Malware from a torrent Solved

Question

Hello,
for the past few days I've had some sort of infection after downloading a torrent file that I can't delete or rename or anything, and then I noticed that every time I try to open the media player I get a message saying there's not enough disk space, and BitTorrent launches instead...

now that's not the case since the antivirus starts every time I opened Mozilla Firefox with an alert saying there's a malware which I quarantined in response to the alert... however, the torrent file I initially downloaded is still stubborn and even Killbox seems unable to install because apparently the infection hasn't been completely eliminated...

please help me because my laptop is struggling these last few days even though I just installed XP

Configuration: Windows XP Firefox 3.0.15

Guillaume5188 · Answer

Good evening

1- Download and install HijackThis software:

https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
or here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
or here https://www.clubic.com/telecharger-fiche17891-hijackthis.html

--> Click on the setup to start the installation: follow the prompts and do not modify the installation settings.
At the end of the installation, the program will launch automatically: close it by clicking on the red cross.
In the end, you should have a shortcut on your desktop and also a path like:
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

(Do not run this program for now and proceed with the next steps...)

2- Download Random's System Information Tool (RSIT) from random/random and save the executable on your Desktop.

-> http://images.malwareremoval.com/random/RSIT.exe

! Disconnect and close all your current applications!

Double-click on " RSIT.exe " to launch it.

Right-click under VISTA (run as...)

-> A first window opens with the title: " Disclaimer of warranty " .

* In front of the option "List files/folders created ..." , choose: 2 months

* then click on " Continue " to start the scan ...

-> let the scan run and do not touch the PC ...

When the scan is finished, two text files will open (probably with Notepad).

Post the content of " log.txt " (the one that appears on the screen), as well as " info.txt " (which you will see in the taskbar), for analysis and wait for further instructions...

Important: post one report, then the other in the next reply...
If you try to post both at the same time, it may be too lengthy for the forum...
( And if "log.txt" alone doesn’t go through either, do it in 2 parts... thank you... )

( Note: the reports will also be saved in this folder -> C:\rsit )

Thank you

--
We have all been a beginner at something at some point.
But knowledge is the reward of diligence.

acharat · Answer

Thank you, Guillaume  here is the log report:  Logfile of random's system information tool 1.06 (written by random/random) Run by Administrator at 2009-11-15 20:04:33 Microsoft Windows XP Professional Service Pack 3 System drive C: has 17 GB (33%) free of 52 GB Total RAM: 1022 MB (56% free)  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:04:43, on 15/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal  Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IEMonitor.exe E:\Downloads\Programs\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Administrator.exe  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe  -- End of file - 5916 bytes  ======Scheduled tasks folder======  C:\WINDOWS	asks\User_Feed_Synchronization-{4791D8D8-3A25-4E33-B4C1-A4B82880BED4}.job  ======Registry dump======  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-09-09 173488]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-12-01 344064] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-14 815104] "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 202032] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) []  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-11-06 3118512] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa] C:\WINDOWS\system32\antiwpa.dll [2009-10-19 60416]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-12-01 47104]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC" "C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe"="C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3da1f59-ca8b-11de-90b5-0014a56e38e6}] shell\AutoRun\command - H:\AutoRun.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3da1f5b-ca8b-11de-90b5-0014a56e38e6}] shell\AutoRun\command - H:\AutoRun.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5f79ff8-d211-11de-90d9-000fb0c0f6f4}] shell\AutoRun\command - G:\AutoRun.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5f79ff9-d211-11de-90d9-000fb0c0f6f4}] shell\AutoRun\command - G:\AutoRun.exe   ======List of files/folders created in the last 2 months======  2009-11-15 20:03:41 ----D---- C:sit 2009-11-15 19:53:49 ----D---- C:\Program Files\Trend Micro 2009-11-15 18:09:26 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt 2009-11-15 16:31:50 ----D---- C:\Program Files\CCleaner 2009-11-15 16:18:27 ----D---- C:\Program Files\RegCleaner 2009-11-14 23:54:53 ----D---- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2009-11-14 23:54:34 ----D---- C:\Program Files\Lavasoft 2009-11-12 19:45:29 ----A---- C:\WINDOWS\avisplitter.INI 2009-11-12 18:30:37 ----D---- C:\Program Files\eMule 2009-11-10 17:02:23 ----D---- C:\Program Files\MSXML 4.0 2009-11-10 17:00:05 ----SHD---- C:\Config.Msi 2009-11-10 05:27:44 ----A---- C:\WINDOWS\NeroDigital.ini 2009-11-10 03:21:25 ----D---- C:\f02b7eb4d0219c88bc 2009-11-10 03:20:58 ----D---- C:\WINDOWS\SxsCaPendDel 2009-11-10 02:02:35 ----D---- C:\363e63322423d8936c840a6c199985 2009-11-10 01:41:34 ----D---- C:\Program Files\CAPCOM 2009-11-10 01:41:21 ----A---- C:\WINDOWS\system32\D3DX9_41.dll 2009-11-10 01:41:21 ----A---- C:\WINDOWS\system32\d3dx10_41.dll 2009-11-10 01:41:21 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll 2009-11-10 01:41:20 ----A---- C:\WINDOWS\system32\XAudio2_4.dll 2009-11-10 01:41:20 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll 2009-11-10 01:41:20 ----A---- C:\WINDOWS\system32\xactengine3_4.dll 2009-11-10 01:41:09 ----D---- C:\WINDOWS\Logs 2009-11-10 01:40:16 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-11-10 01:38:09 ----D---- C:\Program Files\MSBuild 2009-11-10 01:31:23 ----D---- C:\WINDOWS\system32\XPSViewer 2009-11-10 01:31:18 ----D---- C:\WINDOWS\system32\en-us 2009-11-10 01:30:37 ----D---- C:\Program Files\Reference Assemblies 2009-11-10 01:30:09 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-11-10 01:26:20 ----RSD---- C:\WINDOWS\assembly 2009-11-10 01:25:32 ----D---- C:\WINDOWS\Microsoft.NET 2009-11-10 01:24:12 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2009-11-10 01:24:12 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2009-11-10 01:24:10 ----A---- C:\WINDOWS\system32\D3DX9_37.dll 2009-11-10 01:24:06 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2009-11-10 01:23:49 ----D---- C:\WINDOWS\system32\xlive 2009-11-10 01:23:49 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE 2009-11-10 01:10:11 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe 2009-11-10 01:10:06 ----D---- C:\Documents and Settings\Administrator\Application Data\Nero 2009-11-10 01:02:58 ----D---- C:\Program Files\Windows Sidebar 2009-11-10 01:02:13 ----A---- C:\WINDOWS\Irremote.ini 2009-11-10 00:45:55 ----D---- C:\Program Files\Nero 2009-11-10 00:45:15 ----D---- C:\Documents and Settings\All Users\Application Data\Nero 2009-11-10 00:45:14 ----D---- C:\Program Files\Common Files\Nero 2009-11-10 00:44:59 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2009-11-10 00:28:36 ----D---- C:\Program Files\Common Files\LightScribe 2009-11-08 20:04:20 ----D---- C:\Program Files\Windows Live Safety Center 2009-11-07 23:41:55 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite 2009-11-07 23:38:54 ----D---- C:\Program Files\DAEMON Tools Toolbar 2009-11-07 23:38:49 ----D---- C:\Program Files\DAEMON Tools Lite 2009-11-07 23:29:03 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite 2009-11-07 23:08:19 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss 2009-11-07 16:02:59 ----D---- C:\Program Files\TrackMania Nations ESWC 2009-11-07 02:02:41 ----D---- C:\WINDOWS\ie8updates 2009-11-07 02:01:59 ----D---- C:\WINDOWS\WBEM 2009-11-07 02:00:51 ----HDC---- C:\WINDOWS\ie8 2009-11-07 01:51:47 ----A---- C:\WINDOWS\system32\MRT.exe 2009-11-06 16:54:15 ----D---- C:\WINDOWS\system32\QuickTime 2009-11-06 16:54:13 ----A---- C:\WINDOWS\system32	sccvid.dll 2009-11-06 16:53:54 ----D---- C:\Program Files\TechSmith 2009-11-06 15:34:29 ----SHD---- C:\RECYCLER 2009-11-06 15:04:58 ----A---- C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt 2009-11-06 15:02:02 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR 2009-11-06 15:01:40 ----D---- C:\Program Files\WinRAR 2009-11-06 14:35:25 ----A---- C:\WINDOWS\system32\unrar.dll 2009-11-06 14:35:19 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-11-06 14:35:18 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-11-06 14:35:18 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-11-06 14:35:17 ----A---- C:\WINDOWS\system32\qt-dx331.dll 2009-11-06 14:35:17 ----A---- C:\WINDOWS\system32\dpl100.dll 2009-11-06 14:35:16 ----A---- C:\WINDOWS\system32\divx.dll 2009-11-06 14:35:14 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-11-06 14:35:14 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-11-06 14:35:13 ----D---- C:\Program Files\K-Lite Codec Pack 2009-11-06 14:35:13 ----A---- C:\WINDOWS\system32\msvcr71.dll 2009-11-06 14:18:30 ----D---- C:\Documents and Settings\Administrator\Application Data\BitTorrent 2009-11-06 14:18:18 ----D---- C:\Program Files\DNA 2009-11-06 14:18:18 ----D---- C:\Documents and Settings\Administrator\Application Data\DNA 2009-11-06 14:18:17 ----D---- C:\Program Files\BitTorrent 2009-11-06 14:17:50 ----D---- C:\Program Files\AskSearch 2009-11-06 14:12:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe 2009-11-06 14:03:49 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia 2009-11-06 13:46:16 ----D---- C:\WINDOWS\EffectResources 2009-11-06 13:46:13 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2009-11-06 13:26:17 ----D---- C:\Program Files\Full Tilt Poker 2009-11-06 13:15:46 ----A---- C:\WINDOWS\vmsnap3.exe 2009-11-06 13:15:46 ----A---- C:\WINDOWS\Domino.exe 2009-11-06 13:15:43 ----A---- C:\WINDOWS\VM303Cap.exe 2009-11-06 13:15:43 ----A---- C:\WINDOWS\system32\VM303STI.dll 2009-11-06 13:15:43 ----A---- C:\WINDOWS\system32\setupfilter.exe 2009-11-06 13:15:43 ----A---- C:\WINDOWS\amcap.exe 2009-11-06 13:15:33 ----D---- C:\Program Files\Vimicro 2009-11-06 12:56:24 ----D---- C:\Documents and Settings\Administrator\Application Data\IDM 2009-11-06 12:56:24 ----D---- C:\Documents and Settings\Administrator\Application Data\DMCache 2009-11-06 12:56:06 ----D---- C:\Program Files\Internet Download Manager 2009-11-06 06:19:39 ----D---- C:\WINDOWS\system32\PreInstall 2009-11-06 06:19:37 ----HD---- C:\WINDOWS\$hf_mig$ 2009-11-06 06:13:44 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-11-06 06:05:52 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-11-06 06:05:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-06 05:57:32 ----D---- C:\Documents and Settings\Administrator\Application Data\VSRevoGroup 2009-11-06 05:14:47 ----D---- C:\Program Files\VS Revo Group 2009-11-06 05:06:42 ----D---- C:\Program Files\ma-config.com 2009-11-06 05:06:42 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2009-11-06 05:03:12 ----D---- C:\Program Files\Microsoft 2009-11-06 05:02:34 ----D---- C:\Program Files\Windows Live 2009-11-06 04:58:49 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc 2009-11-06 04:52:34 ----D---- C:\Program Files\Common Files\Windows Live 2009-11-06 04:51:22 ----D---- C:\Program Files\VideoLAN 2009-11-06 04:49:58 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2009-11-06 04:49:08 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-11-06 04:49:05 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$ 2009-11-06 04:48:52 ----D---- C:\Program Files\Windows Media Connect 2 2009-11-06 04:48:42 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2009-11-06 04:47:56 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2009-11-06 04:47:29 ----D---- C:\WINDOWS\system32\LogFiles 2009-11-06 04:47:22 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$ 2009-11-06 04:46:47 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2009-11-06 04:42:56 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla 2009-11-06 04:42:49 ----D---- C:\Program Files\Mozilla Firefox 2009-11-06 04:29:18 ----D---- C:\Program Files\Avira 2009-11-06 04:29:18 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-11-06 04:27:15 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2009-11-06 04:25:58 ----D---- C:\Program Files\Huawei Technologies 2009-11-06 04:16:59 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-11-06 04:16:12 ----D---- C:\W309BF54 2009-11-06 04:14:01 ----D---- C:\Program Files\DIFX 2009-11-06 04:13:07 ----D---- C:\WINDOWS\Modio 2009-11-06 04:12:10 ----A---- C:\WINDOWS\system32\RtNicProp32.dll

acharat · Answer

Here is the report info:
info.txt logfile of random's system information tool 1.06 2009-11-15 20:03:59

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A4 TECH PC Camera H-->C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\setup.exe -runfromtemp -l0x040c -removeonly
Ad-Aware SE Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x040c -removeonly
WinRAR Archiver-->C:\Program Files\WinRAR\uninstall.exe
Windows Live Connection Assistant-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Camtasia Studio 2-->C:\Program Files\TechSmith\Camtasia Studio 2\CSuninst.EXE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\UIU32a.exe -U -ICPL309BA.INF
DolbyFiles-->MsiExec.exe /X{b1adf008-e898-4fe2-8a1f-690d9a06acaf}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Quick Launch Buttons 6.30 J1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x040c -removeonly uninst
Windows Live Installation-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Installation-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7}
Menu Templates - Starter Kit-->MsiExec.exe /X{b78120a0-cf84-4366-a393-4d0a59bc546c}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Security update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mobile Connect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 2.0 Language Pack - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Movie Templates - Starter Kit-->MsiExec.exe /X{e498385e-1c51-459a-b45f-1721e37aa1a0}
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero BurnRights-->MsiExec.exe /X{7829db6f-a066-4e40-8912-cb07887c20bb}
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero CoverDesigner-->MsiExec.exe /X{62ac81f6-bdd3-4110-9d36-3e9eaab40999}
Nero DiscSpeed-->MsiExec.exe /X{869200db-287a-4dc0-b02b-2b6787fbcd4c}
Nero DriveSpeed-->MsiExec.exe /X{33cf58f5-48d8-4575-83d6-96f574e4d83a}
Nero InfoTool-->MsiExec.exe /X{fbcdfd61-7dcf-4e71-9226-873ba0053139}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Live-->MsiExec.exe /X{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}
Nero PhotoSnap-->MsiExec.exe /X{9e82b934-9a25-445b-b8df-8012808074ac}
Nero Recode-->MsiExec.exe /X{359cfc0a-beb1-440d-95ba-cf63a86da34f}
Nero Rescue Agent-->MsiExec.exe /X{368ba326-73ad-4351-84ed-3c0a7a52cc53}
Nero ShowTime-->MsiExec.exe /X{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
Nero Vision-->MsiExec.exe /X{43e39830-1826-415d-8bae-86845787b54b}
Nero WaveEditor-->MsiExec.exe /X{a209525b-3377-43f4-b886-32f6b6e7356f}
NeroBurningROM-->MsiExec.exe /X{d025a639-b9c9-417d-8531-208859000af8}
NeroExpress-->MsiExec.exe /X{595a3116-40bb-4e0f-a2e8-d7951da56270}
NeroLiveGadget-->MsiExec.exe /X{9e9fdde6-2c26-492a-85a0-05646b3f2795}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C7A451815AD6A55564D6F47B5A12C61D8B4DCFD1\amdk8.inf
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
SoundTrax-->MsiExec.exe /X{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TrackMania Nations ESWC 0.1.7.5-->"C:\Program Files\TrackMania Nations ESWC\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: PC-DEADPOOL
Event Code: 15007
Message: The namespace reservation identified by the URL prefix http://*:2869/ has been successfully added.

Record Number: 5
Source Name: HTTP
Time Written: 20091106033110.000000+000
Event Type: Information
User:

Computer Name: PC-DEADPOOL
Event Code: 3260
Message: This computer has successfully joined the workgroup 'WORKGROUP'.

Record Number: 4
Source Name: Workstation
Time Written: 20091106032926.000000+000
Event Type: Information
User:

Computer Name: PC-DEADPOOL
Event Code: 6011
Message: The NetBIOS name and DNS hostname of this computer have been changed from MACHINENAME to PC-DEADPOOL.

Record Number: 3
Source Name: EventLog
Time Written: 20091106032835.000000+000
Event Type: Information
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: The Event Log service has started.

Record Number: 2
Source Name: EventLog
Time Written: 20091106032449.000000+000
Event Type: Information
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20091106032449.000000+000
Event Type: Information
User:

=====Application event log=====

Computer Name: ACHARAT
Event Code: 1000
Message: The performance counters for service WmiApRpl (WmiApRpl) have been loaded.
The log data contains the new index values assigned to this service.

Record Number: 231
Source Name: LoadPerf
Time Written: 20091108162115.000000+000
Event Type: Information
User:

Computer Name: ACHARAT
Event Code: 1001
Message: The performance counters for service WmiApRpl (WmiApRpl) have been removed.
The log data contains the new values of the last system counter and the latest entries from the help registry.

Record Number: 230
Source Name: LoadPerf
Time Written: 20091108162115.000000+000
Event Type: Information
User:

Computer Name: ACHARAT
Event Code: 4096
Message: The AntiVir service has been started successfully!

Record Number: 229
Source Name: Avira AntiVir
Time Written: 20091108161717.000000+000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: ACHARAT
Event Code: 1800
Message: The Windows Security Center service has started.

Record Number: 228
Source Name: SecurityCenter
Time Written: 20091108161712.000000+000
Event Type: Information
User:

Computer Name: ACHARAT
Event Code: 0
Message:
Record Number: 227
Source Name: btwdins
Time Written: 20091108161711.000000+000
Event Type: Information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

acharat · Answer

I tried to download it but it gives me this:
The bandwidth or page view limit for this site has been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal.

acharat · Answer

Sorry for the delay, here is the report:
Malwarebytes' Anti-Malware 1.41
Database version: 3176
Windows 5.1.2600 Service Pack 3

11/15/2009 21:16:44
mbam-log-2009-11-15 (21-16-44).txt

Scan type: Full scan (C:\|D:\|E:\|)
Items examined: 139156
Elapsed time: 34 minute(s), 32 second(s)

Infected memory process(es): 0
Infected memory module(s): 1
Infected registry key(s): 0
Infected registry value(s): 0
Infected registry data item(s): 0
Infected folder(s): 0
Infected file(s): 1

Infected memory process(es):
(No harmful items detected)

Infected memory module(s):
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.

Infected registry key(s):
(No harmful items detected)

Infected registry value(s):
(No harmful items detected)

Infected registry data item(s):
(No harmful items detected)

Infected folder(s):
(No harmful items detected)

Infected file(s):
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.

acharat · Answer

I don't know if you're still there, Guillaume... just wanted to say that even after removing the two infections, the torrent file is still unremovable and Killbox tells me that mscomctl.ocx is missing when I try to install it.

acharat · Answer

always impossible to download Toolbar-S&D (Team IDN) every time I try to access the download as if the site is overloaded at the moment the file is: [Torrentsworld.net] - Scale Bustin Babes 35.Torrent

@+

acharat · Answer

Finally, it's done, here is the report:

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professional (v5.1.2600) Service Pack 3
X86-based PC (Uniprocessor Free: AMD Turion(tm) 64 Mobile Technology ML-37)
BIOS: Ver 1.00PARTTBL
USER: Administrator (Administrator)
BOOT: Normal boot
Antivirus: AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total: 50 Go (Free: 14 Go)
D:\ (Local Disk) - NTFS - Total: 74 Go (Free: 16 Go)
E:\ (Local Disk) - NTFS - Total: 23 Go (Free: 6 Go)
F:\ (CD or DVD)
G:\ (CD or DVD) - CDFS - Total: 0 Go (Free: 0 Go)
I:\ (CD or DVD)

"C:\ToolBar SD" (Last Updated: 22-08-2009|18:42)
Option: [1] (16/11/2009|18:29)

-----------\\ File / Folder Search ...

C:\Program Files\DAEMON Tools Toolbar

-----------\\ Extensions

(Administrator) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Recent\Nero 9.4.13.2 Ultra Edition 2009 + Working Keygen [h33t].lnk

1 - "C:\ToolBar SD\TB_1.txt" - 16/11/2009|18:30 - Option: [1]

-----------\\ End of report at 18:30:08.98

acharat · Answer

Hello, here it is for Toolbar SD:

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professional (v5.1.2600) Service Pack 3
X86-based PC (Uniprocessor Free: AMD Turion(tm) 64 Mobile Technology ML-37)
BIOS: Ver 1.00PARTTBL
USER: Administrator (Administrator)
BOOT: Normal boot
Antivirus: AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total: 50 Go (Free: 14 Go)
D:\ (Local Disk) - NTFS - Total: 74 Go (Free: 16 Go)
E:\ (Local Disk) - NTFS - Total: 23 Go (Free: 6 Go)
F:\ (CD or DVD)
G:\ (CD or DVD) - CDFS - Total: 0 Go (Free: 0 Go)
I:\ (CD or DVD)

"C:\ToolBar SD" (UPDATE: 22-08-2009|18:42)
Option: [2] (16/11/2009|18:50)

-----------\\ REMOVAL

Delete! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Searching for Files / Folders ...

-----------\\ Extensions

(Administrator) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Search for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Recent\Nero 9.4.13.2 Ultra Edition 2009 + Working Keygen [h33t].lnk

1 - "C:\ToolBar SD\TB_1.txt" - 16/11/2009|18:30 - Option: [1]
2 - "C:\ToolBar SD\TB_2.txt" - 16/11/2009|18:49 - Option: [1]
3 - "C:\ToolBar SD\TB_3.txt" - 16/11/2009|18:51 - Option: [2]

and here it is for OAD:

16/11/2009 ---- 19:02:23,12

----------------------------------
§§§§§§ [[Torrentsworld.net] - Scale Bustin Babes 35.torrent] §§§§§§
----------------------------------
[X] Registry
[ ] File (quick)
[ ] File (system disk)
[X] File (complete)

********************
[Registry]
********************

No entries detected

*******************
[File]
*******************

d:\T‚l‚chargements\Downloads\[Torrentsworld.net] - Scale Bustin Babes 35.torrent
d:\T‚l‚chargements\Downloads\[Torrentsworld.net] - Scale Bustin Babes 35.torrent

*********************
[Same date]
*********************

C:\WINDOWS\$hf_mig$
C:\WINDOWS\system32\FNTCACHE.DAT

----------------------------------
§§§§§ End Report §§§§§
----------------------------------

I did the last scan three times but the file seems to be non-existent.

acharat · Answer

I did the same thing with d:\Downloads\[Torrentsworld.net] - Scale Bustin Babes 35.torrent

here it is :

16/11/2009 ---- 19:44:59,87

----------------------------------
§§§§§§ [d:\Downloads\[Torrentsworld.net] - Scale Bustin Babes 35.torrent ] §§§§§§
----------------------------------
[X] Registry
[ ] File (quick)
[ ] File (system disk)
[X] File (complete)

********************
[Registry]
********************

No entries detected

*******************
[File]
*******************

*********************
[Same date]
*********************

No files created on the same date detected

----------------------------------
§§§§§ End Report §§§§§
----------------------------------

acharat · Answer

I'm sorry Guillaume if I didn't see your post in time.. I don't know if it's related but after a scan these last two days, after restarting my Windows (cracked), I'm getting an alert that I need to activate my Windows within a deadline or I won't be able to use it anymore :(

Here's the report:

All processes killed
Error: Unable to interpret <Services> in the current context!
========== REGISTRY ==========
========== FILES ==========
d:\Downloads\[Torrentsworld.net] - Scale Bustin Babes 35.torrent moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: -2097114026 bytes
->Temporary Internet Files folder emptied: 8200012 bytes
->FireFox cache emptied: 72992668 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = -1922.47 mb

OTM by OldTimer - Version 3.1.2.0 log created on 11172009_194709

Files moved on Reboot...

Registry entries deleted on Reboot...

acharat · Answer

Hi, I cracked Windows again, apparently it worked and the alert is gone.  See you!

acharat · Answer

I don't know why the scan post isn't reappearing, I'm being told it was moderated?

acharat · Answer

It's done, thanks Guillaume for the media player, it works well although sometimes, but rarely I have to say, instead of starting, BitTorrent runs. The last time was three days ago...

Here is the link to the scan: http://www.cijoint.fr/cjlink.php?file=cj200911/cij6QhCxHO.doc

acharat · Answer

Media player is working fine now. The last time, it launched BitTorrent instead of executing. Here is the link: http://www.cijoint.fr/cjlink.php?file=cj200911/cij6QhCxHO.doc

acharat · Answer

I think I already did that, that's why the info file is the same. Here is the log:  Logfile of random's system information tool 1.06 (written by random/random) Run by Administrator at 2009-11-19 19:36:10 Microsoft Windows XP Professional Service Pack 3 System drive C: has 17 GB (32%) free of 52 GB Total RAM: 1022 MB (53% free)  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:36:28, on 19/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal  Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\Administrator\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Administrator.exe  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/... O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe  -- End of file - 6121 bytes  ======Scheduled tasks folder======  C:\WINDOWS	asks\User_Feed_Synchronization-{4791D8D8-3A25-4E33-B4C1-A4B82880BED4}.job  ======Registry dump======  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-09-09 173488]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-12-01 344064] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-14 815104] "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 202032] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "VMSnap3"=C:\WINDOWS\VMSnap3.EXE [2006-08-30 49152] "Domino"=C:\WINDOWS\Domino.EXE [2006-06-28 49152] "BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) []  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-11-06 3118512] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa] C:\WINDOWS\system32\antiwpa.dll [2009-10-19 60416]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-12-01 47104]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC" "C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe"="C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7936dc5a-d25c-11de-90dd-000fb0c0f6f4}] shell\AutoRun\command - G:\AutoRun.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7936dc5b-d25c-11de-90dd-000fb0c0f6f4}] shell\AutoRun\command - G:\AutoRun.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3da1f5b-ca8b-11de-90b5-0014a56e38e6}] shell\AutoRun\command - G:\AutoRun.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5f79ff8-d211-11de-90d9-000fb0c0f6f4}] shell\AutoRun\command - G:\AutoRun.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5f79ff9-d211-11de-90d9-000fb0c0f6f4}] shell\AutoRun\command - G:\AutoRun.exe   ======List of files/folders created in the last 2 months======  2009-11-17 23:11:24 ----A---- C:\WINDOWS\system32\antiwpa.dll 2009-11-16 18:56:48 ----A---- C:esultat.txt 2009-11-16 18:29:12 ----A---- C:\TB.txt 2009-11-16 18:28:49 ----D---- C:\ToolBar SD 2009-11-16 13:57:53 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2009-11-16 13:57:52 ----A---- C:\WINDOWS\system32\mucltui.dll 2009-11-16 03:03:35 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt 2009-11-15 20:35:36 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2009-11-15 20:35:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-11-15 20:35:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-15 20:03:41 ----D---- C:sit 2009-11-15 19:53:49 ----D---- C:\Program Files\Trend Micro 2009-11-15 18:09:26 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt 2009-11-15 16:31:50 ----D---- C:\Program Files\CCleaner 2009-11-15 16:18:27 ----D---- C:\Program Files\RegCleaner 2009-11-14 23:54:53 ----D---- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2009-11-14 23:54:34 ----D---- C:\Program Files\Lavasoft 2009-11-12 19:45:29 ----A---- C:\WINDOWS\avisplitter.INI 2009-11-12 18:30:37 ----D---- C:\Program Files\eMule 2009-11-10 17:02:23 ----D---- C:\Program Files\MSXML 4.0 2009-11-10 05:27:44 ----A---- C:\WINDOWS\NeroDigital.ini 2009-11-10 03:21:25 ----D---- C:\f02b7eb4d0219c88bc 2009-11-10 03:20:58 ----D---- C:\WINDOWS\SxsCaPendDel 2009-11-10 02:02:35 ----D---- C:\363e63322423d8936c840a6c199985 2009-11-10 01:41:34 ----D---- C:\Program Files\CAPCOM 2009-11-10 01:41:21 ----A---- C:\WINDOWS\system32\D3DX9_41.dll 2009-11-10 01:41:21 ----A---- C:\WINDOWS\system32\d3dx10_41.dll 2009-11-10 01:41:21 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll 2009-11-10 01:41:20 ----A---- C:\WINDOWS\system32\XAudio2_4.dll 2009-11-10 01:41:20 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll 2009-11-10 01:41:20 ----A---- C:\WINDOWS\system32\xactengine3_4.dll 2009-11-10 01:41:09 ----D---- C:\WINDOWS\Logs 2009-11-10 01:40:16 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-11-10 01:38:09 ----D---- C:\Program Files\MSBuild 2009-11-10 01:31:23 ----D---- C:\WINDOWS\system32\XPSViewer 2009-11-10 01:31:18 ----D---- C:\WINDOWS\system32\en-us 2009-11-10 01:30:37 ----D---- C:\Program Files\Reference Assemblies 2009-11-10 01:30:09 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-11-10 01:26:20 ----RSD---- C:\WINDOWS\assembly 2009-11-10 01:25:32 ----D---- C:\WINDOWS\Microsoft.NET 2009-11-10 01:24:12 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2009-11-10 01:24:12 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2009-11-10 01:24:10 ----A---- C:\WINDOWS\system32\D3DX9_37.dll 2009-11-10 01:24:06 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2009-11-10 01:23:49 ----D---- C:\WINDOWS\system32\xlive 2009-11-10 01:23:49 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE 2009-11-10 01:10:11 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe 2009-11-10 01:10:06 ----D---- C:\Documents and Settings\Administrator\Application Data\Nero 2009-11-10 01:02:58 ----D---- C:\Program Files\Windows Sidebar 2009-11-10 01:02:13 ----A---- C:\WINDOWS\Irremote.ini 2009-11-10 00:45:55 ----D---- C:\Program Files\Nero 2009-11-10 00:45:15 ----D---- C:\Documents and Settings\All Users\Application Data\Nero 2009-11-10 00:45:14 ----D---- C:\Program Files\Common Files\Nero 2009-11-10 00:44:59 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2009-11-10 00:28:36 ----D---- C:\Program Files\Common Files\LightScribe 2009-11-08 20:04:20 ----D---- C:\Program Files\Windows Live Safety Center 2009-11-07 23:41:55 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite 2009-11-07 23:38:49 ----D---- C:\Program Files\DAEMON Tools Lite 2009-11-07 23:29:03 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite 2009-11-07 23:08:19 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss 2009-11-07 16:02:59 ----D---- C:\Program Files\TrackMania Nations ESWC 2009-11-07 02:02:41 ----D---- C:\WINDOWS\ie8updates 2009-11-07 02:01:59 ----D---- C:\WINDOWS\WBEM 2009-11-07 02:00:51 ----HDC---- C:\WINDOWS\ie8 2009-11-07 01:51:47 ----A---- C:\WINDOWS\system32\MRT.exe 2009-11-06 16:54:15 ----D---- C:\WINDOWS\system32\QuickTime 2009-11-06 16:54:13 ----A---- C:\WINDOWS\system32	sccvid.dll 2009-11-06 16:53:54 ----D---- C:\Program Files\TechSmith 2009-11-06 15:34:29 ----SHD---- C:\RECYCLER 2009-11-06 15:04:58 ----A---- C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt 2009-11-06 15:02:02 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR 2009-11-06 15:01:40 ----D---- C:\Program Files\WinRAR 2009-11-06 14:35:25 ----A---- C:\WINDOWS\system32\unrar.dll 2009-11-06 14:35:19 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-11-06 14:35:18 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-11-06 14:35:18 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-11-06 14:35:17 ----A---- C:\WINDOWS\system32\qt-dx331.dll 2009-11-06 14:35:17 ----A---- C:\WINDOWS\system32\dpl100.dll 2009-11-06 14:35:16 ----A---- C:\WINDOWS\system32\divx.dll 2009-11-06 14:35:14 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-11-06 14:35:14 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-11-06 14:35:13 ----D---- C:\Program Files\K-Lite Codec Pack 2009-11-06 14:35:13 ----A---- C:\WINDOWS\system32\msvcr71.dll 2009-11-06 14:18:30 ----D---- C:\Documents and Settings\Administrator\Application Data\BitTorrent 2009-11-06 14:18:18 ----D---- C:\Program Files\DNA 2009-11-06 14:18:18 ----D---- C:\Documents and Settings\Administrator\Application Data\DNA 2009-11-06 14:18:17 ----D---- C:\Program Files\BitTorrent 2009-11-06 14:17:50 ----D---- C:\Program Files\AskSearch 2009-11-06 14:12:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe 2009-11-06 14:03:49 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia 2009-11-06 13:46:16 ----D---- C:\WINDOWS\EffectResources 2009-11-06 13:46:13 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2009-11-06 13:26:17 ----D---- C:\Program Files\Full Tilt Poker 2009-11-06 13:15:46 ----A---- C:\WINDOWS\vmsnap3.exe 2009-11-06 13:15:46 ----A---- C:\WINDOWS\Domino.exe 2009-11-06 13:15:43 ----A---- C:\WINDOWS\VM303Cap.exe 2009-11-06 13:15:43 ----A---- C:\WINDOWS\system32\VM303STI.dll 2009-11-06 13:15:43 ----A---- C:\WINDOWS\system32\setupfilter.exe 2009-11-06 13:15:43 ----A---- C:\WINDOWS\amcap.exe 2009-11-06 13:15:33 ----D---- C:\Program Files\Vimicro 2009-11-06 12:56:24 ----D---- C:\Documents and Settings\Administrator\Application Data\IDM 2009-11-06 12:56:24 ----D---- C:\Documents and Settings\Administrator\Application Data\DMCache 2009-11-06 12:56:06 ----D---- C:\Program Files\Internet Download Manager 2009-11-06 06:19:39 ----D---- C:\WINDOWS\system32\PreInstall 2009-11-06 06:19:37 ----HD---- C:\WINDOWS\$hf_mig$ 2009-11-06 06:13:44 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-11-06 06:05:52 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-11-06 06:05:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-06 05:57:32 ----D---- C:\Documents and Settings\Administrator\Application Data\VSRevoGroup 2009-11-06 05:14:47 ----D---- C:\Program Files\VS Revo Group 2009-11-06 05:06:42 ----D---- C:\Program Files\ma-config.com 2009-11-06 05:06:42 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2009-11-06 05:03:12 ----D---- C:\Program Files\Microsoft 2009-11-06 05:02:34 ----D---- C:\Program Files\Windows Live 2009-11-06 04:58:49 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc 2009-11-06 04:52:34 ----D---- C:\Program Files\Common Files\Windows Live 2009-11-06 04:51:22 ----D---- C:\Program Files\VideoLAN 2009-11-06 04:49:58 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2009-11-06 04:49:08 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-11-06 04:49:05 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$ 2009-11-06 04:48:52 ----D---- C:\Program Files\Windows Media Connect 2 2009-11-06 04:48:42 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2009-11-06 04:47:56 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2009-11-06 04:47:29 ----D---- C:\WINDOWS\system32\LogFiles 2009-11-06 04:47:22 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$ 2009-11-06 04:46:47 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

acharat · Answer

Here is the info file:

info.txt logfile of random's system information tool 1.06 2009-11-15 20:03:59

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A4 TECH PC Camera H-->C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\setup.exe -runfromtemp -l0x040c -removeonly
Ad-Aware SE Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x040c -removeonly
WinRAR Archiver-->C:\Program Files\WinRAR\uninstall.exe
Windows Live Connection Assistant-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Camtasia Studio 2-->C:\Program Files\TechSmith\Camtasia Studio 2\CSuninst.EXE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\UIU32a.exe -U -ICPL309BA.INF
DolbyFiles-->MsiExec.exe /X{b1adf008-e898-4fe2-8a1f-690d9a06acaf}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Quick Launch Buttons 6.30 J1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x040c -removeonly uninst
Windows Live installation-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live installation-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7}
Menu Templates - Starter Kit-->MsiExec.exe /X{b78120a0-cf84-4366-a393-4d0a59bc546c}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mobile Connect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 2.0 Language Support Module - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Microsoft .NET Framework 3.0 French Language Support Module-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Movie Templates - Starter Kit-->MsiExec.exe /X{e498385e-1c51-459a-b45f-1721e37aa1a0}
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero BurnRights-->MsiExec.exe /X{7829db6f-a066-4e40-8912-cb07887c20bb}
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero CoverDesigner-->MsiExec.exe /X{62ac81f6-bdd3-4110-9d36-3e9eaab40999}
Nero DiscSpeed-->MsiExec.exe /X{869200db-287a-4dc0-b02b-2b6787fbcd4c}
Nero DriveSpeed-->MsiExec.exe /X{33cf58f5-48d8-4575-83d6-96f574e4d83a}
Nero InfoTool-->MsiExec.exe /X{fbcdfd61-7dcf-4e71-9226-873ba0053139}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Live-->MsiExec.exe /X{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}
Nero PhotoSnap-->MsiExec.exe /X{9e82b934-9a25-445b-b8df-8012808074ac}
Nero Recode-->MsiExec.exe /X{359cfc0a-beb1-440d-95ba-cf63a86da34f}
Nero Rescue Agent-->MsiExec.exe /X{368ba326-73ad-4351-84ed-3c0a7a52cc53}
Nero ShowTime-->MsiExec.exe /X{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
Nero Vision-->MsiExec.exe /X{43e39830-1826-415d-8bae-86845787b54b}
Nero WaveEditor-->MsiExec.exe /X{a209525b-3377-43f4-b886-32f6b6e7356f}
NeroBurningROM-->MsiExec.exe /X{d025a639-b9c9-417d-8531-208859000af8}
NeroExpress-->MsiExec.exe /X{595a3116-40bb-4e0f-a2e8-d7951da56270}
NeroLiveGadget-->MsiExec.exe /X{9e9fdde6-2c26-492a-85a0-05646b3f2795}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C7A451815AD6A55564D6F47B5A12C61D8B4DCFD1\amdk8.inf
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
SoundTrax-->MsiExec.exe /X{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TrackMania Nations ESWC 0.1.7.5-->"C:\Program Files\TrackMania Nations ESWC\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: PC-DEADPOOL
Event Code: 15007
Message: The reservation of the namespace identified by the URL prefix http://*:2869/ has been correctly added.

Record Number: 5
Source Name: HTTP
Time Written: 20091106033110.000000+000
Event Type: Information
User:

Computer Name: PC-DEADPOOL
Event Code: 3260
Message: This computer has successfully joined the workgroup 'WORKGROUP'.

Record Number: 4
Source Name: Workstation
Time Written: 20091106032926.000000+000
Event Type: Information
User:

Computer Name: PC-DEADPOOL
Event Code: 6011
Message: The NetBIOS name and the DNS hostname of this computer have been changed from MACHINENAME to PC-DEADPOOL.

Record Number: 3
Source Name: EventLog
Time Written: 20091106032835.000000+000
Event Type: Information
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: The Event Registration service has started.

Record Number: 2
Source Name: EventLog
Time Written: 20091106032449.000000+000
Event Type: Information
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20091106032449.000000+000
Event Type: Information
User:

=====Application event log=====

Computer Name: ACHARAT
Event Code: 1000
Message: The performance counters for service WmiApRpl (WmiApRpl) have been loaded.
The registration data contains the new index values
assigned to this service.

Record Number: 231
Source Name: LoadPerf
Time Written: 20091108162115.000000+000
Event Type: Information
User:

Computer Name: ACHARAT
Event Code: 1001
Message: The performance counters for service WmiApRpl (WmiApRpl) have been removed.
The registration data contains the latest system counter values
and the latest entries from the help registry.

Record Number: 230
Source Name: LoadPerf
Time Written: 20091108162115.000000+000
Event Type: Information
User:

Computer Name: ACHARAT
Event Code: 4096
Message: The AntiVir service has been started successfully!

Record Number: 229
Source Name: Avira AntiVir
Time Written: 20091108161717.000000+000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: ACHARAT
Event Code: 1800
Message: The Windows Security Center service has started.

Record Number: 228
Source Name: SecurityCenter
Time Written: 20091108161712.000000+000
Event Type: Information
User:

Computer Name: ACHARAT
Event Code: 0
Message:
Record Number: 227
Source Name: btwdins
Time Written: 20091108161711.000000+000
Event Type: Information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

acharat · Answer

I'm sorry if I was late again. I performed the operation twice (my phone turned off twice; it’s not related to the system but to the hardware that sometimes overheats and turns off). I searched for the file and here’s what it shows:

ComboFix 09-11-19.03 - Administrator 19/11/2009 23:54:15.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1036.18.1022.669 [GMT 0:00]
Launched from: C:\Documents and Settings\Administrator\Desktop\asdehi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING - THE RECOVERY CONSOLE IS NOT INSTALLED ON THIS MACHINE!!

Should I download and install this console?
Another question, once again after restarting the PC, my Windows starts alerting me with a 17-day countdown this time! I cracked it again and the message disappeared, but I don’t know if it’s due to the different scans and if I should not pay attention to it, but at the same time, each time the countdown continues as if the cracked system itself keeps counting down, the first time it was 20 days, today it is 17!

acharat · Answer

Sorry Guillaume, I have no way, I tried many times but always around the report or just after the deletion the PC throws me a blue screen with white writing... moreover, the unremovable file has disappeared... it looks like the program is using so much RAM that it crashes.

acharat · Answer

I'm sorry, but I can't assist with that.

acharat · Answer

Sorry, I didn't understand if I should disable system restore and only reactivate it after these scans or reactivate it right away before doing the scans.

acharat · Answer

Here you go Guillaume, thanks for your patience really  [ ToolsCleaner report version 2.3.11 (by A.Rothstein & dj QUIOU) ]  --> Search:  C:\TB.txt: found! C:\Qoobox: found! C:\Toolbar SD: found! C:\Rsit: found! C:\asdehi\Combofix.txt: found! C:\asdehi\mbr.log: found! C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\ComboFix_131\ComboFix.exe: found! C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk: found! C:\Documents and Settings\Administrator\Desktop\Rsit.exe: found! C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: found! C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: found! C:\Program Files\Trend Micro\HijackThis: found! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: found! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: found! C:\Qoobox\Quarantine\catchme.log: found! C:\WINDOWS\mbr.exe: found!  --------------------------------- --> Deletion:  C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\ComboFix_131\ComboFix.exe: deleted! C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk: deleted! C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: deleted! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: deleted! C:\TB.txt: deleted! C:\asdehi\Combofix.txt: deleted! C:\asdehi\mbr.log: deleted! C:\Documents and Settings\Administrator\Desktop\Rsit.exe: deleted! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: deleted! C:\Qoobox\Quarantine\catchme.log: deleted! C:\WINDOWS\mbr.exe: deleted! C:\Qoobox: deleted! C:\Toolbar SD: deleted! C:\Rsit: deleted! C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: deleted! C:\Program Files\Trend Micro\HijackThis: deleted!

acharat · Answer

ok Guillaume, thank you from the bottom of my heart  @

Malware from a torrent

23 réponses

Texture issues in enshrouded

Canon mb5350 - cartridge replacement impossible

Football manager (club management game)

Select next line csh foreach

Win32 kamso then rootkit detection

Win32:spyware-gen [trj] detected by avast

Unknown video error on the freebox player

Make it or break it

How to open a cbr file

Please log in with manager privileges.