Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

persistant Trojan.NtRootKit.Agent after malwarebytes


  • This topic is locked This topic is locked
9 replies to this topic

#1 ffthack

ffthack

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 04 February 2009 - 12:08 AM

My wife bought my son a used dell laptop worked fine for a while and coming home form work one day I'm greeted with freaked out kids when they had MS Antispyware 2009 go off on them. I've googled and disabled and killed the hidden TDSServ, uninstalled the ms antipyware, gotten malwarebytes, updated it, used it and installed HJT.
Well now I'm stumped - Malwarebytes has gotten me as far as I'm going to get without outside advice i cannot get rid of persistant Trojan.NtRootKit.Agent using malwarebytes. I currently have the wireless adapter disabled and have instructed son to leave it disabled.

here's my DDS and thanks


DDS (Ver_09-02-01.01) - NTFSx86
Run by User at 23:38:33.28 on Tue 02/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.693 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
c:\windows\system32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\igfxpers.exe
c:\program files\dell\quickset\quickset.exe
c:\windows\system32\wltray.exe
c:\windows\system32\rundll32.exe
c:\program files\intel\wireless\bin\zcfgsvc.exe
c:\program files\intel\wireless\bin\ifrmewrk.exe
c:\program files\apoint\apoint.exe
c:\program files\quicktime\qttask.exe
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\windows\system32\ctfmon.exe
c:\program files\electronic arts\eadm\core.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\program files\apoint\hidfind.exe
C:\Program Files\Apoint\apntex.exe
c:\documents and settings\user\desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\i386kd.exe,c:\windows\system32\gcc.exe,c:\windows\system32\7z.exe,
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: vctkay.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-2-3 18944]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-1-11 87936]
S1 ethvqrmt;ethvqrmt;c:\windows\system32\drivers\ethvqrmt.sys --> c:\windows\system32\drivers\ethvqrmt.sys [?]

=============== Created Last 30 ================

2009-02-03 02:00 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-02-03 00:18 64,512 a------- c:\windows\system32\7z.exe
2009-02-03 00:09 64,512 a------- c:\windows\system32\gcc.exe
2009-02-02 23:51 5 a------- c:\windows\_id.dat
2009-02-02 23:51 124 a------- c:\windows\adobe.bat
2009-02-02 23:50 64,512 a------- c:\windows\system32\i386kd.exe
2009-02-02 18:40 136 a------- c:\windows\system32\srvblck.tmp
2009-02-02 18:40 <DIR> --d----- c:\windows\system32\cks
2009-02-02 18:40 <DIR> --d----- c:\windows\system32\dtw5d
2009-02-02 18:40 <DIR> --d----- c:\windows\system32\UAs
2009-02-02 11:55 992,768 a------- c:\windows\system32\nwklr.ini
2009-02-02 11:55 984,576 a------- c:\windows\system32\korlg.ini
2009-02-02 11:55 850,944 a------- c:\windows\system32\nwwlnt.ini
2009-02-02 11:55 826,368 a------- c:\windows\system32\worlg.ini
2009-02-02 11:55 21,504 a------- c:\windows\system32\nwpp.ini
2009-02-02 11:55 17,408 a------- c:\windows\system32\pporlg.ini
2009-02-02 11:55 21,568 a------- c:\windows\system32\ldshyr.old
2009-02-02 10:18 <DIR> --d----- c:\program files\MSXML 6.0
2009-02-01 07:52 <DIR> --d----- c:\docume~1\user\applic~1\LEGO Company
2009-02-01 07:52 <DIR> --d----- c:\program files\LEGO Company
2009-02-01 01:44 208,744 a------- c:\windows\system32\muweb.dll
2009-02-01 01:44 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-01 01:32 <DIR> --d----- c:\program files\Trend Micro
2009-02-01 01:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-01 01:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-01 01:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-01 01:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-01 01:02 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-02-01 00:24 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-01-31 20:51 441 a------- c:\windows\system32\TDSSosvd.dat
2009-01-31 20:51 209,445 a------- c:\windows\system32\kulvadao.exe
2009-01-31 00:25 <DIR> --d----- c:\program files\SimTheme Park
2009-01-30 13:37 1,465,183 ---sh--- c:\windows\system32\xtpgalma.ini
2009-01-29 08:01 <DIR> --d----- c:\program files\Microsoft Virtual PC
2009-01-28 00:15 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-28 00:09 956,026 a------- c:\windows\system32\OLD36.tmp
2009-01-28 00:09 73,728 a------- c:\windows\system32\OLD35.tmp
2009-01-28 00:09 61,440 a------- c:\windows\system32\OLD34.tmp
2009-01-28 00:08 139,264 a------- c:\windows\system32\OLD12.tmp
2009-01-28 00:08 238,650 a------- c:\windows\system32\OLDF.tmp
2009-01-28 00:08 121,467 a------- c:\windows\system32\OLD10.tmp
2009-01-28 00:08 45,694 a------- c:\windows\system32\OLD11.tmp
2009-01-28 00:06 <DIR> --d----- c:\windows\LastGood(2)
2009-01-27 23:26 73,728 a------- c:\windows\system32\SET30.tmp
2009-01-27 23:26 57,344 a------- c:\windows\system32\SET33.tmp
2009-01-27 23:26 901,242 a------- c:\windows\system32\SET1E.tmp
2009-01-27 23:26 213,274 a------- c:\windows\system32\SETE.tmp
2009-01-27 23:26 118,395 a------- c:\windows\system32\SETB.tmp
2009-01-27 23:26 36,990 a------- c:\windows\system32\SET8.tmp
2009-01-27 19:45 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-27 02:14 <DIR> --d----- c:\windows\system32\scripting
2009-01-27 02:14 <DIR> --d----- c:\windows\l2schemas
2009-01-27 02:12 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-26 04:34 <DIR> --d----- c:\windows\system32\NtmsData
2009-01-23 13:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Electronic Arts
2009-01-22 19:15 848 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-01-22 19:15 88 ---shr-- c:\docume~1\alluse~1\applic~1\810E9CBF51.sys
2009-01-22 18:55 56 ---shr-- c:\windows\system32\51BF9C0E81.sys
2009-01-22 18:55 1,682 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-01-22 18:54 <DIR> --d----- c:\program files\Enterbrain
2009-01-22 18:54 <DIR> --d----- c:\program files\common files\Enterbrain
2009-01-22 18:24 <DIR> --d----- C:\MT123
2009-01-22 18:22 <DIR> --d----- C:\MT456
2009-01-22 18:20 106,496 a------- c:\windows\unvise32qt.exe
2009-01-22 18:18 252,688 a------- c:\windows\system32\msexcl35.dll
2009-01-22 18:18 123,664 a------- c:\windows\system32\msjint35.dll
2009-01-22 18:18 24,848 a------- c:\windows\system32\msjter35.dll
2009-01-22 18:18 <DIR> --d----- c:\program files\WB04D1SE
2009-01-22 18:15 156 a------- c:\windows\compedia.ini
2009-01-22 18:15 <DIR> --d----- c:\program files\Compedia
2009-01-22 18:15 92,208 -------- c:\windows\system\Wing.dll
2009-01-22 18:15 81,920 -------- c:\windows\system32\LZSCMPRS.DLL
2009-01-22 18:15 12,800 -------- c:\windows\system32\Wing32.dll
2009-01-22 18:13 <DIR> --d----- c:\program files\DR_CDROM
2009-01-22 18:13 316,416 a------- c:\windows\uninst.exe
2009-01-22 18:05 <DIR> --d----- c:\program files\Time Engineers 2.0
2009-01-22 18:01 621,140 a------- c:\windows\system32\win.tlb
2009-01-22 18:01 244,416 a------- c:\windows\system32\Msflxgrd.ocx
2009-01-22 18:01 368,912 a------- c:\windows\system32\VBAR332.DLL
2009-01-22 18:01 <DIR> --d----- c:\program files\Zoogma Software
2009-01-22 17:49 <DIR> --d----- c:\program files\Transparent
2009-01-22 17:43 <DIR> --d----- c:\program files\ExamPrep
2009-01-22 17:41 741,376 a------- c:\windows\iun6002.exe
2009-01-22 17:41 <DIR> --d----- c:\program files\homeworkhelp
2009-01-22 17:36 <DIR> --d----- c:\windows\Geometry
2009-01-22 17:32 <DIR> --d----- c:\program files\Encore Software
2009-01-22 17:17 358,076 a------- c:\windows\ISUN16.EXE
2009-01-22 17:17 26,768 a------- c:\windows\system\CTL3D.DLL
2009-01-22 17:15 <DIR> --d----- c:\windows\Algebra 2
2009-01-22 17:13 <DIR> --d----- c:\windows\Trigonometry
2009-01-22 17:13 <DIR> --d----- c:\program files\Homeworkhelp.com
2009-01-22 17:13 169 a------- c:\windows\encore_launcher.ini
2009-01-22 04:04 14,848 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-01-22 04:04 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-01-22 04:04 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-01-22 04:04 21,504 a------- c:\windows\system32\hidserv.dll
2009-01-22 04:04 21,504 a------- c:\windows\system32\hidserv(3).dll
2009-01-22 04:03 59,264 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-01-22 04:03 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-01-22 04:03 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-01-22 04:03 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-01-21 16:18 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-01-21 16:18 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-01-21 16:18 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-01-21 16:18 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-01-21 16:18 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-01-21 16:18 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-01-21 16:18 8,192 a------- c:\windows\system32\kbdkor.dll
2009-01-21 16:18 6,144 a------- c:\windows\system32\kbd106.dll
2009-01-21 16:18 6,144 a------- c:\windows\system32\kbd101c.dll
2009-01-21 16:18 5,632 a------- c:\windows\system32\kbd103.dll
2009-01-21 16:18 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-01-21 16:18 6,144 a------- c:\windows\system32\kbd101b.dll
2009-01-21 06:29 <DIR> --d----- c:\temp\Ogif
2009-01-21 06:29 <DIR> --d----- C:\Temp
2009-01-21 04:49 466 a------- c:\windows\EReg072.dat
2009-01-21 04:47 <DIR> --d----- c:\program files\Maxis
2009-01-20 19:53 <DIR> --d----- c:\docume~1\user\applic~1\SPORE
2009-01-20 19:53 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-01-20 19:05 <DIR> --d----- c:\program files\EA GAMES
2009-01-20 19:05 445,504 a----r-- c:\windows\system32\vp6vfw.dll
2009-01-20 18:07 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-01-20 18:05 19,569 a------- c:\windows\003040_.tmp
2009-01-20 18:05 64,352 -------- c:\windows\system32\drivers\ativmc20.cod
2009-01-20 18:02 <DIR> --d----- C:\ProgramData
2009-01-20 18:01 3,076 a------- c:\windows\system32\ealregsnapshot1.reg
2009-01-20 16:49 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-01-20 16:49 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-01-20 16:49 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-01-20 16:49 9,600 a------- c:\windows\system32\drivers\hidusb.sys

==================== Find3M ====================

2009-02-02 11:55 850,944 a------- c:\windows\system32\wininet.dll
2009-02-02 11:55 21,504 a------- c:\windows\system32\powrprof.dll
2009-01-27 02:17 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys

============= FINISH: 23:39:01.25 ===============

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:17 AM

Posted 10 February 2009 - 07:41 PM

Hi ffthack,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Set the scan files/folders to 3 mounts.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.
You might want to save this page on your favorites, so you can find it again when you return.

#3 ffthack

ffthack
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 10 February 2009 - 10:26 PM

Hi farbar!

Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

Largely the machine has been turned off. I've had the wireless network connection disabled. I haven't run any other tools since posting. prior to that i had used malware bytes and some tool called avenger to get rid of a tdsserv infection (as far as I could get without help). there is some file called protect .sys that keeps showing up after every reboot and the hosts file keeps getting changed. The computer is running fairly well at the moment but I suspect that if I enable the network that could change quickly. I've been moving files via usb drive from a work computer with decent protection. My son has used it to play with his sims game since then once but has left it alone and used a different machine for networking.

Thanks again for helping out.

Ian

here's the contents of the rsit files:

Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2009-02-10 22:07:10
Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (58%) free of 57 GB
Total RAM: 1015 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:13 PM, on 2/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
c:\windows\system32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\program files\dell\quickset\quickset.exe
c:\windows\system32\wltray.exe
c:\windows\system32\rundll32.exe
c:\program files\intel\wireless\bin\zcfgsvc.exe
c:\program files\intel\wireless\bin\ifrmewrk.exe
c:\program files\apoint\apoint.exe
c:\program files\quicktime\qttask.exe
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\windows\system32\ctfmon.exe
c:\program files\electronic arts\eadm\core.exe
C:\Program Files\Apoint\apntex.exe
c:\program files\apoint\hidfind.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\user\desktop\rsit.exe
c:\program files\trend micro\hijackthis\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\7z.exe,
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: vctkay.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5590 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\mbcmkeua.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 114688]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 98304]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 135168]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-08-03 1052672]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1368064]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-04 110592]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-10-18 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-10-18 716800]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-01-11 364544]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 196608]
"QuickTime Task"=c:\program files\quicktime\qttask.exe [2009-01-22 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-22 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 32768]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-01-09 3342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="vctkay.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-01-11 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-02-10 22:07:10 ----D---- C:\rsit
2009-02-03 00:18:23 ----A---- C:\WINDOWS\system32\7z.exe
2009-02-03 00:09:31 ----A---- C:\WINDOWS\system32\gcc.exe
2009-02-02 23:51:52 ----A---- C:\WINDOWS\adobe.bat
2009-02-02 23:50:28 ----A---- C:\WINDOWS\system32\i386kd.exe
2009-02-02 18:40:52 ----A---- C:\WINDOWS\system32\AcroIEHelpe.txt
2009-02-02 18:40:27 ----A---- C:\WINDOWS\system32\srvblck.tmp
2009-02-02 18:40:26 ----D---- C:\WINDOWS\system32\cks
2009-02-02 18:40:25 ----D---- C:\WINDOWS\system32\dtw5d
2009-02-02 18:40:08 ----D---- C:\WINDOWS\system32\UAs
2009-02-02 11:55:44 ----A---- C:\WINDOWS\system32\worlg.ini
2009-02-02 11:55:44 ----A---- C:\WINDOWS\system32\pporlg.ini
2009-02-02 11:55:44 ----A---- C:\WINDOWS\system32\nwwlnt.ini
2009-02-02 11:55:44 ----A---- C:\WINDOWS\system32\nwpp.ini
2009-02-02 11:55:44 ----A---- C:\WINDOWS\system32\nwklr.ini
2009-02-02 11:55:44 ----A---- C:\WINDOWS\system32\korlg.ini
2009-02-02 10:18:30 ----D---- C:\Program Files\MSXML 6.0
2009-02-01 07:52:55 ----D---- C:\Documents and Settings\User\Application Data\LEGO Company
2009-02-01 07:52:41 ----D---- C:\Program Files\LEGO Company
2009-02-01 01:44:44 ----A---- C:\WINDOWS\system32\muweb.dll
2009-02-01 01:44:43 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-02-01 01:32:19 ----D---- C:\Program Files\Trend Micro
2009-02-01 01:10:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-01 01:10:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-01 01:02:46 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2009-02-01 00:24:30 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-01-31 20:51:21 ----A---- C:\WINDOWS\system32\kulvadao.exe
2009-01-31 00:25:24 ----D---- C:\Program Files\SimTheme Park
2009-01-30 13:37:30 ----SH---- C:\WINDOWS\system32\xtpgalma.ini
2009-01-30 13:37:13 ----A---- C:\WINDOWS\system32\071763d2-.txt
2009-01-29 08:01:53 ----D---- C:\Program Files\Microsoft Virtual PC
2009-01-28 00:15:32 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-28 00:09:12 ----A---- C:\WINDOWS\system32\OLD36.tmp
2009-01-28 00:09:12 ----A---- C:\WINDOWS\system32\OLD35.tmp
2009-01-28 00:09:12 ----A---- C:\WINDOWS\system32\OLD34.tmp
2009-01-28 00:08:16 ----A---- C:\WINDOWS\system32\OLD12.tmp
2009-01-28 00:08:15 ----A---- C:\WINDOWS\system32\OLDF.tmp
2009-01-28 00:08:15 ----A---- C:\WINDOWS\system32\OLD11.tmp
2009-01-28 00:08:15 ----A---- C:\WINDOWS\system32\OLD10.tmp
2009-01-28 00:06:25 ----D---- C:\WINDOWS\LastGood(2)
2009-01-27 23:26:39 ----A---- C:\WINDOWS\system32\SET33.tmp
2009-01-27 23:26:39 ----A---- C:\WINDOWS\system32\SET30.tmp
2009-01-27 23:26:38 ----A---- C:\WINDOWS\system32\SETE.tmp
2009-01-27 23:26:38 ----A---- C:\WINDOWS\system32\SETB.tmp
2009-01-27 23:26:38 ----A---- C:\WINDOWS\system32\SET8.tmp
2009-01-27 23:26:38 ----A---- C:\WINDOWS\system32\SET1E.tmp
2009-01-27 19:45:54 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-01-27 02:49:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-27 02:34:39 ----D---- C:\WINDOWS\Prefetch
2009-01-27 02:21:45 ----DC---- C:\WINDOWS\$NtUninstallKB958687$(2)
2009-01-27 02:21:38 ----DC---- C:\WINDOWS\$NtUninstallKB958644$(2)
2009-01-27 02:21:33 ----DC---- C:\WINDOWS\$NtUninstallKB957097$(2)
2009-01-27 02:21:25 ----DC---- C:\WINDOWS\$NtUninstallKB956841$(2)
2009-01-27 02:21:18 ----DC---- C:\WINDOWS\$NtUninstallKB956803$(2)
2009-01-27 02:21:12 ----DC---- C:\WINDOWS\$NtUninstallKB956802$(2)
2009-01-27 02:21:02 ----DC---- C:\WINDOWS\$NtUninstallKB955069$(2)
2009-01-27 02:20:55 ----DC---- C:\WINDOWS\$NtUninstallKB954600$(2)
2009-01-27 02:20:48 ----DC---- C:\WINDOWS\$NtUninstallKB954211$(2)
2009-01-27 02:20:41 ----DC---- C:\WINDOWS\$NtUninstallKB952954$(2)
2009-01-27 02:20:34 ----DC---- C:\WINDOWS\$NtUninstallKB952287$(2)
2009-01-27 02:20:26 ----DC---- C:\WINDOWS\$NtUninstallKB951748$(2)
2009-01-27 02:20:21 ----DC---- C:\WINDOWS\$NtUninstallKB951698$(2)
2009-01-27 02:20:15 ----DC---- C:\WINDOWS\$NtUninstallKB951376-v2$(2)
2009-01-27 02:20:09 ----DC---- C:\WINDOWS\$NtUninstallKB951066$(2)
2009-01-27 02:20:03 ----DC---- C:\WINDOWS\$NtUninstallKB950974$(2)
2009-01-27 02:19:56 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(2)
2009-01-27 02:19:49 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(2)
2009-01-27 02:19:41 ----DC---- C:\WINDOWS\$NtUninstallKB938464$(2)
2009-01-27 02:16:07 ----A---- C:\WINDOWS\setuplog.txt
2009-01-27 02:14:59 ----D---- C:\WINDOWS\system32\scripting
2009-01-27 02:14:58 ----D---- C:\WINDOWS\l2schemas
2009-01-27 02:12:27 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-27 02:02:47 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-26 04:34:55 ----D---- C:\WINDOWS\system32\NtmsData
2009-01-24 22:15:35 ----D---- C:\WINDOWS\Minidump
2009-01-23 13:57:16 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-01-22 18:54:52 ----D---- C:\Program Files\Enterbrain
2009-01-22 18:54:22 ----D---- C:\Program Files\Common Files\Enterbrain
2009-01-22 18:24:06 ----D---- C:\MT123
2009-01-22 18:22:24 ----D---- C:\MT456
2009-01-22 18:20:29 ----A---- C:\WINDOWS\unvise32qt.exe
2009-01-22 18:19:46 ----D---- C:\WINDOWS\system32\QuickTime
2009-01-22 18:19:43 ----D---- C:\Program Files\QuickTime
2009-01-22 18:19:28 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2009-01-22 18:19:01 ----A---- C:\WINDOWS\system32\msxbse35.dll
2009-01-22 18:19:01 ----A---- C:\WINDOWS\system32\mstext35.dll
2009-01-22 18:19:01 ----A---- C:\WINDOWS\system32\msrpfs35.dll
2009-01-22 18:19:01 ----A---- C:\WINDOWS\system32\msrepl35.dll
2009-01-22 18:19:01 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2009-01-22 18:19:01 ----A---- C:\WINDOWS\system32\msexch35.dll
2009-01-22 18:19:01 ----A---- C:\WINDOWS\system32\JETCOMP.exe
2009-01-22 18:19:00 ----A---- C:\WINDOWS\system32\mspdox35.dll
2009-01-22 18:19:00 ----A---- C:\WINDOWS\system32\msltus35.dll
2009-01-22 18:19:00 ----A---- C:\WINDOWS\system32\msjt4jlt.dll
2009-01-22 18:19:00 ----A---- C:\WINDOWS\system32\msjet35.dll
2009-01-22 18:18:59 ----A---- C:\WINDOWS\system32\msjter35.dll
2009-01-22 18:18:59 ----A---- C:\WINDOWS\system32\msjint35.dll
2009-01-22 18:18:59 ----A---- C:\WINDOWS\system32\msexcl35.dll
2009-01-22 18:18:32 ----D---- C:\Program Files\WB04D1SE
2009-01-22 18:15:51 ----A---- C:\WINDOWS\compedia.ini
2009-01-22 18:15:50 ----N---- C:\WINDOWS\system32\Wing32.dll
2009-01-22 18:15:50 ----N---- C:\WINDOWS\system32\LZSCMPRS.DLL
2009-01-22 18:15:50 ----D---- C:\Program Files\Compedia
2009-01-22 18:13:25 ----D---- C:\Program Files\DR_CDROM
2009-01-22 18:13:19 ----A---- C:\WINDOWS\uninst.exe
2009-01-22 18:11:49 ----A---- C:\WINDOWS\Composition Setup Log.txt
2009-01-22 18:05:24 ----D---- C:\Program Files\Time Engineers 2.0
2009-01-22 18:01:44 ----D---- C:\Program Files\Zoogma Software
2009-01-22 18:01:44 ----A---- C:\WINDOWS\system32\VBAR332.DLL
2009-01-22 17:49:42 ----D---- C:\Program Files\Transparent
2009-01-22 17:43:19 ----D---- C:\Program Files\ExamPrep
2009-01-22 17:41:18 ----D---- C:\Program Files\homeworkhelp
2009-01-22 17:41:18 ----A---- C:\WINDOWS\iun6002.exe
2009-01-22 17:41:07 ----A---- C:\WINDOWS\Physics 1 Plus Setup Log.txt
2009-01-22 17:36:18 ----D---- C:\WINDOWS\Geometry
2009-01-22 17:36:08 ----A---- C:\WINDOWS\Geometry Setup Log.txt
2009-01-22 17:32:59 ----D---- C:\Program Files\Encore Software
2009-01-22 17:18:38 ----D---- C:\GLASKLAR
2009-01-22 17:18:38 ----A---- C:\WINDOWS\GKM303D.INI
2009-01-22 17:17:58 ----A---- C:\WINDOWS\ISUN16.EXE
2009-01-22 17:15:47 ----D---- C:\WINDOWS\Algebra 2
2009-01-22 17:15:36 ----A---- C:\WINDOWS\Algebra 2 Setup Log.txt
2009-01-22 17:13:26 ----D---- C:\WINDOWS\Trigonometry
2009-01-22 17:13:26 ----D---- C:\Program Files\Homeworkhelp.com
2009-01-22 17:13:10 ----A---- C:\WINDOWS\Trigonometry Setup Log.txt
2009-01-22 17:13:03 ----A---- C:\WINDOWS\encore_launcher.ini
2009-01-22 04:04:06 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-01-22 04:04:06 ----A---- C:\WINDOWS\system32\hidserv(3).dll
2009-01-21 16:18:11 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-01-21 16:18:11 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-01-21 16:18:11 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-01-21 16:18:11 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-01-21 16:18:11 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-01-21 16:18:08 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-01-21 06:29:23 ----D---- C:\Temp
2009-01-21 04:47:23 ----D---- C:\Program Files\Maxis
2009-01-21 03:15:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-21 03:15:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-21 03:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-21 03:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-21 03:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-21 03:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-21 03:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-21 03:05:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-21 03:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-21 03:04:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-21 03:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-21 03:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-21 03:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-21 03:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-21 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-21 03:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-21 03:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-21 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-21 03:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-20 19:53:55 ----D---- C:\Documents and Settings\User\Application Data\SPORE
2009-01-20 19:53:44 ----RHD---- C:\Documents and Settings\User\Application Data\SecuROM
2009-01-20 19:53:43 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-01-20 19:05:54 ----D---- C:\Program Files\EA GAMES
2009-01-20 19:05:53 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-01-20 18:05:57 ----A---- C:\WINDOWS\003040_.tmp
2009-01-20 18:03:15 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-01-20 18:02:23 ----D---- C:\ProgramData
2009-01-20 17:48:51 ----D---- C:\Documents and Settings\User\Application Data\Macromedia
2009-01-20 17:42:54 ----D---- C:\Program Files\Electronic Arts

======List of files/folders modified in the last 3 months======

2009-02-10 21:57:44 ----D---- C:\WINDOWS\Temp
2009-02-10 21:57:39 ----D---- C:\WINDOWS
2009-02-10 20:51:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-10 18:35:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-03 02:00:36 ----D---- C:\WINDOWS\system32\drivers
2009-02-03 01:55:54 ----HD---- C:\WINDOWS\inf
2009-02-03 01:52:17 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-03 00:25:23 ----D---- C:\WINDOWS\system32
2009-02-02 23:39:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-02 23:38:23 ----A---- C:\WINDOWS\imsins.BAK
2009-02-02 11:55:45 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-02 11:55:45 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-02-02 11:55:45 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-02-02 10:18:33 ----SHD---- C:\WINDOWS\Installer
2009-02-02 10:18:30 ----RD---- C:\Program Files
2009-02-01 00:55:08 ----D---- C:\WINDOWS\security
2009-01-31 07:32:49 ----D---- C:\Program Files\BlazeDVDCopy
2009-01-30 13:31:42 ----SD---- C:\WINDOWS\Tasks
2009-01-29 19:32:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-29 08:05:16 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2009-01-28 06:17:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-28 00:23:50 ----D---- C:\WINDOWS\WinSxS
2009-01-28 00:23:50 ----D---- C:\WINDOWS\system32\wbem
2009-01-28 00:23:47 ----RSD---- C:\WINDOWS\Fonts
2009-01-28 00:23:47 ----D---- C:\WINDOWS\AppPatch
2009-01-28 00:23:08 ----D---- C:\WINDOWS\system32\config
2009-01-28 00:22:56 ----D---- C:\WINDOWS\Registration
2009-01-28 00:21:13 ----D---- C:\WINDOWS\ehome
2009-01-28 00:18:00 ----D---- C:\WINDOWS\system32\usmt
2009-01-28 00:18:00 ----D---- C:\WINDOWS\system
2009-01-28 00:17:58 ----D---- C:\WINDOWS\system32\oobe
2009-01-28 00:17:56 ----D---- C:\WINDOWS\system32\Setup
2009-01-28 00:17:43 ----D---- C:\WINDOWS\Help
2009-01-28 00:17:43 ----D---- C:\Program Files\Outlook Express
2009-01-28 00:17:43 ----D---- C:\Program Files\Common Files\System
2009-01-28 00:17:42 ----D---- C:\Program Files\Windows NT
2009-01-28 00:17:41 ----D---- C:\Program Files\Windows Media Player
2009-01-28 00:17:40 ----D---- C:\WINDOWS\system32\Com
2009-01-28 00:17:40 ----D---- C:\Program Files\NetMeeting
2009-01-28 00:17:38 ----D---- C:\WINDOWS\srchasst
2009-01-28 00:17:38 ----D---- C:\WINDOWS\ime
2009-01-28 00:17:37 ----D---- C:\WINDOWS\msagent
2009-01-28 00:17:35 ----D---- C:\WINDOWS\system32\npp
2009-01-28 00:17:35 ----D---- C:\WINDOWS\mui
2009-01-28 00:17:34 ----D---- C:\WINDOWS\system32\Restore
2009-01-28 00:17:34 ----D---- C:\Program Files\Movie Maker
2009-01-28 00:16:13 ----D---- C:\WINDOWS\PeerNet
2009-01-28 00:16:02 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-28 00:16:02 ----D---- C:\WINDOWS\network diagnostic
2009-01-28 00:15:46 ----D---- C:\Program Files\Messenger
2009-01-28 00:14:38 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-28 00:14:23 ----D---- C:\Program Files\Google
2009-01-28 00:14:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-28 00:14:05 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-27 23:43:34 ----D---- C:\DELL
2009-01-27 03:03:15 ----D---- C:\Documents and Settings\User\Application Data\Google
2009-01-27 02:35:21 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-27 02:15:01 ----D---- C:\WINDOWS\system32\en-US
2009-01-27 02:11:44 ----A---- C:\WINDOWS\win.ini
2009-01-27 01:56:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-24 19:22:47 ----D---- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2009-01-22 18:54:22 ----D---- C:\Program Files\Common Files
2009-01-22 18:18:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-21 03:12:56 ----D---- C:\Program Files\Internet Explorer
2009-01-21 03:12:17 ----D---- C:\WINDOWS\ie7updates
2009-01-20 18:03:17 ----D---- C:\WINDOWS\system32\DirectX
2009-01-20 17:48:51 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2009-01-20 17:25:49 ----D---- C:\WINDOWS\Debug
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-04-17 21425]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-10-19 12544]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-08-23 121472]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-20 58240]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 ethvqrmt;ethvqrmt; C:\WINDOWS\system32\drivers\ethvqrmt.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-01-11 800768]
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-10-25 2208768]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 31744]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-10-18 454656]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 31744]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-08-03 401408]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-10-18 348160]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-10-18 966656]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-10-18 311296]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 36352]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-01-11 425984]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-17 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 90112]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 930816]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 31744]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-02-10 22:07:15

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Advantage Biology and Chemistry-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67A95360-D4E0-11D4-9F17-00C0F0402C9B}\setup.exe"
Advantage Writing and Vocabulary-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55BE4280-F6B6-11D4-9F17-00C0F0402C9B}\Setup.exe"
After Dark Games-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\After Dark Games\Uninst.isu"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Before You Know It -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14D4B393-7DD2-41C9-8190-2AB60768A4C5}\setup.exe" -l0x9
BlazeDVDCopy 4.0-->"C:\Program Files\BlazeDVDCopy\unins000.exe"
Broadcom Gigabit Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Captain Keyboard v3.0 -->C:\PROGRA~1\ZOOGMA~1\CAPTAI~1.0\UNWISE.EXE C:\PROGRA~1\ZOOGMA~1\CAPTAI~1.0\INSTALL.LOG
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
College Exam Prep 2004-->MsiExec.exe /I{03B2B595-1ACB-4162-B35E-19D42D32CF75}
Composition 2.1-->C:\WINDOWS\iun6002.exe "C:\Program Files\homeworkhelp\comp\irunin.ini"
Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
Geometry 6.0-->"C:\WINDOWS\Geometry\uninstall.exe" "/U:C:\Program Files\Homeworkhelp.com\Geometry\irunin.xml"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Impossible Golf-->C:\WINDOWS\iun507.exe C:\Program Files\Impossible Golf\irunin.ini
In Search of the Lost Words-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6151C127-4B19-439D-8172-D9B71B055809}\SETUP.EXE"
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
LEGO Digital Designer-->C:\Program Files\LEGO Company\LEGO Digital Designer\Uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Math Trek 1, 2, 3-->C:\MT123\UNWISE.EXE C:\MT123\INSTALL.LOG
Math Trek 4, 5, 6-->C:\MT456\UNWISE.EXE C:\MT456\INSTALL.LOG
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007 SP1-->MsiExec.exe /X{AD483998-2E9A-4405-83FF-6E503AF49CBB}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Next Generation Visualisations-->MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
OpenOffice.org 2.0-->MsiExec.exe /I{76BB7B2D-748F-4AE9-89C3-78C051833EA1}
Physics 1 Plus 3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\homeworkhelp\phy1plus\irunin.ini"
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Remove Sudoku Master-->c:\Centron\Sudoku Master\unstall.exe
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RPG Maker VX RTP-->"C:\Program Files\Common Files\Enterbrain\RGSS2\RPGVX\unins000.exe"
RPG Maker VX-->"C:\Program Files\Enterbrain\RPGVX\unins000.exe"
RPGXP-->MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SimCity 3000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000\Uninst.isu"
SimTheme Park-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SimTheme Park\Uninst.isu" -c"C:\Program Files\SimTheme Park\uninst.dll" -BFLANG=1033
Spelling 2.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\DR_CDROM\spell2\DeIsL1.isu"
SPORE™ Creepy & Cute Parts Pack-->"C:\Program Files\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\SPORE_BP1Setup.exe" -runfromtemp -l0x0009 -removeonly
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A4526249-944F-4108-B686-A435B4A62BA5} /l1033
The Sims 2 HomeCrafter Plus-->C:\Program Files\EA GAMES\The Sims 2 HomeCrafter Plus\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims™ 2 Apartment Life-->C:\Program Files\EA GAMES\The Sims 2 Apartment Life\EAUninstall.exe
The Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Double Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Double Deluxe\EAUninstall.exe
The Sims™ 2 Teen Style Stuff-->C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
Time Engineers-->C:\WINDOWS\iun6002.exe "C:\Program Files\Time Engineers 2.0\irunin.ini"
Ulead DVD Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DAFB84-2421-488F-B17D-102FF53396AA}\setup.exe" -l0x9
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
World Book 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{428D7433-50AD-40E2-8E0A-C4AA5585BC5F}\setup.exe"

======Hosts File======

127.0.0.1 ZieF.pl

System event log

Computer Name: DELLD600
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090127132647.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DELLD600
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.

Record Number: 4
Source Name: Service Control Manager
Time Written: 20090127132647.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DELLD600
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{F7D4DA11-0DBD-4DB9-A747-9FE862CE929E} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 3
Source Name: Tcpip
Time Written: 20090127132631.000000-300
Event Type: information
User:

Computer Name: DELLD600
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20090127132619.000000-300
Event Type: information
User:

Computer Name: DELLD600
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090127132619.000000-300
Event Type: information
User:

Application event log

Computer Name: DELLD600
Event Code: 1517
Message: Windows saved user DELLD600\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 763
Source Name: Userenv
Time Written: 20090210065304.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DELLD600
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 762
Source Name: SecurityCenter
Time Written: 20090210065007.000000-300
Event Type: information
User:

Computer Name: DELLD600
Event Code: 0
Message:
Record Number: 761
Source Name: RegSrvc
Time Written: 20090210065006.000000-300
Event Type: information
User:

Computer Name: DELLD600
Event Code: 0
Message:
Record Number: 760
Source Name: EvtEng
Time Written: 20090210065004.000000-300
Event Type: information
User:

Computer Name: DELLD600
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 759
Source Name: SecurityCenter
Time Written: 20090203231750.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:17 AM

Posted 11 February 2009 - 01:43 PM

  • Tell me if you have a Windows installation CD and if you have another computer at home in case we needed them in the course of disinfection.

  • We need to take a look at some suspect files before running any tool. Open notepad (start -> Run -> type in notepad and press Enter).

    Copy and paste the content of the code box in the notepad.

    @echo off
    for %%g in (
    
    C:\WINDOWS\system32\7z.exe
    C:\WINDOWS\system32\gcc.exe
    C:\WINDOWS\adobe.bat
    C:\WINDOWS\system32\i386kd.exe
    C:\WINDOWS\system32\winlogon.exe
    
    ) do zip Files_for_submission %%g
    del %o
  • Select save in: desktop
  • Fill in File name: send.bat
  • Save as type: All file types (*.*)
  • Click Save and close the Notepad.
  • Double-click send.bat on the desktop.
  • A file named Files_for_submission.zip will be created on your desktop. Please upload that file.
  • To do that click the following link: http://www.bleepingcomputer.com/submit-mal....php?channel=66
  • Press Browse..., show the path to the file on the desktop then click Open.
  • In the Link to topic where this file was requested copy and paste the following link and press Send File: http://www.bleepingcomputer.com/forums/top...ml#entry1130604


#5 ffthack

ffthack
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 11 February 2009 - 08:15 PM

I don't have a windows installation disk here at the house tonight (could get one from work in the morning). It's a used computer. I haven't used a program on it yet to get the windows installation key. I do have another machine (has xp pro on it) for internetting of if we need to grab another copy of a system file.

The batchfile didn't produce any output - I created a zip folder on usb drive and copied the files in question onto it - have uploaded as requested. Son has installed a sims stuff pack on machine while I was at work. Machine is still disconnected from net.

Thanks farbar

Ian

am curious, what does del %o do?

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:17 AM

Posted 12 February 2009 - 08:15 AM

Hi Ian,

Thanks for the feedback and uploading the files. We probably woun't need either a Windows CD or another computer but it was nice to know the options if winlogon.exe was infected.
Please remove the zip folder from your USB drive if you still have it .
The line was supposed to remove the bat file after creating the zip file. But since it didn't work the bat file was not removed either. You may remove it maually from the desktop.
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\7z.exe,
    O20 - AppInit_DLLs: vctkay.dll


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Open your Malwarebytes'Anti-Malware, first update it, run a "quick scan", let remove anything it finds, reboot if needed and copy/paste the log to your reply.

  • You are missing one important program on that computer: An antivirus.

    Visit http://free.avg.com/download?prd=afe to download the setup up file of the free version of AVG 8 to your desktop.
    • Double click the downloaded setup file to Install AVG 8 then update it.
    • On the left side click Computer scanner and select Scan whole computer.
    • When the scan finished under Result Overview tap at the end of scan result click Export overview to file
    • Select File Type: All files Name:scan.txt and save it on your desktop.
    • Under Warnings tap press Remove all unhealed infections. Then close the application.
    • Copy/paste the content of scan.txt located on your desktop to your reply.
  • Please run RSIT, set the list of Files/Folders created to 1 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).


#7 ffthack

ffthack
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 12 February 2009 - 09:48 PM

hmm network lit up big time when i enabled wireless for malwarebytes update. decided to skip update on virus scanner as looked like had something running that liked having a network connection. whole machine infected with Win32/Virut and HTML/Framer - virus scanner at 3660 items and still going. malware bytes was clean after reboot. getting late here am going to have to head to bed soon - sacn still running will send logs in morning. If i run remove unhealed infections will it turn machine into boat anchor? c:\windows\Explorer.EXE listed as infected. infected count >5200 still going (lots of html files hit by framer).

See you in morning

Ian

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:17 AM

Posted 13 February 2009 - 05:27 AM

...whole machine infected with Win32/Virut and HTML/Framer...

c:\windows\Explorer.EXE listed as infected...


I have not seen the AVG log yet. If you see the post on time just post the log and don't let AVG remove anything.

I'm afraid Virut is bad news. The infection is one of the the nastiest file infectors. It surprises me though as your winlogon.exe file was clean.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:17 AM

Posted 18 February 2009 - 02:15 AM

Are you still there?

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:17 AM

Posted 21 February 2009 - 10:48 AM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a PM within 2 days and I will reopen it for you.

Otherwise open a new topic if you have still a problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users