Google Links Redirecting

December 21, 2009 at 19:13:15
Specs: Windows Vista
I recently had fake svchosts virus on my comp,
but I think I got rid of them. However, google links
redirect to random sites once in a while.
Help!

See More: Google Links Redirecting

Report •


#1
December 21, 2009 at 19:16:07
Rsit log

Logfile of random's system information tool 1.06 (written by
random/random)
Run by Edward at 2009-12-21 21:57:22
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 384 GB (83%) free of 462 GB
Total RAM: 3326 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:35 PM, on 21/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\TP-LINK\TL-
WN313G_353G_353GD\RtWLan.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\VMware\VMware Workstation\vmware-
tray.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Edward\AppData\Local\Google\Chrome\Application\
chrome.exe
C:\Users\Edward\AppData\Local\Google\Chrome\Application\
chrome.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\Edward\AppData\Local\Google\Chrome\Application\
chrome.exe
C:\Users\Edward\AppData\Local\Google\Chrome\Application\
chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Edward\Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Edward.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.plusnetwork.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://go.microsoft.com/fwlink/?Lin...
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-
FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-
4d91-82A9-A0F997BA588C} - C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-
90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-
B9E3AAC4465B} - C:\Program Files\Microsoft\Search
Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-
4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-
435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-
42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows
Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-
4D53-9B0F-8A89D3229068} - C:\Program Files\Windows
Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program
Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program
Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program
Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft
IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program
Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program
Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT
Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows
Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe]
C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update]
"C:\Users\Edward\AppData\Local\Google\Update\GoogleUpda
te.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program
Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program
Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [PeerGuardian] C:\Program
Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Steam] "c:\program
files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Eraser] C:\Program
Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program
Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &D&ownload &with BitComet -
res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with
BitComet - res://C:\Program
Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet
- res://C:\Program
Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Send by Bluetooth -
C:\Program Files\IVT
Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... -
C:\Program Files\IVT
Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-
D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live
Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-
D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program
files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program
files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1}
(Battlefield Heroes Updater) -
https://www.battlefieldheroes.com/static/updater/BFHUpdater
_4.0.21.0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-
FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-
1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Fast User Switch Service
(ATKFUSService) - ASUSTeK COMPUTER INC. -
C:\Windows\system32\ATKFUSService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG
Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG
Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program
Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program
Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program
Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner -
C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS)
(RichVideo) - Unknown owner - C:\Program
Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation -
C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo
Service) - NVIDIA Corporation - C:\Program Files\NVIDIA
Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware,
Inc. - C:\Program Files\VMware\VMware Workstation\vmware-
ufad.exe
O23 - Service: VMware Authorization Service
(VMAuthdService) - VMware, Inc. - C:\Program
Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) -
VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. -
C:\Windows\system32\vmnat.exe

--
End of file - 10238 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-
4192568337-3369338228-1320983221-1000.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-
4192568337-3369338228-1320983221-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-
4192568337-3369338228-1320983221-1000UA.job
C:\Windows\tasks\RtlVistaStart.job
C:\Windows\tasks\User_Feed_Synchronization-{1A6DEEA5-
8C3D-454D-81B0-6411FE0B1C45}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-
E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-
27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-
C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
[2009-04-21 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-
6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll
[2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-
E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-
159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search
Enhancement Pack\Search Helper\SEPsearchhelperie.dll
[2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{9030D464-
4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-
A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program
Files\Java\jre6\bin\jp2ssv.dll [2009-09-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-
8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows
Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows
Live Toolbar - C:\Program Files\Windows
Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Run]
"Windows Defender"=C:\Program Files\Windows
Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Program
Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-11-25
6691360]
"RemoteControl"=C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14
71216]
"LanguageShortcut"=C:\Program
Files\CyberLink\PowerDVD\Language\Language.exe [2007-
01-08 52256]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe
[2007-02-26 249856]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe
[2006-11-21 813912]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[2007-02-05 849280]
"vmware-tray"=C:\Program Files\VMware\VMware
Workstation\vmware-tray.exe [2009-03-26 96816]
"ASUSGamerOSD"=C:\Program
Files\ASUS\GamerOSD\GamerOSD.exe [2008-09-08 380928]
"Adobe Reader Speed Launcher"=C:\Program
Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27
35696]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe
[2009-12-11 2043160]
"BtTray"=C:\Program Files\IVT
Corporation\BlueSoleil\BtTray.exe [2009-02-27 278016]
"SunJavaUpdateSched"=C:\Program
Files\Java\jre6\bin\jusched.exe [2009-09-27 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe
[2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe
[2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe
[2009-04-11 1233920]
"msnmsgr"=C:\Program Files\Windows
Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20
125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-
04-21 24264488]
"Google
Update"=C:\Users\Edward\AppData\Local\Google\Update\Go
ogleUpdate.exe [2009-04-26 133104]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools
Lite\daemon.exe [2009-04-23 691656]
"BitComet"=C:\Program Files\BitComet\BitComet.exe [2009-
06-22 2624824]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe
[2007-06-02 1457152]
"Steam"=c:\program files\steam\steam.exe [2009-11-02
1217808]
"Eraser"=C:\Program Files\Eraser\Eraser.exe [2009-06-10
334224]
"SUPERAntiSpyware"=C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-12-
16 2002160]

C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org
3\program\quickstart.exe
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-
09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-
EBB7F4A000DA}"=C:\Program
Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\
sharedaccess\parameters\firewallpolicy\standardprofile\authori
zedapplications\list]
"C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\winpea.exe"="C:\Users\Edward\App
Data\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\winpea.exe:*:Enabled:Window Proxy
Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\
sharedaccess\parameters\firewallpolicy\domainprofile\authoriz
edapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1
months======

2009-12-21 21:57:23 ----DC---- C:\Program Files\trend micro
2009-12-21 21:57:22 ----D---- C:\rsit
2009-12-21 21:45:44 ----D----
C:\Users\Edward\AppData\Roaming\Apple Computer
2009-12-21 21:45:35 ----A----
C:\Windows\system32\GEARAspi.dll
2009-12-21 21:45:21 ----DC---- C:\Program Files\iPod
2009-12-21 21:45:20 ----DC---- C:\Program Files\iTunes
2009-12-21 21:45:20 ----D---- C:\ProgramData\{755AC846-
7372-4AC8-8550-C52491DAA8BD}
2009-12-21 21:45:12 ----DC---- C:\Program Files\Bonjour
2009-12-21 21:44:57 ----DC---- C:\Program Files\QuickTime
2009-12-21 21:44:56 ----D---- C:\ProgramData\Apple Computer
2009-12-21 21:44:44 ----DC---- C:\Program Files\Apple
Software Update
2009-12-21 21:44:36 ----D---- C:\Windows\LastGood
2009-12-21 21:44:24 ----DC---- C:\Program Files\Common
Files\Apple
2009-12-21 21:44:24 ----D---- C:\ProgramData\Apple
2009-12-21 17:22:25 ----A---- C:\Windows\ntbtlog.txt
2009-12-21 17:07:45 ----SHD---- C:\$RECYCLE.BIN
2009-12-21 17:06:30 ----D---- C:\Windows\temp
2009-12-21 17:06:28 ----A---- C:\ComboFix.txt
2009-12-21 16:31:45 ----A---- C:\Windows\zip.exe
2009-12-21 16:31:45 ----A---- C:\Windows\SWXCACLS.exe
2009-12-21 16:31:45 ----A---- C:\Windows\SWSC.exe
2009-12-21 16:31:45 ----A---- C:\Windows\SWREG.exe
2009-12-21 16:31:45 ----A---- C:\Windows\sed.exe
2009-12-21 16:31:45 ----A---- C:\Windows\PEV.exe
2009-12-21 16:31:45 ----A---- C:\Windows\NIRCMD.exe
2009-12-21 16:31:45 ----A---- C:\Windows\MBR.exe
2009-12-21 16:31:45 ----A---- C:\Windows\grep.exe
2009-12-21 16:31:30 ----D---- C:\Windows\ERDNT
2009-12-21 16:29:55 ----D---- C:\ComboFix
2009-12-21 16:28:30 ----D---- C:\Qoobox
2009-12-21 16:12:18 ----D----
C:\ProgramData\SUPERAntiSpyware.com
2009-12-21 16:12:14 ----DC---- C:\Program
Files\SUPERAntiSpyware
2009-12-21 16:12:14 ----D----
C:\Users\Edward\AppData\Roaming\SUPERAntiSpyware.com
2009-12-18 19:36:11 ----D----
C:\Users\Edward\AppData\Roaming\Malwarebytes
2009-12-18 19:36:07 ----D---- C:\ProgramData\Malwarebytes
2009-12-18 19:36:06 ----DC---- C:\Program
Files\Malwarebytes' Anti-Malware
2009-12-18 18:44:19 ----DC---- C:\Program Files\TrendMicro
2009-12-16 00:21:50 ----SHD----
C:\Users\Edward\AppData\Roaming\SystemProc
2009-12-16 00:21:49 ----DC---- C:\Program Files\Mozilla
Firefox
2009-12-16 00:21:36 ----D---- C:\$AVG8.VAULT$
2009-12-11 21:19:35 ----A----
C:\Windows\system32\nshhttp.dll
2009-12-11 21:19:33 ----A---- C:\Windows\system32\httpapi.dll
2009-12-10 22:44:39 ----A----
C:\Windows\system32\OpenCL.dll
2009-12-10 22:44:38 ----A----
C:\Windows\system32\nvwgf2um.dll
2009-12-10 22:44:38 ----A----
C:\Windows\system32\nvoglv32.dll
2009-12-10 22:44:36 ----A----
C:\Windows\system32\nvcuvid.dll
2009-12-10 22:44:36 ----A----
C:\Windows\system32\nvcuvenc.dll
2009-12-10 22:44:36 ----A----
C:\Windows\system32\nvcuda.dll
2009-12-10 22:44:36 ----A----
C:\Windows\system32\nvcompiler.dll
2009-12-10 22:44:36 ----A----
C:\Windows\system32\nvcod178.dll
2009-12-10 22:44:36 ----A---- C:\Windows\system32\nvcod.dll
2009-12-09 20:38:52 ----A----
C:\Windows\system32\winhttp.dll
2009-12-09 20:38:48 ----A----
C:\Windows\system32\mshtml.dll
2009-12-09 20:38:48 ----A----
C:\Windows\system32\ieframe.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\wininet.dll
2009-12-09 20:38:47 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\occache.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\msfeedssync.exe
2009-12-09 20:38:47 ----A----
C:\Windows\system32\msfeedsbs.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\msfeeds.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\jsproxy.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\ieUnatt.exe
2009-12-09 20:38:47 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\iesysprep.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\iesetup.dll
2009-12-09 20:38:47 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\iernonce.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\iepeers.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\iedkcs32.dll
2009-12-09 20:38:47 ----A----
C:\Windows\system32\ie4uinit.exe
2009-12-09 20:37:49 ----A---- C:\Windows\system32\rastls.dll
2009-11-30 18:02:40 ----A----
C:\Windows\system32\xliveinstall.dll
2009-11-30 18:02:38 ----A----
C:\Windows\system32\xliveinstallhost.exe
2009-11-30 14:33:46 ----A----
C:\Windows\system32\xfcodec.dll
2009-11-26 17:59:12 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 21:21:11 ----A----
C:\Windows\system32\msxml6.dll
2009-11-25 21:21:10 ----A----
C:\Windows\system32\msxml3.dll
2009-11-24 18:32:21 ----DC---- C:\Program Files\Eraser
2009-11-24 18:32:21 ----A----
C:\Windows\system32\Erasext.dll
2009-11-24 18:32:21 ----A----
C:\Windows\system32\Eraserl.exe
2009-11-24 18:32:21 ----A---- C:\Windows\system32\Eraser.dll

======List of files/folders modified in the last 1
months======

2009-12-21 21:57:35 ----D---- C:\Windows\Prefetch
2009-12-21 21:57:23 ----DC---- C:\Program Files
2009-12-21 21:52:51 ----D----
C:\Users\Edward\AppData\Roaming\Skype
2009-12-21 21:46:26 ----D---- C:\Windows\System32
2009-12-21 21:46:26 ----D---- C:\Windows\inf
2009-12-21 21:46:26 ----A----
C:\Windows\system32\PerfStringBackup.INI
2009-12-21 21:45:47 ----SHD---- C:\Windows\Installer
2009-12-21 21:45:35 ----DC----
C:\Windows\system32\DRVSTORE
2009-12-21 21:45:35 ----D---- C:\Windows\system32\drivers
2009-12-21 21:45:35 ----D---- C:\Windows\system32\catroot
2009-12-21 21:45:20 ----D---- C:\ProgramData
2009-12-21 21:45:05 ----DC---- C:\Program Files\Internet
Explorer
2009-12-21 21:44:45 ----D---- C:\Windows\system32\Tasks
2009-12-21 21:44:36 ----D---- C:\Windows
2009-12-21 21:44:24 ----DC---- C:\Program Files\Common
Files
2009-12-21 20:51:52 ----D---- C:\ProgramData\VMware
2009-12-21 20:51:49 ----D---- C:\ProgramData\NVIDIA
2009-12-21 20:51:46 ----A---- C:\Windows\system32\bscs.ini
2009-12-21 20:51:34 ----DC---- C:\Program Files\Steam
2009-12-21 20:51:14 ----DC---- C:\Program Files\lg_fwupdate
2009-12-21 20:51:13 ----A---- C:\Windows\lgfwup.ini
2009-12-21 20:50:43 ----D---- C:\Windows\tracing
2009-12-21 20:00:12 ----D----
C:\Users\Edward\AppData\Roaming\skypePM
2009-12-21 17:04:23 ----A---- C:\Windows\system.ini
2009-12-21 17:03:33 ----DC---- C:\Program Files\Cheat Engine
2009-12-21 16:52:40 ----D---- C:\Windows\AppPatch
2009-12-21 16:12:04 ----DC---- C:\Program Files\Common
Files\Wise Installation Wizard
2009-12-19 17:36:06 ----A----
C:\Windows\system32\PnkBstrB.exe
2009-12-19 17:32:35 ----D----
C:\Users\Edward\AppData\Roaming\Xfire
2009-12-18 21:35:35 ----D---- C:\Windows\system32\catroot2
2009-12-18 19:56:09 ----D---- C:\Windows\tapi
2009-12-18 18:22:27 ----D---- C:\ProgramData\Xfire
2009-12-17 22:11:36 ----D---- C:\Windows\Debug
2009-12-16 09:49:19 ----DC---- C:\Program
Files\PeerGuardian2
2009-12-11 21:20:36 ----D---- C:\Windows\winsxs
2009-12-10 22:46:01 ----DC---- C:\Program Files\NVIDIA
Corporation
2009-12-10 22:45:42 ----DC---- C:\Program Files\AGEIA
Technologies
2009-12-10 03:36:38 ----D---- C:\Windows\rescache
2009-12-10 03:22:46 ----D---- C:\Windows\system32\WDI
2009-12-10 03:18:34 ----D---- C:\Windows\system32\migration
2009-12-10 03:18:31 ----D---- C:\Windows\system32\zh-TW
2009-12-10 03:18:31 ----D---- C:\Windows\system32\en-US
2009-12-10 03:18:30 ----DC---- C:\Program Files\Windows
Mail
2009-12-06 12:12:36 ----RSD---- C:\Windows\Fonts
2009-12-02 19:01:48 ----DC---- C:\Program Files\Xfire
2009-12-01 12:06:20 ----A---- C:\Windows\system32\mrt.exe
2009-11-29 09:26:13 ----RSD---- C:\Windows\assembly
2009-11-29 08:22:23 ----DC---- C:\Program Files\Activision
2009-11-26 18:10:33 ----DC---- C:\Program Files\AVG
2009-11-26 18:09:27 ----SD----
C:\Users\Edward\AppData\Roaming\Microsoft
2009-11-26 18:09:24 ----D---- C:\ProgramData\avg8
2009-11-24 18:00:57 ----A----
C:\Windows\system32\CmdLineExt.dll
2009-11-22 11:13:55 ----D---- C:\Windows\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot,
1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys
[2007-12-17 12400]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;
C:\Windows\System32\Drivers\avgldx86.sys [2009-07-30
335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver
x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-
30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;
C:\Windows\System32\Drivers\avgtdix.sys [2009-07-30
108552]
R1 BUFADPT;BUFADPT; \??
\C:\Windows\system32\BUFADPT.SYS [2007-01-11 11008]
R1 CSC;Offline Files Driver;
C:\Windows\system32\drivers\csc.sys [2009-04-10 351744]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;
C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23
25896]
R1 SASDIFSV;SASDIFSV; \??\C:\Program
Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program
Files\SUPERAntiSpyware\SASKUTIL.sys [2009-12-16 74480]
R1 VBoxDrv;VirtualBox Service;
C:\Windows\system32\DRIVERS\VBoxDrv.sys [2009-09-09
115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;
C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2009-
09-09 41424]
R2 hcmon;VMware hcmon; \??
\C:\Windows\system32\drivers\hcmon.sys [2009-03-26
32304]
R2 vmci;VMware vmci; \??
\C:\Windows\system32\Drivers\vmci.sys [2009-03-26 54960]
R2 VMnetBridge;VMware Bridge Protocol;
C:\Windows\system32\DRIVERS\vmnetbridge.sys [2009-03-
26 31280]
R2 VMnetuserif;VMware Network Application Interface; \??
\C:\Windows\system32\drivers\vmnetuserif.sys [2009-03-26
26288]
R2 vmx86;VMware vmx86; \??
\C:\Windows\system32\Drivers\vmx86.sys [2009-03-26
857520]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??
\C:\Program Files\VMware\VMware Workstation\vstor2-
ws60.sys [2008-12-01 22448]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;
C:\Windows\system32\drivers\asusgsb.sys [2008-09-08
15232]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver;
C:\Windows\system32\drivers\ATKDispLowFilter.sys [2008-
09-08 30976]
R3 BT;Bluetooth PAN Network Adapter;
C:\Windows\system32\DRIVERS\btnetdrv.sys [2008-12-07
17928]
R3 btnetBUs;Bluetooth PAN Bus Service;
C:\Windows\System32\Drivers\btnetBus.sys [2008-12-07
30088]
R3 dvd43llh;dvd43llh;
C:\Windows\System32\DRIVERS\dvd43llh.sys [2009-06-21
18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-
05-18 26600]
R3 hamachi;Hamachi Network Interface;
C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-11
25280]
R3 IntcAzAudAddService;Service for Realtek HD Audio
(WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-
11-25 2243040]
R3 IvtBtBUs;IVT Bluetooth Bus Service;
C:\Windows\System32\Drivers\IvtBtBus.sys [2008-07-02
26248]
R3 L1E;NDIS Miniport Driver for Atheros
AR8121/AR8113/AR8114 PCI-E Ethernet Controller;
C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-09-23
48128]
R3 MTsensor;ATK0110 ACPI UTILITY;
C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18
7680]
R3 NuidFltr;NUID filter driver;
C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09
14736]
R3 nvlddmkm;nvlddmkm;
C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-11-20
11515752]
R3 pgfilter;pgfilter; \??\C:\Program
Files\PeerGuardian2\pgfilter.sys [2007-06-02 8192]
R3 Point32;Microsoft IntelliPoint Filter Driver;
C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08
24064]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;
C:\Windows\system32\drivers\PPJoyBus.sys [2003-08-10
11330]
R3 PPortJoystick;Parallel Port Joystick device driver;
C:\Windows\system32\drivers\PPortJoy.sys [2003-08-10
21922]
R3 SASENUM;SASENUM; \??\C:\Program
Files\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 7408]
R3 u2kg54l;BUFFALO WLI-U2-KG54L Wireless LAN Driver;
C:\Windows\system32\DRIVERS\u2kg54l.sys [2007-04-02
863288]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;
C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2009-09-
09 91856]
R3 VBoxNetFlt;VBoxNetFlt Service;
C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2009-09-
09 100368]
R3 VComm;Virtual Serial port driver;
C:\Windows\system32\DRIVERS\VComm.sys [2008-01-21
14856]
R3 VcommMgr;Bluetooth VComm Manager Service;
C:\Windows\System32\Drivers\VcommMgr.sys [2009-01-08
31880]
R3 vmkbd;VMware kbd; \??
\C:\Windows\system32\drivers\VMkbd.sys [2009-03-26
23216]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver;
C:\Windows\system32\DRIVERS\vmnetadapter.sys [2009-03-
26 16560]
R3 WUDFRd;WUDFRd;
C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20
83328]
S3 a7k9gdbx;a7k9gdbx;
C:\Windows\system32\drivers\a7k9gdbx.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service;
C:\Windows\System32\Drivers\btcusb.sys [2009-01-03
39304]
S3 BthEnum;Bluetooth Enumerator Service;
C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10
22528]
S3 BthPan;Bluetooth Device (Personal Area Network);
C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20
92160]
S3 BTHPORT;Bluetooth Port Driver;
C:\Windows\System32\Drivers\BTHport.sys [2008-04-28
220160]
S3 BTHUSB;Bluetooth Radio USB Driver;
C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28
29184]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program
Files\IVT
Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-
11-22 22416]
S3 catchme;catchme; \??
\C:\Users\Edward\AppData\Local\Temp\catchme.sys []
S3 cpuz132;cpuz132; \??
\C:\Windows\system32\drivers\cpuz132_x32.sys [2009-03-27
12672]
S3 DCamUSBNW802;NoteCam Pro USB PC Camera;
C:\Windows\system32\DRIVERS\pcam.sys [2003-08-07
161468]
S3 DCamUSBPanas;Panasonic PCcam;
C:\Windows\system32\DRIVERS\pcam.sys [2003-08-07
161468]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler;
C:\Windows\system32\drivers\drmkaud.sys [2008-01-20
5632]
S3 EagleNT;EagleNT; \??
\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for
High Definition Audio Service;
C:\Windows\system32\drivers\HdAudio.sys [2006-11-02
235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy;
C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20
8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;
C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20
5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;
C:\Windows\system32\drivers\MSPQM.sys [2008-01-20
5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;
C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 pcouffin;VSO Software pcouffin;
C:\Windows\System32\Drivers\pcouffin.sys [2009-07-27
47360]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);
C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10
148992]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless
Device Driver;
C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-07-17
357376]
S3 usbscan;USB Scanner Driver;
C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20
35328]
S3 VHidMinidrv;Bluetooth HID Device Service;
C:\Windows\system32\drivers\VHIDMini.sys [2008-12-22
17416]
S3 vmusb;VMware USB Client Driver;
C:\Windows\System32\Drivers\vmusb.sys [2009-03-26 31280]
S3 WpdUsb;WpdUsb;
C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30
40448]
S4 ErrDev;Microsoft Hardware Error Device Driver;
C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;
C:\Windows\system32\drivers\megasr.sys [2008-01-20
386616]
S4 WmiAcpi;Microsoft Windows Management Interface for
ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20
11264]

======List of services (R=Running, S=Stopped, 0=Boot,
1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe [2009-08-28
144672]
R2 avg8emc;AVG Free8 E-mail Scanner;
C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-30 908056]
R2 avg8wd;AVG Free8 WatchDog;
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-30
297752]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT
Corporation\BlueSoleil\BlueSoleilCS.exe [2009-02-27 850432]
R2 Bonjour Service;Bonjour Service; C:\Program
Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT
Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200;
C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 PnkBstrA;PnkBstrA;
C:\Windows\system32\PnkBstrA.exe [2009-09-05 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS);
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2007-05-13 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search
Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19
240512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;
C:\Program Files\NVIDIA Corporation\3D
Vision\nvSCPAPISvr.exe [2009-11-20 240232]
R2 VMAuthdService;VMware Authorization Service;
C:\Program Files\VMware\VMware Workstation\vmware-
authd.exe [2009-03-26 113200]
R2 VMnetDHCP;VMware DHCP Service;
C:\Windows\system32\vmnetdhcp.exe [2009-03-26 326192]
R2 VMware NAT Service;VMware NAT Service;
C:\Windows\system32\vmnat.exe [2009-03-26 399920]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT
Corporation\BlueSoleil\BsHelpCS.exe [2009-02-27 98407]
R3 iPod Service;iPod Service; C:\Program
Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 ATKFUSService;ATK Fast User Switch Service;
C:\Windows\system32\ATKFUSService.exe [2008-09-08
67072]
S3 AppMgmt;@appmgmts.dll,-3250;
C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 aspnet_state;ASP.NET State Service;
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_sta
te.exe [2009-03-29 31048]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118;
C:\Windows\system32\fxssvc.exe [2008-01-20 523776]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-
100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program
Files\Common Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe [2005-11-14 69632]
S3 Steam Client Service;Steam Client Service; C:\Program
Files\Common Files\Steam\SteamService.exe [2009-11-06
320760]
S3 ufad-ws60;VMware Agent Service; C:\Program
Files\VMware\VMware Workstation\vmware-ufad.exe [2008-
12-01 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-
1000; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104;
C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101;
C:\Windows\system32\svchost.exe [2008-01-20 21504]
S4 nvsvc;NVIDIA Display Driver Service;
C:\Windows\system32\nvvsvc.exe [2009-11-20 122984]

-----------------EOF-----------------


Report •

#2
December 21, 2009 at 19:17:48
Rsit info

info.txt logfile of random's system information tool 1.06 2009-
12-21 21:57:36

======Uninstall list======

-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
Adobe Flash Player 10 ActiveX--
>C:\Windows\system32\Macromed\Flash\uninstall_activeX.ex
e
Adobe Flash Player 10 Plugin--
>C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-
7B44-A91000000001}
Adobe Shockwave Player 11.5--
>C:\Windows\system32\Adobe\uninstaller.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-
45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-
C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-
4BE0-BA0B-8F495BE32033}
Ask.com Search Assistant 1.0.2-->C:\Program Files\Ask
Search Assistant\uninst.exe
ASUS Gamer OSD-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime
\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{7F88C9E5-12BD-
404F-AC6A-108BAAC9B708}\setup.exe" -l0x9 -removeonly
Atheros Communications Inc.(R) AR8121/AR8113/AR8114
Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield
Installation Information\{3108C217-BE83-42E4-AE9E-
A56A2A92E549}\Setup.exe" -runfromtemp -l0x0009 -
removeonly
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe
/UNINSTALL
AVS4YOU Software Navigator 1.3-->"C:\Program
Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Battlefield 2(TM)-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime
\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{04858915-9F49-
4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime
\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{50D4CB89-AF34-
4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Battlefield 2142 Deluxe Edition-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime
\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{ED50ECE9-EC54-
4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Battlefield Heroes-->"C:\Program Files\EA Games\Battlefield
Heroes\uninstaller.exe" "C:\Program Files\EA
Games\Battlefield Heroes\Uninstall.xml"
BitComet 1.13-->C:\Program Files\BitComet\uninst.exe
Bluesoleil 6.4.249.0-->MsiExec.exe /X{C0A871F9-D580-4404-
9A69-A02CF3078C87}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-
3D777245C35B}
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe
/X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Call of Duty Modern Warfare 2-->"C:\Program
Files\Activision\Modern Warfare 2\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch--
>C:\Program Files\InstallShield Installation
Information\{8A15B7D9-908A-4EF9-BA84-
5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch--
>C:\Program Files\InstallShield Installation
Information\{931C37FC-594D-43A9-B10F-
A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Canon G.726 WMP-Decoder-->"C:\Program Files\Common
Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program
Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program
Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe"
"C:\Program Files\Canon\ZoomBrowser
EX\Program\MVWUninst.ini"
Canon PIXMA iP3000--
>C:\Windows\system32\CNMCP61.exe "-
PRINTERNAMECanon PIXMA iP3000" "-
HELPERDLLC:\BJPrinter\CNMWindows\Canon PIXMA
iP3000 Installer\Inst2\cnmis.dll" "-
RCDLLC:\BJPrinter\CNMWindows\Canon PIXMA iP3000
Installer\Inst2\cnmi0409.dll"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program
Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe"
"C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser
EX-->"C:\Program Files\Common
Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program
Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program
Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe"
"C:\Program
Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common
Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program
Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.
ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common
Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program
Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common
Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program
Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common
Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program
Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture DC-->"C:\Program
Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe"
"C:\Program
Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX--
>"C:\Program Files\Common
Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program
Files\Canon\CameraWindow\RemoteCaptureTask
DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program
Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe"
"C:\Program Files\Canon\ZoomBrowser
EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program
Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe"
"C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner (remove only)-->"C:\Program
Files\CCleaner\uninst.exe"
Cheat Engine 5.5-->"C:\Program Files\Cheat
Engine\unins000.exe"
Chinese (Simplified) Language Support-->RunDll32
advpack.dll,LaunchINFSection C:\Windows\INF\cn.inf,
Uninstall
Chinese (Traditional) Language Support-->RunDll32
advpack.dll,LaunchINFSection C:\Windows\INF\tw.inf,
Uninstall
Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe"
-mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll
-game:33563143 -locale:US
Counter-Strike: Source-->C:\Program Files\Counter-Strike
Source\Uninst.exe
CPUID CPU-Z 1.51-->"C:\Program Files\CPUID\CPU-
Z\unins000.exe"
DVD Suite-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\C
tor.dll,LaunchSetup "C:\Program Files\InstallShield
Installation Information\{1FBF6C24-C1FD-4101-A42B-
0C564F9E8E79}\setup.exe" -uninstall
DVD43 v4.4.0-->"C:\Program Files\dvd43\unins000.exe"
EasyBCD 1.7.2-->C:\Program Files\NeoSmart
Technologies\EasyBCD\uninstall.exe
EPU-4 Engine-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\C
tor.dll,LaunchSetup "C:\Program Files\InstallShield
Installation Information\{8F66047B-1AF3-40D9-80D7-
106E2EDC2C2A}\setup.exe" -l0x9
Eraser 5.8.7-->"C:\Program Files\Eraser\unins000.exe"
EVEREST Home Edition v2.20-->"C:\Program
Files\Lavalys\EVEREST Home Edition\unins000.exe"
File Deleter version 1.0-->"C:\Program
Files\FileDeleter\unins000.exe"
GameSpy Arcade--
>C:\PROGRA~1\GAMESP~1\UNWISE.EXE
C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GOM Player-->"C:\Program
Files\GRETECH\GomPlayer\Uninstall.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HandBrake 0.9.3-->C:\Program Files\HandBrake\uninst.exe
HijackThis 2.0.2--
>"C:\Users\Edward\Documents\Downloads\HijackThis.exe"
/uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-
B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)--
>C:\Windows\system32\msiexec.exe /package {CE2CDD62-
0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+
REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)--
>C:\Windows\system32\msiexec.exe /package {CE2CDD62-
0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-
BFCD-4A54-A575-7B81A786E658} /qb+
REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-
8849A2A700D5}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-
4CA4-87B4-2F83216016FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-
4631-9B6C-43C48E991DE5}
LG ODD Auto Firmware Update-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\C
tor.dll,LaunchSetup "C:\Program Files\InstallShield
Installation Information\{6179550A-3E7C-499E-BCC9-
9E8113E0A285}\Setup.exe"
Malwarebytes' Anti-Malware-->"C:\Program
Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus!
Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)--
>"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\
hotfix.exe"
"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M
953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-
9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1--
>c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET
Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe
/I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-
4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable--
>MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-
AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe
/X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Search Enhancement Pack-->MsiExec.exe
/X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-
BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]--
>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-
AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)--
>MsiExec.exe /I{8A74E887-8F0F-4017-AF53-
CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)--
>MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-
FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86
8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-
8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe
/X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe
/X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86
9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-
9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-
21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-
CD27-46CB-8448-16D4FB29AA13}
Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla
Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-
9A5E3257BD94}
NoteCam Pro USB PC Camera-->C:\Windows\pcamrm.exe
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA
Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA
Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-
81D4-D7EF397C228B}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA
Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-
ADFF-E483BF718991}
Pando Media Booster-->C:\Program Files\Pando
Networks\Media Booster\uninst.exe
Parallel Port Joystick-->C:\Windows\unvise32.exe C:\Program
Files\Parallel Port Joystick\uninstal.log
PeerGuardian 2.0-->"C:\Program
Files\PeerGuardian2\unins000.exe"
PowerDVD-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\C
tor.dll,LaunchSetup "C:\Program Files\InstallShield
Installation Information\{6811CAA0-BF12-11D4-9EA1-
0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\C
tor.dll,LaunchSetup "C:\Program Files\InstallShield
Installation Information\{B7A0CE06-068E-11D6-97FD-
0050BACBF861}\setup.exe" -uninstall
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-
B363A17588A2}
RAD Video Tools-->"C:\Program
Files\RADVideo\uninstall.exe"
Real Alternative 1.9.0-->"C:\Program Files\Real
Alternative\unins000.exe"
Realtek High Definition Audio Driver-->C:\Program
Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Sandbox-->C:\Program Files\EA GAMES\Battlefield
2\mods\sandbox\uninstall_sandbox.exe
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-
EFC93E08BF3D}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-
AB023A9238F3}
Sun VirtualBox-->MsiExec.exe /I{CBE35521-6D78-4F6A-
97A1-018C14335287}
SUPERAntiSpyware Free Edition-->MsiExec.exe
/X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program
Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/440
TP-LINK Wireless Adapter Driver and Utility-->C:\Program
Files\InstallShield Installation Information\{5CAC0A4E-F179-
4229-92DB-FCA9F5BEAB7A}\setup.exe -uninst -l0x9
TreeSize Free V2.3.1-->"C:\Program Files\JAM
Software\TreeSize Free\unins000.exe"
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32
advpack.dll,LaunchINFSection
C:\Windows\INF\UltSound2.inf,Uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)--
>C:\Windows\system32\msiexec.exe /package {CE2CDD62-
0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-
DC7B-3641-BFC8-87275C4F3607} /qb+
REBOOTPROMPT=""
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-
54D498CE069F}
VLC media player 0.9.9-->C:\Program
Files\VideoLAN\VLC\uninstall.exe
VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-
4658-8751-9EDE1D65B3AA}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-
B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe
/I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows
Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-
4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-
935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-
891B-4314-97A5-EA96C0BD80B5}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-
97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-
3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-
A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-
49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-
4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-
7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-
4C87-9F82-9315A9B03985}
Windows Sound Schemes-->RunDll32
advpack.dll,LaunchINFSection
C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wolfenstein - Enemy Territory--
>C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u
C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XviD MPEG-4 Video Codec--
>C:\Windows\system32\rundll32.exe
setupapi,InstallHinfSection Remove_XviD 132
C:\Windows\INF\xvid.inf

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware

======System event log======

Computer Name: Edward-PC
Event Code: 4376
Message: Servicing has required reboot to complete the
operation of setting package KB972036(Update) into Install
Requested(Install Requested) state
Record Number: 78914
Source Name: Microsoft-Windows-Servicing
Time Written: 20090903155528.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Edward-PC
Event Code: 4376
Message: Servicing has required reboot to complete the
operation of setting package KB972036(Update) into Install
Requested(Install Requested) state
Record Number: 78910
Source Name: Microsoft-Windows-Servicing
Time Written: 20090903155528.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Edward-PC
Event Code: 4376
Message: Servicing has required reboot to complete the
operation of setting package KB972036(Update) into Install
Requested(Install Requested) state
Record Number: 78906
Source Name: Microsoft-Windows-Servicing
Time Written: 20090903155528.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Edward-PC
Event Code: 4374
Message: Windows Servicing identified that package
KB972036(Update) is not applicable for this system
Record Number: 78776
Source Name: Microsoft-Windows-Servicing
Time Written: 20090903155503.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Edward-PC
Event Code: 4374
Message: Windows Servicing identified that package
KB972036(Update) is not applicable for this system
Record Number: 78775
Source Name: Microsoft-Windows-Servicing
Time Written: 20090903155503.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Edward-PC
Event Code: 1530
Message: Windows detected your registry file is still in use
by other applications or services. The file will be unloaded
now. The applications or services that hold your registry file
may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-
4192568337-3369338228-1320983221-1000:
Process 548
(\Device\HarddiskVolume1\Windows\System32\winlogon.exe)
has opened key \REGISTRY\USER\S-1-5-21-4192568337-
3369338228-1320983221-1000
Process 2476
(\Device\HarddiskVolume1\Windows\System32\msiexec.exe)
has opened key \REGISTRY\USER\S-1-5-21-4192568337-
3369338228-1320983221-1000
Process 2476
(\Device\HarddiskVolume1\Windows\System32\msiexec.exe)
has opened key \REGISTRY\USER\S-1-5-21-4192568337-
3369338228-1320983221-
1000\Software\Microsoft\SystemCertificates\Root
Process 2476
(\Device\HarddiskVolume1\Windows\System32\msiexec.exe)
has opened key \REGISTRY\USER\S-1-5-21-4192568337-
3369338228-1320983221-
1000\Software\Microsoft\SystemCertificates\trust
Process 2476
(\Device\HarddiskVolume1\Windows\System32\msiexec.exe)
has opened key \REGISTRY\USER\S-1-5-21-4192568337-
3369338228-1320983221-
1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Record Number: 75
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090426011522.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Edward-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected
error querying for the IVssWriterCallback interface. hr =
0x80070005. This is often caused by incorrect security
settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {74775b96-4151-4658-ba76-
3d648dce5d53}
Record Number: 57
Source Name: VSS
Time Written: 20090426011326.000000-000
Event Type: Error
User:

Computer Name: Edward-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM
__InstanceModificationEvent WITHIN 60 WHERE
TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be
reactivated in namespace "//./root/CIMV2" because of error
0x80041003. Events cannot be delivered through this filter
until the problem is corrected.
Record Number: 34
Source Name: Microsoft-Windows-WMI
Time Written: 20090426010643.000000-000
Event Type: Error
User:

Computer Name: Edward-PC
Event Code: 1008
Message: The Windows Search Service is attempting to
remove the old catalog.

Record Number: 21
Source Name: Microsoft-Windows-Search
Time Written: 20090426010627.000000-000
Event Type: Warning
User:

Computer Name: 26L2233A3-09
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll.
This can occur because of system instability or a lack of
system resources.
Record Number: 12
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090426010351.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 26L2233A3-09
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233A3-09$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-
000000000000}

Process Information:
Process ID: 0x218
Process Name:
C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is
generated on the computer that was accessed.

The subject fields indicate the account on the local system
which requested the logon. This is most commonly a service
such as the Server service, or a local process such as
Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred.
The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new
logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request
originated. Workstation name is not always available and may
be left blank in some cases.

The authentication information fields provide detailed
information about this specific logon request.
- Logon GUID is a unique identifier that can be used to
correlate this event with a KDC event.
- Transited services indicate which intermediate services
have participated in this logon request.
- Package name indicates which sub-protocol was used
among the NTLM protocols.
- Key length indicates the length of the generated
session key. This will be 0 if no session key was requested.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090426010124.137588-000
Event Type: Audit Success
User:

Computer Name: 26L2233A3-09
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233A3-09$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-
000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-
000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x218
Process Name:
C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an
account by explicitly specifying that account’s credentials.
This most commonly occurs in batch-type configurations
such as scheduled tasks, or when using the RUNAS
command.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090426010124.137588-000
Event Type: Audit Success
User:

Computer Name: 26L2233A3-09
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x5cda6
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090426010122.468378-000
Event Type: Audit Success
User:

Computer Name: 26L2233A3-09
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-
000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is
generated on the computer that was accessed.

The subject fields indicate the account on the local system
which requested the logon. This is most commonly a service
such as the Server service, or a local process such as
Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred.
The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new
logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request
originated. Workstation name is not always available and may
be left blank in some cases.

The authentication information fields provide detailed
information about this specific logon request.
- Logon GUID is a unique identifier that can be used to
correlate this event with a KDC event.
- Transited services indicate which intermediate services
have participated in this logon request.
- Package name indicates which sub-protocol was used
among the NTLM protocols.
- Key length indicates the length of the generated
session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090426010121.657172-000
Event Type: Audit Success
User:

Computer Name: 26L2233A3-09
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing
subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090426010121.641572-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%Syste
mRoot%\system32\wbem;C:\Program Files\IVT
Corporation\BlueSoleil\Mobile;C:\Program
Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.W
SF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23
Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp
.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-
219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"VBOX_INSTALL_PATH"=C:\Program Files\Sun\VirtualBox\
"CLASSPATH"=.;C:\Program
Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------



Report •

#3
December 21, 2009 at 19:39:28
I wish this forum would allow you to post Hijack This logs without a request but for now it does not. It is against the forum rules to post Hijack This logs without a request from a helper. The post will get deleted by the moderator so there is no use in trying to help as it would be a waste of time. You might repost and maybe the moderator will be kind enough to only delete this thread. We are just like you, we do not make the rules but we are suppose to follow them.

Also when you run ComboFix without the assistance of a helper familiar with it you run the risk of toasting the computer even then it can happen and you remove files that are are must to help determine the variant of the virus/spyware so an action plan can be developed.


Report •

Related Solutions


Ask Question