Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with zlob


  • This topic is locked This topic is locked
2 replies to this topic

#1 ppark

ppark

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 06 December 2008 - 07:43 AM

I was playing World of Warcraft at around midnight when my machine started locking up, about a 2 minutes later, windows restarted itself. A popup appeared when it got back up, I found a picture of it while I was looking for ways to get rid of itPosted Image. I've tried scanning with Malwarebyte's Anti-Malware but it didn't find anything. HouseCall TrendMicro, Search & Destroy, and SUPERAntiSpyware did but it would just come back after a restart. Same deal with SmitFraudFix and SDfix. Been up all night trying to clean it out.

Also, about a month ago, I got infected with a vundo trojan that would come back on startup. Buckeye_Sam helped me remove it, but I've had it come back every now and then. Doesn't stay too long tho, goes away after a MBAM scan unlike the first time. Just mentioning it incase they could be related. I really hope someone can help me fix this soon. :thumbsup:

Here are the RSIT logs with a Kaspersky log at the very end

Logfile of random's system information tool 1.04 (written by random/random)
Run by ppark at 2008-12-06 07:11:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (11%) free of 77 GB
Total RAM: 2046 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:11:50, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ppark\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\ppark.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\ppark\Application Data\Google\kjzna1562565.exe"
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194401126545
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228314632078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: taxiha.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5131 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-06 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"JMB36X Configure"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-10-30 1953792]
"AsusStartupHelp"=C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe [2006-11-14 363008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.09\RivaTuner.exe [2008-04-28 2707456]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-06 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Smax4"=C:\Documents and Settings\ppark\Application Data\Google\kjzna1562565.exe [2008-12-06 124416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="taxiha.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\garrysmod\hl2.exe"="C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\robo_sk8ter@hotmail.com\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\robo_sk8ter@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Octoshape Streaming Services\ppark\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\ppark\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\source 2007 dedicated server\srcds.exe"="C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\source 2007 dedicated server\srcds.exe:*:Enabled:srcds"
"C:\Program Files\Steam\steamapps\robo_sk8ter@hotmail.com\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\robo_sk8ter@hotmail.com\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Warcraft III\war3.exe"="C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\half-life\hl.exe"="C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\ppark\Desktop\listchecker\pickup.listchecker.exe"="C:\Documents and Settings\ppark\Desktop\listchecker\pickup.listchecker.exe:*:Enabled:pickup.listchecker"
"C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\diprip warm up\hl2.exe"="C:\Program Files\Steam\steamapps\ato_666@yahoo.ca\diprip warm up\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\ppark\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\ppark\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Outspark\Project Powder\Run.exe"="C:\Program Files\Outspark\Project Powder\Run.exe:*:Enabled:ProjectPowder"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-06 05:55:48 ----D---- C:\WINDOWS\ERUNT
2008-12-06 05:52:20 ----D---- C:\SDFix
2008-12-06 03:35:21 ----SHD---- C:\RECYCLER
2008-12-06 03:31:39 ----A---- C:\ComboFix.txt
2008-12-06 01:50:36 ----D---- C:\WINDOWS\temp
2008-12-06 00:50:07 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-06 00:50:02 ----A---- C:\rapport.txt
2008-12-06 00:49:00 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-06 00:16:08 ----D---- C:\Documents and Settings\ppark\Application Data\Google
2008-12-03 09:58:52 ----SHD---- C:\Config.Msi
2008-12-03 09:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-03 09:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-03 09:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-03 09:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-03 09:42:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-03 09:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-03 09:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-03 09:42:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-03 09:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-03 09:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-03 09:41:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-03 09:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-03 09:41:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-03 09:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-03 09:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-03 09:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-03 09:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-03 09:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-03 09:41:14 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-03 09:41:06 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-03 09:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-03 09:40:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-03 09:40:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-03 09:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-03 09:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-03 09:17:49 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-03 09:17:27 ----D---- C:\WINDOWS\Prefetch
2008-12-03 09:13:34 ----D---- C:\WINDOWS\system32\scripting
2008-12-03 09:13:33 ----D---- C:\WINDOWS\system32\en
2008-12-03 09:13:33 ----D---- C:\WINDOWS\l2schemas
2008-12-03 09:09:26 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-03 09:09:24 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-03 09:09:24 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-03 09:09:21 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-03 09:09:21 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-03 09:09:21 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-03 09:09:21 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-03 09:09:20 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-03 09:09:20 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-03 09:09:20 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-03 09:09:20 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-03 09:09:18 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-03 09:09:18 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-03 09:09:18 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-03 09:09:18 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-03 09:09:18 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-03 09:09:18 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-12-03 09:09:15 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-03 09:09:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-03 09:09:15 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-03 09:09:15 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-03 09:09:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-03 09:09:13 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-03 09:09:13 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-03 09:09:13 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-03 09:09:13 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-03 09:09:13 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-03 09:09:11 ----A---- C:\WINDOWS\005642_.tmp
2008-12-03 09:09:10 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-03 09:09:10 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-03 09:09:10 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-03 09:09:10 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-03 09:09:10 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-03 09:09:10 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-03 09:09:10 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-03 09:09:10 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-03 09:09:09 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-03 09:09:09 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-03 09:09:09 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-03 09:09:09 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-03 09:09:09 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-03 09:09:09 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-03 09:09:09 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-03 09:09:09 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-03 09:09:09 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-03 09:09:09 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-03 09:09:08 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-03 09:09:07 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-03 09:09:07 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-03 09:09:06 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-03 09:01:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-03 09:01:56 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-11-24 16:03:32 ----D---- C:\Program Files\Ventrilo
2008-11-24 16:03:30 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-20 01:39:55 ----A---- C:\WINDOWS\system32\ff42703d-.txt
2008-11-20 01:34:38 ----SHD---- C:\WINDOWS\cHBhcms
2008-11-20 01:34:34 ----D---- C:\WINDOWS\system32\vemi
2008-11-20 01:34:34 ----D---- C:\WINDOWS\system32\HES
2008-11-20 01:34:34 ----D---- C:\WINDOWS\system32\eys3
2008-11-11 21:25:20 ----D---- C:\Program Files\Combined Community Codec Pack
2008-11-11 17:58:20 ----D---- C:\Documents and Settings\ppark\Application Data\Mozilla
2008-11-11 17:58:01 ----D---- C:\Program Files\Mozilla Firefox
2008-11-09 19:28:58 ----A---- C:\Boot.bak
2008-11-09 19:28:51 ----RASHD---- C:\cmdcons
2008-11-09 19:26:20 ----D---- C:\WINDOWS\ERDNT
2008-11-09 17:29:00 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-09 17:29:00 ----A---- C:\WINDOWS\gmer.ini
2008-11-09 17:29:00 ----A---- C:\WINDOWS\gmer.dll
2008-11-09 17:28:59 ----A---- C:\WINDOWS\gmer.exe
2008-11-07 19:15:18 ----D---- C:\rsit
2008-11-07 03:18:31 ----D---- C:\Program Files\Trend Micro
2008-11-07 00:56:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-07 00:56:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2008-12-06 07:06:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-06 06:11:34 ----D---- C:\WINDOWS\system32
2008-12-06 05:57:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-06 05:55:48 ----D---- C:\WINDOWS
2008-12-06 05:04:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 03:41:26 ----D---- C:\WINDOWS\system32\drivers
2008-12-06 03:34:53 ----SHD---- C:\System Volume Information
2008-12-06 03:33:24 ----D---- C:\WINDOWS\system32\Restore
2008-12-06 03:30:13 ----N---- C:\WINDOWS\system.ini
2008-12-06 03:29:12 ----D---- C:\WINDOWS\AppPatch
2008-12-06 03:29:12 ----D---- C:\Program Files\Common Files
2008-12-06 02:10:14 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-05 20:30:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 03:20:26 ----D---- C:\Downloads
2008-12-03 09:58:56 ----SHD---- C:\WINDOWS\Installer
2008-12-03 09:46:22 ----D---- C:\Program Files\Internet Explorer
2008-12-03 09:43:16 ----HD---- C:\WINDOWS\inf
2008-12-03 09:43:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-03 09:42:37 ----A---- C:\WINDOWS\imsins.BAK
2008-12-03 09:42:27 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-03 09:41:43 ----D---- C:\WINDOWS\WinSxS
2008-12-03 09:41:29 ----D---- C:\Program Files\Messenger
2008-12-03 09:30:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-03 09:20:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-03 09:17:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-03 09:17:42 ----A---- C:\WINDOWS\setuplog.txt
2008-12-03 09:17:04 ----D---- C:\WINDOWS\system32\Setup
2008-12-03 09:17:03 ----RSD---- C:\WINDOWS\Fonts
2008-12-03 09:17:03 ----D---- C:\WINDOWS\system32\wbem
2008-12-03 09:16:27 ----D---- C:\WINDOWS\security
2008-12-03 09:13:40 ----D---- C:\WINDOWS\network diagnostic
2008-12-03 09:13:40 ----D---- C:\WINDOWS\ime
2008-12-03 09:13:40 ----D---- C:\WINDOWS\Help
2008-12-03 09:13:34 ----D---- C:\WINDOWS\system32\usmt
2008-12-03 09:13:34 ----D---- C:\WINDOWS\system32\en-US
2008-12-03 09:13:33 ----D---- C:\WINDOWS\system32\bits
2008-12-03 09:13:33 ----D---- C:\WINDOWS\peernet
2008-12-03 09:13:33 ----D---- C:\Program Files\Movie Maker
2008-12-03 09:12:40 ----D---- C:\WINDOWS\system32\npp
2008-12-03 09:12:39 ----D---- C:\WINDOWS\srchasst
2008-12-03 09:12:39 ----D---- C:\WINDOWS\msagent
2008-12-03 09:12:38 ----D---- C:\Program Files\NetMeeting
2008-12-03 09:12:37 ----D---- C:\WINDOWS\system32\Com
2008-12-03 09:12:37 ----D---- C:\Program Files\Windows Media Player
2008-12-03 09:12:36 ----D---- C:\Program Files\Windows NT
2008-12-03 09:12:36 ----D---- C:\Program Files\Outlook Express
2008-12-03 09:12:35 ----D---- C:\Program Files\Common Files\System
2008-12-03 09:12:29 ----D---- C:\WINDOWS\system32\oobe
2008-12-03 09:12:29 ----D---- C:\WINDOWS\system
2008-12-03 09:11:38 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-03 09:11:07 ----D---- C:\WINDOWS\EHome
2008-12-03 09:04:13 ----D---- C:\WINDOWS\Debug
2008-12-03 09:02:04 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-02 17:53:27 ----D---- C:\WINDOWS\system32\config
2008-12-02 17:52:17 ----SD---- C:\WINDOWS\Tasks
2008-12-02 17:51:38 ----D---- C:\Temp
2008-12-02 17:43:12 ----RD---- C:\Program Files
2008-11-24 16:05:32 ----D---- C:\Documents and Settings\ppark\Application Data\Ventrilo
2008-11-24 16:03:23 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-13 15:21:15 ----D---- C:\Program Files\World of Warcraft
2008-11-13 02:01:12 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-11 22:20:01 ----D---- C:\Program Files\Steam
2008-11-09 19:28:58 ----RASH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-09 85969]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-10-12 12032]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-10-12 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 akf94yoc;akf94yoc; C:\WINDOWS\system32\drivers\akf94yoc.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\ppark\LOCALS~1\Temp\catchme.sys []
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface; C:\WINDOWS\system32\drivers\CM108.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Gravity\RO\npkcrypt.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
S3 PciCon;PciCon; \??\F:\PciCon.sys []
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.09\RivaTuner32.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva037;XDva037; \??\C:\WINDOWS\system32\XDva037.sys []
S3 XDva208;XDva208; \??\C:\WINDOWS\system32\XDva208.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-06 152984]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-07 19:15:24

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advertisement Service-->C:\WINDOWS\system32\prun.exe Uninstall
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
BitSpirit v3.2.2.215 Stable-->"C:\Program Files\BitSpirit\unins000.exe"
Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins001.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
D.I.P.R.I.P. Warm Up-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17530
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverAgent Plugin for Netscape by TouchStone Software-->RunDll32.exe advpack.dll, LaunchINFSection driveragent_np.inf,TVICHW32Remove
EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer-->MsiExec.exe /I{95120000-003F-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Outspark Sharp Launcher-->MsiExec.exe /X{B5560986-7A6A-4CCA-A808-853D2CED3796}
PC Probe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
Project Powder-->MsiExec.exe /X{E83816B1-57FC-4999-B9B6-A422AFFAD876}
QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Real Alternative 1.60 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
RivaTuner v2.09-->"C:\Program Files\RivaTuner v2.09\uninstall.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SteelSeries USB Soundcard-->C:\WINDOWS\Cmi108Uninstall.exe C:\Program Files\SteelSeries USB Soundcard#C-Media USB 108 Sound#SteelSeries USB Soundcard#
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 6, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 06, 2008 06:35:15
Records in database: 1439963
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 76155
Threat name: 8
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 00:42:17


File name / Threat name / Threats count
C:\Documents and Settings\ppark\.housecall6.6\Quarantine\BN2.tmp.bac_a00176 Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\ppark\.housecall6.6\Quarantine\BN3.tmp.bac_a00176 Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\ppark\.housecall6.6\Quarantine\BN4.tmp.bac_a00176 Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\ppark\.housecall6.6\Quarantine\ctaoqsqucnuuzwmh.dll.bac_a00176 Infected: Trojan-Downloader.Win32.Zlob.ymu 1
C:\Documents and Settings\ppark\.housecall6.6\Quarantine\g3.exe.bac_a00176 Infected: Trojan-Clicker.Win32.Agent.cht 1
C:\Documents and Settings\ppark\.housecall6.6\Quarantine\gadcom.exe.bac_a00176 Infected: Trojan.Win32.Agent.amus 1
C:\Documents and Settings\ppark\.housecall6.6\Quarantine\gside.exe.bac_a00176 Infected: Trojan-Downloader.Win32.Zlob.ymu 1
C:\Documents and Settings\ppark\.housecall6.6\Quarantine\lcntttdl.exe.bac_a00176 Infected: not-a-virus:AdWare.Win32.ZenoSearch.ca 1
C:\Documents and Settings\ppark\.housecall6.6\Quarantine\lcntttdm.exe.bac_a00176 Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv 1
C:\Documents and Settings\ppark\.housecall6.6\Quarantine\stf85.tmp.bac_a00176 Infected: Trojan.Win32.Agent.amus 1
C:\Documents and Settings\ppark\.housecall6.6\Quarantine\vtUkhggf.dll.bac_a00176 Infected: Backdoor.Win32.Agent.tlr 1
D:\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 ppark

ppark
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 07 December 2008 - 02:18 AM

nvm I formatted

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:11:03 PM

Posted 07 December 2008 - 08:41 PM

Thanks for informing us.
If you find other problems please start a new topic.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users