- d-----w- c:\program files\Microsoft
2009-11-10 23:23 . 2009-11-10 23:23 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-10 23:23 . 2009-01-16 17:48 -------- d-----w- c:\program files\Windows Live
2009-11-10 23:23 . 2009-11-10 23:23 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 23:21 . 2009-11-10 23:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-06 15:59 . 2009-11-06 15:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 15:59 . 2009-11-06 15:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Steam"="c:\program files\steam\steam.exe" [2009-10-27 1217808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"EPSON Stylus Photo 925"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2002-08-05 258116]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]

c:\documents and settings\Isaac Sagoe III\Start Menu\Programs\Startup\
PowerReg SchedulerV2.exe [2008-12-30 256000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 06:31 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 15:43 57344 ----a-w- c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\half-life\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\synergy\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\source sdk base\\hl2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Steam\\steamapps\\wangtang12\\day of defeat source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\jedi academy\\GameData\\jasp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\jedi academy\\GameData\\jamp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum\\Binaries\\BmLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\nba 2k10\\nba2k10.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\global agenda beta server\\Binaries\\globalagenda.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum\\Batman_Revoker.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ninja blade\\NinjaBlade.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57860:TCP"= 57860:TCP:Pando Media Booster
"57860:UDP"= 57860:UDP:Pando Media Booster

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/1/2008 11:59 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/1/2008 11:59 PM 20560]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles\l4nw5s7c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles\l4nw5s7c.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles\l4nw5s7c.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 01:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-688789844-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:af,56,b4,07,54,cd,5d,69,6b,ae,90,e6,4a,4a,f0,4a,36,73,11,1e,d7,
7f,b5,7d,c6,12,5b,59,ee,6a,80,47,ef,4d,64,97,d0,0f,cf,d6,40,7b,d5,29,c9,c2,\
"rkeysecu"=hex:bc,86,07,16,a0,8d,18,af,b5,f7,22,fa,d8,ba,91,c2
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2304)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-01 01:19:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-01 06:19
ComboFix2.txt 2010-01-01 05:36
ComboFix3.txt 2009-01-17 16:41
ComboFix4.txt 2009-01-17 06:36
ComboFix5.txt 2010-01-01 06:04

Pre-Run: 59,846,242,304 bytes free
Post-Run: 59,807,330,304 bytes free

- - End Of File - - 8438801BDC8BC2261DB3D5F3DC7DC141


Report •

#7
December 31, 2009 at 22:20:51
BitDefender Log
--------------------------

BitDefender QuickScan Beta 32-bit v0.9.8.8
------------------------------------------

Scan date: Fri Jan 01 01:23:41 2010
Machine ID: 34625EFE

No infection found.
---------------------


Processes
---------
<unsigned> Creative Service for CDROM Access 1904 C:\WINDOWS\system32\CTsvcCDA.exe
<unsigned> Creative Volume Control 1108 C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
<unsigned> EPSON Bidirectional Printer 2020 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
<unsigned> winampa.exe 2052 C:\Program Files\Winamp\winampa.exe

<verified> Ad-Aware Service 1668 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
<verified> Apple Mobile Device Service 1828 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> avast! Antivirus 840 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified> avast! Antivirus 2716 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
<verified> avast! Antivirus 1756 C:\Program Files\Alwil Software\Avast4\ashServ.exe
<verified> avast! Antivirus 2828 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
<verified> avast! Antivirus 1700 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
<verified> Bonjour 1864 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> DNA 2204 C:\Program Files\DNA\btdna.exe
<verified> Firefox 880 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> iTunes 3348 C:\Program Files\iPod\bin\iPodService.exe
<verified> iTunes 2084 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Microsoft Search Enhancement Pack 1144 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
<verified> Microsoft® Visual Studio .NET 544 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> Microsoft® Windows® Operating System 2304 C:\WINDOWS\explorer.exe
<verified> Microsoft® Windows® Operating System 3152 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 696 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 4092 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 776 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 2132 C:\WINDOWS\system32\RUNDLL32.EXE
<verified> Microsoft® Windows® Operating System 764 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 640 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 312 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1508 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1344 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1160 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1124 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1028 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 980 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1576 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 720 C:\WINDOWS\system32\winlogon.exe
<verified> Microsoft® Windows® Operating System 3872 C:\WINDOWS\system32\wscntfy.exe
<verified> NVIDIA Driver Helper Service, Version 195.62 948 C:\WINDOWS\system32\nvsvc32.exe
<verified> PnkBstrA.exe 684 C:\WINDOWS\system32\PnkBstrA.exe
<verified> Realtek Sound Manager 664 C:\WINDOWS\SOUNDMAN.EXE
<verified> Steam 2264 C:\program files\steam\steam.exe
<verified> Windows Live Messenger 2152 C:\Program Files\Windows Live\Messenger\msnmsgr.exe


Network activity
----------------
Process ashWebSv.exe (2828) connected on port 80 (HTTP) - vw-in-f101.1e100.net
Process ashWebSv.exe (2828) connected on port 80 (HTTP) - *.122.2o7.net
Process ashWebSv.exe (2828) connected on port 80 (HTTP) - a96-16-196-20.deploy.akamaitechnologies.com

Process svchost.exe (1028) listens on ports: 135 (RPC)
Process btdna.exe (2204) listens on ports: 36864


Autoruns and critical files
---------------------------
<unsigned> Creative Updreg C:\WINDOWS\UpdReg.EXE
<unsigned> Creative Volume Control C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
<unsigned> EPSON Status Monitor 3 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
<unsigned> Online Ink Purchase Utility C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
<unsigned> PRegScheduler Application C:\Documents and Settings\Isaac Sagoe III\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
<unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe
<unsigned> winampa.exe C:\Program Files\Winamp\winampa.exe

<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> avast! Antivirus C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified> DNA C:\Program Files\DNA\btdna.exe
<verified> ImScInst.exe C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
<verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
<verified> Microsoft IME 2002 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
<verified> Microsoft Korean IME 2002 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> NVIDIA Compatible Windows 2000 Display driver, Ver C:\WINDOWS\system32\NvCpl.dll
<verified> NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
<verified> Realtek Sound Manager C:\WINDOWS\SOUNDMAN.EXE
<verified> Steam C:\program files\steam\steam.exe
<verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
<verified> 新注音 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE


Browser plugins
---------------
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> IE Tab Plug-in C:\Documents and Settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles/l4nw5s7c.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
<unsigned> Nexon Game Controller C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
<unsigned> Turner Media Plugin 1.0.0.10 C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

<verified> 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles/l4nw5s7c.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles/l4nw5s7c.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> DNA Plug-in C:\Program Files\DNA\plugins\npbtdna.dll
<verified> Java Deployment Toolkit 6.0.140.8 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java(TM) Platform SE 6 U14 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java(TM) Platform SE 6 U14 c:\program files\java\jre6\bin\ssv.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> Microsoft Office Live Plug-in for Firefox C:\Program Files\Microsoft\Office Live\npOLW.dll
<verified> Microsoft Search Helper Extention c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shdocvw.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Pando Web Installer C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
<verified> Quake Live C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
<verified> Spybot - Search & Destroy c:\program files\spybot - search & destroy\sdhelper.dll
<verified> Winamp Toolbar for Firefox Plugin Dynamic Link Lib C:\Documents and Settings\Isaac Sagoe III\Application Data\Mozilla\Firefox\Profiles/l4nw5s7c.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
<verified> Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
<verified> Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


Scan
----

No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.05 MB sent, 2.86 KB recvd
Scanned 1072 files and modules - 39 seconds


Report •


Ask Question