mshta.exe connects to this site http://azxr.net/cod/srun

**hgokuh** · 22.08.2010 23:09

I think I have a virus, I use NOD32 but it doesn't find it, but a mshta.exe window opened trying to connect to this site: http://azxr.net/cod/srun
but I was able to stop the connection with my firewall. I seek the address on google and got one hit, from a french guy who got the same problem on August 14, no one has answer him yet.
Here are the details I get from windows about the process

File Version : 7.0.5730.13
File Description : Microsoft (R) HTML Application host (mshta.exe)
File Path : D:\WINDOWS.0\system32\mshta.exe
Process ID : 0x15B8 (Heximal) 5560 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : 188.126.69.***
Local Port : 4823
Remote Name : azxr.net
Remote Address : 85.17.162.231
Remote Port : 80 (HTTP - World Wide Web)

Ethernet packet details:
Ethernet II (Packet Length: 80)
Destination: 00-15-17-db-ad-16
Source: 00-ff-10-30-85-9c
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0xaa3c (Correct)
Source: 188.126.69.***
Destination: 85.17.162.231
Transmission Control Protocol (TCP)
Source port: 4823
Destination port: 80
Sequence number: 1868743617
Acknowledgment number: 0
Header length: 32
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x34 (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 15 17 DB AD 16 00 FF : 10 30 85 9C 08 00 45 00 | .........0....E.
0010: 00 34 04 3E 40 00 40 06 : 3C AA BC 7E 45 65 55 11 | .4.>@.@.<..~EeU.
0020: A2 E7 12 D7 00 50 6F 62 : C3 C1 00 00 00 00 80 02 | .....Pob........
0030: FA F0 34 00 00 00 02 04 : 05 B4 01 03 03 00 01 01 | ..4.............
0040: 04 02 5D FF 1A A9 1C E9 : 96 EB 2E 46 0B 90 99 B4 | ..]........F....

Here is my log;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:51:40 AM, on 8/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\nvsvc32.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\System32\svchost.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS.0\eHome\ehRecvr.exe
D:\WINDOWS.0\eHome\ehSched.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\system32\Tablet.exe
D:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
D:\WINDOWS.0\system32\vmnat.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
D:\WINDOWS.0\system32\vmnetdhcp.exe
D:\Program Files\DynDNS Updater\DynUpSvc.exe
D:\WINDOWS.0\system32\dllhost.exe
D:\WINDOWS.0\Explorer.EXE
D:\WINDOWS.0\RTHDCPL.EXE
D:\WINDOWS.0\system32\RUNDLL32.EXE
D:\WINDOWS.0\system32\ctfmon.exe
D:\Program Files\DynDNS Updater\DynTray.exe
D:\WINDOWS.0\system32\WTablet\TabUserW.exe
D:\Program Files\MagicDisc\MagicDisc.exe
D:\WINDOWS.0\System32\svchost.exe
D:\dvbdream\winlirc-0.6.5\winlirc.exe
D:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
D:\dvbdream\gbox\Program Files\gboxplugin\GboxControl.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Vuze\Azureus.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\OpenVPN\bin\openvpn.exe
D:\dvbdream\gbox\Program Files\gboxplugin\gboxx86.exe
D:\dvbdream\dvbdream.exe
D:\WINDOWS.0\system32\mshta.exe
D:\Program Files\Java\jre6\bin\java.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = D:\Program Files\DynDNS Updater\DynTray.exe
O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: TabUserW.exe.lnk = D:\WINDOWS.0\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware player\vsocklib.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS.0\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - D:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca38a9c5510932) (gupdate1ca38a9c5510932) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - D:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletService - Wacom Technology, Corp. - D:\WINDOWS.0\system32\Tablet.exe
O23 - Service: ToolTipFixer - NeoSmart Technologies - D:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS.0\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS.0\system32\vmnat.exe

**Jintan** · 24.08.2010 02:22

Welcome to HijackTh-s.de hgokuh,

Then only item showing here that can be seen as malware is the ICQ Toolbar installed there (see here). You should be able to uninstall it through Add/Remove Programs.

I did try to access that website you posted on, but with the secure setup I have at hand, I could not get in. The IP address of the website leads to this info, which suggests the presence of some form of malware downloader there.

Let's go ahead and do a bit more checking. I see by a web search you have opened this request at at least one other forum. To avoid crossed repair suggestions, and duplication of malware removal helper's efforts and time, you need to select one help site, then post in the other forum threads that you are already receiving help elsewhere.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If RSIT downloads/installs HijackThis be sure to agree to the install of that.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-------------

Also download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\
mbr.exe -t

Then type exit and press Enter to close the command window.

The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please.

**hgokuh** · 24.08.2010 02:45

Thanks a lot for your answer, I will follow your instructions and post my log again. I did posted this in another site a few days ago, but no one anwsered, that's why I did it again here.

**Jintan** · 25.08.2010 00:25

Do be sure to post in the other forum's thread you are receiving help already. But post the logs when ready, and let's see what is all on your system.

**hgokuh** · 25.08.2010 11:18

New Hijack log and new thing going on. I got this before once but didn't make much about it, is a window that saids Dial-up Connection, and I checked what it was and it was jushed.exe, I heard people using Java to infect computer, might this be the case?
Also, Gmer frezees the computer, first when it was checking devices, so I removed that, and then after over 8 hours frozed on files, and I didn't used the computer or had any programs opened. So I run it again without devices and files, I'm also posting the log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:05 AM, on 8/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\nvsvc32.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\System32\svchost.exe
D:\WINDOWS.0\system32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS.0\system32\spoolsv.exe
D:\WINDOWS.0\Explorer.EXE
D:\WINDOWS.0\RTHDCPL.EXE
D:\WINDOWS.0\system32\RUNDLL32.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS.0\system32\ctfmon.exe
D:\WINDOWS.0\system32\WTablet\TabUserW.exe
D:\Program Files\MagicDisc\MagicDisc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS.0\eHome\ehRecvr.exe
D:\WINDOWS.0\eHome\ehSched.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\system32\Tablet.exe
D:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
D:\WINDOWS.0\system32\vmnat.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
D:\WINDOWS.0\system32\vmnetdhcp.exe
D:\WINDOWS.0\system32\dllhost.exe
D:\WINDOWS.0\system32\wscntfy.exe
D:\WINDOWS.0\system32\rundll32.exe
D:\WINDOWS.0\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = D:\Program Files\DynDNS Updater\DynTray.exe
O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: TabUserW.exe.lnk = D:\WINDOWS.0\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware player\vsocklib.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS.0\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - D:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca38a9c5510932) (gupdate1ca38a9c5510932) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - D:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletService - Wacom Technology, Corp. - D:\WINDOWS.0\system32\Tablet.exe
O23 - Service: ToolTipFixer - NeoSmart Technologies - D:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS.0\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS.0\system32\vmnat.exe

--
End of file - 10505 bytes

**hgokuh** · 25.08.2010 11:19

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-25 09:49:57
Windows 5.1.2600 Service Pack 3
Running: z9hkuvob.exe; Driver: D:\DOCUME~1\FWALLM~1\LOCALS~1\Temp\awrdrpod.sys

---- System - GMER 1.0.15 ----

SSDT \??\D:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xB82BAB30]
SSDT \??\D:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xB82BA6F0]
SSDT \??\D:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xB82BA470]
SSDT \??\D:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xB82BAC50]
SSDT \??\D:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xB82BA990]
SSDT \??\D:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xB82BA8D0]
SSDT \??\D:\WINDOWS.0\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xB82BAD60]

---- Kernel code sections - GMER 1.0.15 ----

.text D:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7210380, 0x3DF545, 0xE8000020]
.text tcpip.sys!IPTransmit + 10FC B3377D3A 6 Bytes CALL B7DE0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 B3379690 6 Bytes CALL B7DE0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 B338F454 6 Bytes CALL B7DE0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys B82CD3FD 4 Bytes CALL B7DE0FA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys B82CD402 2 Bytes [90, 90] {NOP ; NOP }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B7DE1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B7DE1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B7DE1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B7DE1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B7DE1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B7DE1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B7DE18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B7DE1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B7DE1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B7DE1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B7DE1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B7DE1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B7DE1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B7DE1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B7DE1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B7DE1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B7DE18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B7DE1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B7DE1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B7DE1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT D:\WINDOWS.0\Explorer.EXE[1020] @ D:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] D:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

**Jintan** · 26.08.2010 01:56

The mbr.exe results look okay. I still need to see the two RSIT logs when you complete them. In addition to those, I owuld like you to "fish" for the source of this web page redirect.

Click here to download Bobbi Flekman's Regsearch.zip to your desktop. Then unzip that, and click on the regsearch.exe to run the tool. In the display panel, copy and paste the following into the upper box:

azxr.net

Then click Okay. Once the scan completes a textbox will open - copy/paste those contents back here please (the RegSearch.txt log can also be found in the same location as the regearch.exe file you clicked).

**hgokuh** · 26.08.2010 16:17

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 8/26/2010 4:14:19 PM for strings:
; 'azxr.net'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

; End Of The Log...

**hgokuh** · 26.08.2010 16:23

Logfile of random's system information tool 1.08 (written by random/random)
Run by fw at 2010-08-26 16:18:15
Microsoft Windows XP Professional Service Pack 3
System drive D: has 21 GB (5%) free of 382 GB
Total RAM: 3583 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:18:24 PM, on 8/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\nvsvc32.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\System32\svchost.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\system32\spoolsv.exe
D:\WINDOWS.0\eHome\ehRecvr.exe
D:\WINDOWS.0\eHome\ehSched.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\system32\Tablet.exe
D:\Program Files\DynDNS Updater\DynUpSvc.exe
D:\WINDOWS.0\system32\dllhost.exe
D:\WINDOWS.0\Explorer.EXE
D:\WINDOWS.0\RTHDCPL.EXE
D:\WINDOWS.0\system32\RUNDLL32.EXE
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS.0\system32\ctfmon.exe
D:\Program Files\DynDNS Updater\DynTray.exe
D:\WINDOWS.0\system32\WTablet\TabUserW.exe
D:\Program Files\MagicDisc\MagicDisc.exe
D:\WINDOWS.0\System32\svchost.exe
D:\dvbdream\winlirc-0.6.5\winlirc.exe
D:\dvbdream\gbox\Program Files\gboxplugin\GboxControl.exe
D:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\Program Files\Vuze\Azureus.exe
D:\dvbdream\gbox\Program Files\gboxplugin\gboxx86.exe
D:\Program Files\OpenVPN\bin\openvpn.exe
D:\Program Files\Java\jre6\bin\java.exe
D:\Documents and Settings\fw\Desktop\RSIT.exe
C:\fw.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] D:\WINDOWS.0\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = D:\Program Files\DynDNS Updater\DynTray.exe
O4 - Global Startup: TabUserW.exe.lnk = D:\WINDOWS.0\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS.0\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - D:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Google Update Service (gupdate1ca38a9c5510932) (gupdate1ca38a9c5510932) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - D:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletService - Wacom Technology, Corp. - D:\WINDOWS.0\system32\Tablet.exe

--
End of file - 8510 bytes

======Scheduled tasks folder======

D:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - D:\Program Files\RealPlayer\rpbrowserrecordplugin.dll [2009-09-18 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run]
"RTHDCPL"=D:\WINDOWS.0\RTHDCPL.EXE [2008-04-10 16861184]
"Alcmtr"=D:\WINDOWS.0\ALCMTR.EXE [2005-05-03 69632]
"nwiz"=D:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]
"NvCplDaemon"=D:\WINDOWS.0\system32\NvCpl.dll [2009-08-17 13877248]
"NvMediaCenter"=D:\WINDOWS.0\system32\NvMcTray.dll [2009-08-17 86016]
""= []
"nod32kui"=D:\Program Files\Eset\nod32kui.exe [2009-10-04 949376]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"CTFMON.EXE"=D:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ RunOnce]
"FlashPlayerUpdate"=D:\WINDOWS.0\system32\Macromed\Flash \Fla shUtil10h_Plugin.exe [2010-06-18 231888]

D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup
DynDNS Updater Tray Icon.lnk - D:\Program Files\DynDNS Updater\DynTray.exe
TabUserW.exe.lnk - D:\WINDOWS.0\system32\WTablet\TabUserW.exe

D:\Documents and Settings\fw\Start Menu\Programs\Startup
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS.0\system32\WgaLogon.dll [2008-11-23 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS.0\system32\wpdshserviceobj.dll [2008-11-23 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=D:\WINDOWS.0\Resources\Themes\Royal e\Ro yale.msstyles
"InstallTheme"=D:\WINDOWS.0\Resources\Themes\Royale.them e

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoToolbarCustomize"=0
"NoBandCustomize"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\standardprofile\authorizedap plications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessm gr.e xe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\DriveTheLife\DriveTheLife.exe"="D:\Program Files\DriveTheLife\DriveTheLife.exe:*:EnabledriveTheLife"
"D:\dvbdream\gbox\Program Files\gboxplugin\gboxx86.exe"="D:\dvbdream\gbox\Program Files\gboxplugin\gboxx86.exe:*:Enabled:gboxx86"
"C:\ProgDVB\winlirc-0.6.5\winlirc.exe"="C:\ProgDVB\winlirc-0.6.5\winlirc.exe:*:Enabled:winlirc"
"D:\dvbdream\winlirc-0.6.5\winlirc.exe"="D:\dvbdream\winlirc-0.6.5\winlirc.exe:*:Enabled:winlirc"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\WINDOWS.0\system32\drivers\svchost.exe"="D:\WINDOWS. 0\sy stem32\drivers\svchost.exe:*isabled:??????????????g"
"D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\dcc295\DCC.exe"="C:\dcc295\DCC.exe:*:Enabledreambox Control Center"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*isabled:Bonjour"
"D:\Documents and Settings\fw\temp\TeamViewer\Version4\TeamViewer.exe" ="D:\Documents and Settings\fw\temp\TeamViewer\Version4\TeamViewer.exe: *:Enabled:TeamViewer Remote Control Application"
"D:\Program Files\TechniSat DVB\bin\Server4PC.exe"="D:\Program Files\TechniSat DVB\bin\Server4PC.exe:*:Enabled:Server4PC"
"F:\fsetup.exe"="F:\fsetup.exe:*:Enabled:AVM FSetup Application"
"D:\Program Files\VSO\ConvertX\4\ConvertXtoDvd.exe"="D:\Program Files\VSO\ConvertX\4\ConvertXtoDvd.exe:*isabled:ConvertXtoDV D 4"
"D:\Program Files\HDD Regenerator\HDD Regenerator.exe"="D:\Program Files\HDD Regenerator\HDD Regenerator.exe:*isabled:HDD Regenerator"
"D:\Program Files\Hard Disk Sentinel\HDSentinel.exe"="D:\Program Files\Hard Disk Sentinel\HDSentinel.exe:*isabled:Hard Disk Sentinel"
"D:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="D:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*isabled:Nero ShowTime"
"D:\Program Files\Vuze\Azureus.exe"="D:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
"D:\Program Files\OpenVPN\bin\openvpn.exe"="D:\Program Files\OpenVPN\bin\openvpn.exe:*:Enabledpenvpn"
"D:\WINDOWS.0\system32\lsass.exe"="D:\WINDOWS.0\system32 \lsa ss.exe:LocalSubNet:Enabled:lsass.exe"
"D:\Program Files\ICQ7.2\ICQ.exe"="D:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*isabled:Firefox"
"D:\Program Files\Google\Chrome\Application\chrome.exe"="D:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"D:\Program Files\ICQ7.2\aolload.exe"="D:\Program Files\ICQ7.2\aolload.exe:*isabled:aolload.exe"
"D:\Program Files\WebMoney\WebMoney.exe"="D:\Program Files\WebMoney\WebMoney.exe:*isabled:WebMoney Keeper Classic Runner Module"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\domainprofile\authorizedappl ications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessm gr.e xe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\ICQ7.2\ICQ.exe"="D:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\Program Files\ICQ7.2\aolload.exe"="D:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.js - open - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2010-08-25 10:32:56 ----SHD---- D:\Config.Msi
2010-08-25 09:55:28 ----A---- D:\mbr.exe
2010-08-24 21:45:28 ----D---- D:\rsit
2010-08-24 19:26:16 ----D---- D:\Documents and Settings\fw\Application Data\565632576E009869B0BCC8E43FCB7AC6
2010-08-09 20:29:56 ----D---- D:\Program Files\COMODO
2010-08-09 20:27:10 ----D---- D:\WINDOWS.0\Internet Logs(2)
2010-08-07 16:28:00 ----D---- D:\Documents and Settings\fw\Application Data\CheckPoint
2010-08-07 16:26:42 ----D---- D:\Program Files\CheckPoint
2010-08-05 04:55:31 ----D---- D:\Program Files\Veetle
2010-08-05 00:40:20 ----D---- D:\Documents and Settings\fw\Application Data\SYNCING.NET for Outlook
2010-08-04 23:21:19 ----SHD---- D:\WINDOWS.0\CSC
2010-08-04 21:39:37 ----A---- D:\WINDOWS.0\ntbtlog.txt
2010-07-30 18:53:48 ----D---- D:\Program Files\ICQ6Toolbar
2010-07-30 18:53:33 ----D---- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\ICQ
2010-07-30 18:53:02 ----D---- D:\Documents and Settings\fw\Application Data\ICQ
2010-07-30 18:52:53 ----D---- D:\Program Files\ICQ7.2
2010-07-29 01:19:29 ----D---- D:\Documents and Settings\fw\Application Data\Malwarebytes
2010-07-29 01:19:21 ----A---- D:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2010-07-29 01:19:20 ----D---- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2010-07-29 01:19:20 ----A---- D:\WINDOWS.0\system32\drivers\mbam.sys
2010-07-29 01:19:19 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2010-07-29 00:29:18 ----ASH---- D:\pagefile.sys
2010-07-18 19:08:52 ----D---- D:\Documents and Settings\fw\Application Data\VMware
2010-07-18 18:09:41 ----D---- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\VMware
2010-07-18 01:43:27 ----D---- D:\Documents and Settings\fw\Application Data\Download Manager
2010-07-17 17:40:22 ----A---- D:\WINDOWS.0\system32\drivers\pavboot.sys
2010-07-17 17:38:56 ----D---- D:\Program Files\Panda Security
2010-07-09 16:25:01 ----D---- D:\WINDOWS.0\Wordlist Wizard
2010-07-09 16:25:01 ----D---- D:\Program Files\Wordlist Wizard
2010-07-08 11:59:59 ----D---- D:\Program Files\avmwlanstick
2010-07-08 11:59:57 ----A---- D:\WINDOWS.0\system32\drivers\fwlanusb.sys
2010-07-08 11:59:56 ----D---- D:\WINDOWS.0\AVM_Driver
2010-07-08 11:59:56 ----A---- D:\WINDOWS.0\system32\avmcowlan.dll
2010-07-08 11:59:56 ----A---- D:\WINDOWS.0\system32\avmadd32.dll
2010-07-05 11:45:44 ----A---- D:\WINDOWS.0\system32\drivers\wg6n.sys
2010-07-05 11:45:43 ----A---- D:\WINDOWS.0\system32\drivers\wg5n.sys
2010-07-05 11:45:42 ----A---- D:\WINDOWS.0\system32\drivers\wg4n.sys
2010-07-05 11:45:42 ----A---- D:\WINDOWS.0\system32\drivers\wg3n.sys
2010-07-05 11:45:41 ----A---- D:\WINDOWS.0\system32\drivers\Teefer.sys
2010-07-05 11:45:40 ----A---- D:\WINDOWS.0\system32\drivers\wpsdrvnt.sys
2010-07-05 11:45:36 ----A---- D:\WINDOWS.0\system32\SSSensor.dll
2010-07-05 11:45:30 ----D---- D:\Program Files\Sygate
2010-07-05 00:24:39 ----A---- D:\WINDOWS.0\system32\ForceBindIP-Uninstaller.exe
2010-07-04 23:41:16 ----D---- D:\Program Files\OpenVPN2
2010-07-04 21:57:42 ----D---- D:\Program Files\Zattoo4
2010-07-04 21:43:38 ----D---- D:\Program Files\Tap0901
2010-06-25 23:20:40 ----D---- D:\Documents and Settings\fw\Application Data\RealHideIP
2010-06-25 23:20:40 ----D---- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\RealHideIP
2010-06-25 12:04:42 ----D---- D:\Program Files\Hensence.com
2010-06-19 04:00:39 ----D---- D:\Program Files\WMCap
2010-06-12 23:52:07 ----D---- D:\Program Files\OpenVPN
2010-06-02 16:17:28 ----D---- D:\Documents and Settings\fw\Application Data\AutoHideIP
2010-06-02 16:17:28 ----D---- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\AutoHideIP

======List of files/folders modified in the last 3 months======

2010-08-26 16:17:20 ----D---- D:\Documents and Settings\fw\Application Data\Azureus
2010-08-26 16:13:16 ----D---- D:\WINDOWS.0\Prefetch
2010-08-26 15:34:51 ----D---- D:\WINDOWS.0\Temp
2010-08-26 12:48:00 ----A---- D:\WINDOWS.0\SchedLgU.Txt
2010-08-25 23:14:31 ----D---- D:\Documents and Settings\fw\Application Data\vlc
2010-08-25 11:05:16 ----D---- D:\Program Files\Mozilla Firefox
2010-08-25 11:01:00 ----D---- D:\WINDOWS.0\system32\drivers
2010-08-25 10:44:00 ----D---- D:\WINDOWS.0\Registration
2010-08-25 10:43:51 ----D---- D:\WINDOWS.0\system32
2010-08-25 10:43:50 ----D---- D:\WINDOWS.0
2010-08-25 10:41:05 ----D---- D:\Program Files\WBFS
2010-08-25 10:35:56 ----D---- D:\WINDOWS.0\WinSxS
2010-08-25 10:34:39 ----RD---- D:\Program Files
2010-08-25 10:34:34 ----D---- D:\Program Files\Common Files
2010-08-25 10:33:36 ----HD---- D:\WINDOWS.0\inf
2010-08-25 10:33:10 ----D---- D:\WINDOWS.0\system32\CatRoot2
2010-08-25 10:32:54 ----SHD---- D:\WINDOWS.0\Installer
2010-08-25 00:51:58 ----D---- D:\WINDOWS.0\Minidump
2010-08-24 21:56:52 ----A---- D:\WINDOWS.0\EurekaLog.ini
2010-08-24 19:57:06 ----D---- D:\Documents and Settings\fw\Application Data\Adobe
2010-08-24 14:35:20 ----D---- D:\WINDOWS.0\Debug
2010-08-24 00:25:05 ----A---- D:\WINDOWS.0\NeroDigital.ini
2010-08-22 23:09:11 ----RSHDC---- D:\WINDOWS.0\system32\dllcache
2010-08-14 02:01:38 ----DC---- D:\WINDOWS.0\system32\DRVSTORE
2010-08-09 22:01:12 ----D---- D:\WINDOWS.0\system32\config
2010-08-09 22:00:45 ----D---- D:\WINDOWS.0\system32\wbem
2010-08-06 22:17:13 ----A---- D:\WINDOWS.0\win.ini
2010-08-06 17:56:14 ----A---- D:\WINDOWS.0\system.ini
2010-08-05 00:49:00 ----AD---- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP
2010-08-04 22:26:17 ----SHD---- D:\RECYCLER
2010-07-30 18:53:42 ----HD---- D:\Program Files\InstallShield Installation Information
2010-07-30 12:56:54 ----D---- D:\dvbdream
2010-07-29 00:41:43 ----D---- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2010-07-25 05:21:18 ----D---- D:\Program Files\Replay Media Catcher
2010-07-25 03:55:39 ----A---- D:\WINDOWS.0\system32\rmc_rtspdl.dll
2010-07-25 03:55:39 ----A---- D:\WINDOWS.0\system32\rmc_fixasf.exe
2010-07-25 03:55:28 ----A---- D:\WINDOWS.0\system32\AUDIOGENIE2.DLL
2010-07-18 18:10:16 ----A---- D:\WINDOWS.0\system32\PerfStringBackup.INI
2010-07-18 02:04:59 ----D---- D:\Movies
2010-07-16 10:47:18 ----D---- D:\Software
2010-07-15 01:11:02 ----D---- D:\WINDOWS.0\system32\ReinstallBackups
2010-07-14 13:26:42 ----D---- D:\Documents and Settings
2010-07-05 11:45:04 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2010-06-20 00:39:49 ----D---- D:\Series
2010-06-16 02:33:14 ----D---- D:\Program Files\Vuze
2010-06-09 15:19:15 ----D---- D:\Documents and Settings\fw\Application Data\Vso
2010-05-28 09:06:46 ----SD---- D:\WINDOWS.0\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;NEC FireWarden OHCI Compliant IEEE 1394 Host Controller; D:\WINDOWS.0\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 pavboot;pavboot; D:\WINDOWS.0\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 PenClass;Pen Class; D:\WINDOWS.0\system32\Drivers\PenClass.sys [2005-11-30 8138]
R0 PxHelp20;PxHelp20; D:\WINDOWS.0\System32\Drivers\PxHelp20.sys [2008-10-08 43872]
R0 Teefer;Teefer for NT; D:\WINDOWS.0\SYSTEM32\Drivers\Teefer.sys [2004-10-15 60496]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2008-11-23 77568]
R1 intelppm;Intel Processor Driver; D:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 nod32drv;nod32drv; D:\WINDOWS.0\system32\drivers\nod32drv.sys [2009-10-04 15424]
R1 nvport;NVIDIA PORT IO Control Driver; \??\D:\WINDOWS.0\system32\Drivers\nvport.sys []
R1 wpsdrvnt;wpsdrvnt; \??\D:\WINDOWS.0\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS.0\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 AMON;AMON; D:\WINDOWS.0\system32\drivers\amon.sys [2009-10-04 512096]
R2 ElbyCDIO;ElbyCDIO Driver; D:\WINDOWS.0\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 wg3n;SyGate for NT, wg3n; D:\WINDOWS.0\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R3 AnyDVD;AnyDVD; D:\WINDOWS.0\System32\Drivers\AnyDVD.sys [2006-02-25 19200]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS.0\system32\DRIVERS\arp1394.sys [2008-12-15 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS.0\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; D:\WINDOWS.0\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; D:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2008-12-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; D:\WINDOWS.0\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 NIC1394;1394 Net Driver; D:\WINDOWS.0\system32\DRIVERS\nic1394.sys [2008-12-15 61824]
R3 nv;nv; D:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]
R3 pcouffin;VSO Software pcouffin; D:\WINDOWS.0\System32\Drivers\pcouffin.sys [2010-02-24 47360]
R3 pfc;Padus ASPI Shell; D:\WINDOWS.0\system32\drivers\pfc.sys [2006-03-29 9856]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver; D:\WINDOWS.0\system32\DRIVERS\rt2870.sys [2008-12-06 644096]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS.0\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]
R3 SKYNET;TechniSat DVB-PC TV Star PCI; D:\WINDOWS.0\system32\DRIVERS\SkyNET.SYS [2009-09-11 507408]
R3 tap0901;TAP-Win32 Adapter V9; D:\WINDOWS.0\system32\DRIVERS\tap0901.sys [2009-11-20 25984]
R3 usbscan;USB Scanner Driver; D:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbstor;USB Mass Storage Driver; D:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DCamUSBEMPIA;USB 2860 Video; D:\WINDOWS.0\system32\DRIVERS\emDevice.sys [2004-08-17 112525]
S3 FiltUSBEMPIA;USB Device Lower Filter; D:\WINDOWS.0\system32\DRIVERS\emFilter.sys [2004-11-04 19328]
S3 FWLANUSB;AVM FRITZ!WLAN; D:\WINDOWS.0\system32\DRIVERS\fwlanusb.sys [2006-04-06 264704]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS.0\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 ScanUSBEMPIA;USB Still Image Capture Device; D:\WINDOWS.0\system32\DRIVERS\emScan.sys [2004-08-12 4857]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; D:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbvideo;USB Video Device (WDM); D:\WINDOWS.0\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; D:\WINDOWS.0\system32\DRIVERS\vmnetadapter.sys []
S3 WpdUsb;WpdUsb; D:\WINDOWS.0\system32\DRIVERS\wpdusb.sys [2008-11-23 38528]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2008-11-23 82944]
S4 vsdatant;vsdatant; D:\WINDOWS.0\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DynDNS Updater;DynDNS Updater; D:\Program Files\DynDNS Updater\DynUpSvc.exe [2009-09-28 99704]
R2 ehRecvr;Media Center Receiver Service; D:\WINDOWS.0\eHome\ehRecvr.exe [2005-08-05 235520]
R2 ehSched;Media Center Scheduler Service; D:\WINDOWS.0\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 McrdSvc;Media Center Extender Service; D:\WINDOWS.0\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NOD32krn;NOD32 Kernel Service; D:\Program Files\Eset\nod32krn.exe [2009-10-04 552064]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS.0\system32\nvsvc32.exe [2009-08-17 168004]
R2 SmcService;Sygate Personal Firewall; D:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R2 TabletService;TabletService; D:\WINDOWS.0\system32\Tablet.exe [2005-12-06 753664]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; D:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 gupdate1ca38a9c5510932;Google Update Service (gupdate1ca38a9c5510932); D:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-18 133104]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state .exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFo ntCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; D:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 OpenVPNService;OpenVPN Service; D:\Program Files\OpenVPN\bin\openvpnserv.exe [2010-01-12 36352]
S3 SwitchBoard;SwitchBoard; D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 ASKService;ASKService; D:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S4 ASKUpgrade;ASKUpgrade; D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-17 654848]
S4 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ToolTipFixer;ToolTipFixer; D:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [2008-10-14 61952]

-----------------EOF-----------------

**hgokuh** · 26.08.2010 16:24

info.txt logfile of random's system information tool 1.08 2010-08-24 21:46:03

======Uninstall list======

-->D:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->D:\WINDOWS.0\UNNeroBackItUp.exe /UNINSTALL
-->D:\WINDOWS.0\UNNeroShowTime.exe /UNINSTALL
-->D:\WINDOWS.0\UNNeroVision.exe /UNINSTALL
-->D:\WINDOWS.0\UNRecode.exe /UNINSTALL
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS.0\INF\PCHealth.inf
AccessDiver v4.402-->"D:\Program Files\Accessdiver\unins000.exe"
ActivePerl 5.8.0 Build 802-->MsiExec.exe /I{A4107692-C786-4C92-ADEE-A0B3C4328247}
Add or Remove Adobe Creative Suite 3 Master Collection-->D:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup .exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}
Adobe After Effects CS3 Template Projects & Footage-->MsiExec.exe /I{80C13322-2085-49F5-8B19-2A9FA20F14E9}
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{60B87ADA-167E-4239-AD64-40992C8D220F}
Adobe After Effects CS3-->MsiExec.exe /I{0A3D355B-4FCC-41AF-8C61-A2BA15D26237}
Adobe AIR-->D:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Library-->MsiExec.exe /I{7D62C409-EA5C-40E3-954E-AD4923250923}
Adobe Encore CS3-->MsiExec.exe /I{5373C190-2C97-4086-B0F6-E7774B2CF25A}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->D:\WINDOWS.0\system32\Macromed\Flash\uninstall_activeX.ex e
Adobe Flash Player 10 Plugin-->D:\WINDOWS.0\system32\Macromed\Flash\FlashUtil10h_Plugin.ex e -maintain plugin
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop CS5-->D:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Photoshop Lightroom 2.1-->MsiExec.exe /I{42A96544-2842-444E-8A27-A61848DDEC87}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{0742B739-DCA3-4A21-AADD-B7CBF49C2058}
Adobe Premiere Pro CS3-->MsiExec.exe /I{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}
Adobe Setup-->MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}
Adobe Shockwave Player-->MsiExec.exe /X{54E4B63C-D252-454C-BE4F-468F102B331C}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Alien Skin Blow Up-->D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\BLOWUP~1\Unwise32.exe D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\BLOWUP~1\INSTALL.LOG
Alien Skin Exposure-->D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\Exposure\Unwise32.exe D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\Exposure\INSTALL.LOG
Alien Skin Eye Candy 5 Impact-->D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\EYECAN~1\Unwise32.exe D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\EYECAN~1\INSTALL.LOG
Alien Skin Eye Candy 5 Nature-->D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\EYECAN~2\Unwise32.exe D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\EYECAN~2\INSTALL.LOG
Alien Skin Eye Candy 5 Textures-->D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\EYECAN~3\UNWISE.EXE D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\EYECAN~3\INSTALL.LOG
Alien Skin Image Doctor-->D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\Unwise32.exe D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\INSTALL.LOG
Alien Skin Snap Art-->D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\SNAPAR~1\Unwise32.exe D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~2\SNAPAR~1\INSTALL.LOG
Alien Skin Xenofex 2.0-->D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~3\UNWISE.EXE D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~3\INSTALL.LOG
Alky for Applications (Windows XP)-->MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
AnyDVD-->"D:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="D:\Program Files\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Autodesk DirectConnect 2009-->MsiExec.exe /I{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}
CCE SP Trial Version for Adobe Premiere-->D:\PROGRA~1\CUSTOM~1\CCESPT~1\uinst2.exe
CCE SP Trial Version-->D:\PROGRA~1\CUSTOM~1\CCESPT~1\uinst.exe
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
Chameleon-->"D:\Program Files\AKVIS\Chameleon\Uninstall\Uninstall.exe" "D:\Program Files\AKVIS\Chameleon\Uninstall\install.log" -u
Coloriage-->"D:\Program Files\AKVIS\Coloriage\Uninstall\Uninstall.exe" "D:\Program Files\AKVIS\Coloriage\Uninstall\install.log" -u
ConvertXtoDVD 4.0.9.322-->"D:\Program Files\VSO\ConvertX\4\unins000.exe"
Cookie Editor 1.9.1.469-->"D:\Program Files\ProXoft\Cookie Editor\unins000.exe"
Data Lifeguard Diagnostic for Windows-->MsiExec.exe /X{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}
Decorator-->"D:\Program Files\AKVIS\Decorator\Uninstall\Uninstall.exe" "D:\Program Files\AKVIS\Decorator\Uninstall\install.log" -u
DreamBoxEdit -- The one and only settings editor for your Dreambox-->D:\Program Files\DreamBoxEdit\uninstall.exe
DriveTheLife 2009-->"D:\Program Files\DriveTheLife\unins000.exe"
DVB Dream version 1.4i-->"d:\dvbdream\unins000.exe"
DVD Shrink 3.2-->"D:\Program Files\DVD Shrink\unins000.exe"
DynDNS Updater-->D:\Program Files\DynDNS Updater\Uninstall.exe
Elecard MPEG-2 Decoder&Streaming Pack-->"D:\Program Files\Elecard\Elecard MPEG-2 Decoder&Streaming Pack\Uninstall.exe" "D:\Program Files\Elecard\Elecard MPEG-2 Decoder&Streaming Pack\install.log" -u
eMule-->"D:\Program Files\eMule\Uninstall.exe"
Enhancer-->"D:\Program Files\AKVIS\Enhancer\Uninstall\Uninstall.exe" "D:\Program Files\AKVIS\Enhancer\Uninstall\install.log" -u
ForceBindIP-->D:\WINDOWS.0\system32\ForceBindIP-Uninstaller.exe
Frame Suite-->"D:\Program Files\AKVIS\Frame Suite\Uninstall\Uninstall.exe" "D:\Program Files\AKVIS\Frame Suite\Uninstall\install.log" -u
Google Chrome-->"D:\Program Files\Google\Chrome\Application\5.0.375.127\Installer\setup. exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hard Disk Sentinel PRO-->"D:\Program Files\Hard Disk Sentinel\unins000.exe"
HDD Regenerator-->MsiExec.exe /X{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}
HijackThis 2.0.2-->"D:\Documents and Settings\Wallmeier\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->D:\WINDOWS.0\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
ICQ Toolbar-->D:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.2-->"D:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
ImgBurn (Remove Only)-->"D:\Program Files\ImgBurn\uninstall.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Mega Codec Pack 4.3.1-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
LightShop-->"D:\Program Files\AKVIS\LightShop\Uninstall\Uninstall.exe" "D:\Program Files\AKVIS\LightShop\Uninstall\install.log" -u
Magic ISO Maker v5.4 (build 0239)-->D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.106-->D:\PROGRA~1\MAGICD~1\UNWISE.EXE D:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maya 2009 Documentation (en_US)-->MsiExec.exe /I{97C4F970-C753-443F-B61C-525C739BBC3D}
Maya 2009-->MsiExec.exe /I{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}
MediaCell iPhone Converter 2.1-->D:\Program Files\MediaCell iPhoneConverter\Uninst.exe
Microsoft .NET Framework (English) v1.0.3705-->D:\WINDOWS.0\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->D:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS.0\$NtServicePackUninstallNLSDownlevelMapping$\s puninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304-->MsiExec.exe /X{C9B26742-06BE-3B75-B1DE-7B91B5956A04}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mozilla Firefox (3.5.11)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
NOD32 antivirus system-->D:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"D:\Program Files\Eset\unins000.exe"
Noise Buster-->"D:\Program Files\AKVIS\Noise Buster\Uninstall\Uninstall.exe" "D:\Program Files\AKVIS\Noise Buster\Uninstall\install.log" -u
Noiseware Professional Plug-in-->MsiExec.exe /I{0176AC71-9EDE-48A0-AC3B-94FEB38B1FFE}
NVIDIA Drivers-->D:\WINDOWS.0\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->D:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
NVIDIA PureVideo Decoder-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
OpenVPN 2.1_rc22-tuvpn-->D:\Program Files\OpenVPN\Uninstall.exe
OpenVPN Tap Adapter 9.0-->D:\Program Files\Tap0901\uninst.exe
Panda ActiveScan 2.0-->D:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Portraiture Plug-in-->MsiExec.exe /I{D301EE05-D1E1-4A58-B89C-A0EFDAB491E2}
ProgDVB-->D:\Program Files\ProgDVB\uninstall.exe
Proxy Finder Enterprise Edition-->D:\Program Files\ProxyFinderEnterprise\uninstal.exe
PVR Plus-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\ Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}\Setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealGrain Plug-in-->MsiExec.exe /I{687E87C0-E4C2-414A-B8A2-E2B9B83670AA}
RealPlayer-->D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Replay Media Catcher 3.01-->"D:\WINDOWS.0\Replay Media Catcher\uninstall.exe" "/U

:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Retoucher-->"D:\Program Files\AKVIS\Retoucher\Uninstall\Uninstall.exe" "D:\Program Files\AKVIS\Retoucher\Uninstall\install.log" -u
Riva FLV Encoder 2.0-->"D:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sketch-->"D:\Program Files\AKVIS\Sketch\Uninstall\Uninstall.exe" "D:\Program Files\AKVIS\Sketch\Uninstall\install.log" -u
Splat! 1.0-->D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\Splat\UNWISE.EXE D:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\Splat\INSTALL.LOG
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sygate Personal Firewall-->MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Tablet-->D:\Program Files\Tablet\Remove.exe /u
TechniSat DVB Receiver-->D:\WINDOWS.0\IsUninst.exe -f"D:\Program Files\TechniSat DVB\Uninst.isu"
tools-linux-->MsiExec.exe /X{D102611A-6466-4101-A51D-51069303AC65}
ToolTipFixer 2.0-->D:\Program Files\NeoSmart Technologies\ToolTipFixer\uninstall.exe
Veetle TV 0.9.17-->D:\Program Files\Veetle\UninstallVeetleTV.exe
VLC media player 1.0.1-->D:\Program Files\VideoLAN\VLC\uninstall.exe
VMware Player-->D:\Documents and Settings\All Users.WINDOWS.0\Application Data\VMware\VMware Player\Uninstaller\uninstall.exe -x
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
Vuze Toolbar-->"D:\Program Files\AskBarDis\unins000.exe"
Vuze-->D:\Program Files\Vuze\uninstall.exe
WBFS Manager 3.0-->D:\Program Files\WBFS\WBFS Manager 3.0\uninstall.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->D:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
WinXP Manager-->MsiExec.exe /I{1043E281-B080-4947-9BD7-3F1D233BF6D2}
WM Capture-->D:\Program Files\WMCap\Uninstal.exe
Wordlist Wizard-->"D:\WINDOWS.0\Wordlist Wizard\uninstall.exe" "/U

:\Program Files\Wordlist Wizard\Uninstall\uninstall.xml"
Zattoo4 4.0.5-->D:\Program Files\Zattoo4\uninst.exe

======Security center information======

AV: ESET NOD32 antivirus system 2.70
FW: Sygate Personal Firewall

======System event log======

Computer Name: ROBINHO
Event Code: 1002
Message: The IP address lease 0.0.0.0 for the Network Card with network address 00FF1030859C has been
denied by the DHCP server 188.126.69.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 33835
Source Name: Dhcp
Time Written: 20100817044829.000000+120
Event Type: error
User:

Computer Name: ROBINHO
Event Code: 1002
Message: The IP address lease 0.0.0.0 for the Network Card with network address 00FF1030859C has been
denied by the DHCP server 188.126.69.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 33834
Source Name: Dhcp
Time Written: 20100817044828.000000+120
Event Type: error
User:

Computer Name: ROBINHO
Event Code: 1002
Message: The IP address lease 0.0.0.0 for the Network Card with network address 00FF1030859C has been
denied by the DHCP server 188.126.69.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 33833
Source Name: Dhcp
Time Written: 20100817044827.000000+120
Event Type: error
User:

Computer Name: ROBINHO
Event Code: 1002
Message: The IP address lease 0.0.0.0 for the Network Card with network address 00FF1030859C has been
denied by the DHCP server 188.126.69.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 33832
Source Name: Dhcp
Time Written: 20100817044826.000000+120
Event Type: error
User:

Computer Name: ROBINHO
Event Code: 1002
Message: The IP address lease 0.0.0.0 for the Network Card with network address 00FF1030859C has been
denied by the DHCP server 188.126.69.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 33831
Source Name: Dhcp
Time Written: 20100817044825.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: ROBINHO
Event Code: 3
Message:
Record Number: 16275
Source Name: Adobe Version Cue CS3
Time Written: 20100812125057.000000+120
Event Type: error
User:

Computer Name: ROBINHO
Event Code: 3
Message:
Record Number: 16274
Source Name: Adobe Version Cue CS3
Time Written: 20100812125057.000000+120
Event Type: error
User:

Computer Name: ROBINHO
Event Code: 3
Message:
Record Number: 16273
Source Name: Adobe Version Cue CS3
Time Written: 20100812125057.000000+120
Event Type: error
User:

Computer Name: ROBINHO
Event Code: 3
Message:
Record Number: 16272
Source Name: Adobe Version Cue CS3
Time Written: 20100812125057.000000+120
Event Type: error
User:

Computer Name: ROBINHO
Event Code: 3
Message:
Record Number: 16271
Source Name: Adobe Version Cue CS3
Time Written: 20100812125057.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=D:\Program Files\Autodesk\Maya2009\bin;D:\Perl\bin\;%SystemRoot%\system 32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\Alky for Applications\Libraries\;D:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.W SH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Thema: mshta.exe connects to this site http://azxr.net/cod/srun

Themen-Optionen

mshta.exe connects to this site http://azxr.net/cod/srun

Re: mshta.exe connects to this site http://azxr.net/cod/srun

AW: mshta.exe connects to this site http://azxr.net/cod/srun

Re: AW: mshta.exe connects to this site http://azxr.net/cod/srun

AW: mshta.exe connects to this site http://azxr.net/cod/srun

AW: mshta.exe connects to this site http://azxr.net/cod/srun

Re: AW: mshta.exe connects to this site http://azxr.net/cod/srun

AW: mshta.exe connects to this site http://azxr.net/cod/srun

AW: Re: AW: mshta.exe connects to this site http://azxr.net/cod/srun

AW: Re: AW: mshta.exe connects to this site http://azxr.net/cod/srun

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

http://www.uptodateprotection.net/

Logfile zu http://www.securitysafeguards.net/

http://www.nlqszpyoonhjzrfbunxyabdos.net/%20TXynYxyPPSM6Q42t8ZLJu8aeMF8Nd1f9__7BlArTv

Forumregeln