Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I cannot remove Trojan.Vundo.H, please help!


  • This topic is locked This topic is locked
26 replies to this topic

#1 AngeTheDude

AngeTheDude

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 26 February 2009 - 11:19 PM

It's always listed in my MBAM scans and it says it will be deleted upon reboot, but it's always there in the next scan. What do I do about this pesky trojan?

Malwarebytes' Anti-Malware 1.34
Database version: 1807
Windows 5.1.2600 Service Pack 2

2/26/2009 8:03:37 PM
mbam-log-2009-02-26 (03-03-21).txt

Scan type: Quick Scan
Objects scanned: 72694
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b124429-d460-4c60-8b2b-828637569a92} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\suoxntek (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8b124429-d460-4c60-8b2b-828637569a92} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\pnkyswz.dll (Trojan.Vundo.H) -> No action taken.

------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:08 PM, on 2/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600) a
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ange\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://central.informatica.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8B124429-D460-4C60-8B2B-828637569A92} - c:\windows\system32\pnkyswz.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: Mirar - {E51F80B8-5573-4DD6-980F-2DFCE033E7BC} - C:\WINDOWS\system32\winok77.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] -
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qoqw] C:\PROGRA~1\COMMON~1\qoqw\qoqwm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ange\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [tezrtsjhfr84iusjfo84f] C:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rxxxppcx.exe] C:\WINDOWS\rxxxppcx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rzjbicyk.exe] C:\WINDOWS\rzjbicyk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bnvxxran.exe] C:\WINDOWS\bnvxxran.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dbubimip.exe] C:\WINDOWS\dbubimip.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [tezrtsjhfr84iusjfo84f] C:\WINDOWS\TEMP\csrssc.exe (User 'Default user')
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB100\WUSB100.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130785168873
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130792793890
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - Winlogon Notify: suoxntek - pnkyswz.dll (file missing)
O20 - Winlogon Notify: vtUonnoL - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SMS Agent Host (CcmExec) - Unknown owner - C:\WINDOWS\System32\CCM\CcmExec.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 8905 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:04 AM

Posted 28 February 2009 - 07:10 PM

Hello AngeTheDude,

Sorry for the delay. We have almost 600 logs backed up and very few helpers.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b124429-d460-4c60-8b2b-828637569a92} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\suoxntek (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8b124429-d460-4c60-8b2b-828637569a92} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\pnkyswz.dll (Trojan.Vundo.H) -> No action taken.


I see No action taken in you Malwarebytes log. This means you did not quarentine the malware it found.

Please update Malwarebytes and run it again.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 1 month
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

Edited by SifuMike, 28 February 2009 - 07:13 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 AngeTheDude

AngeTheDude
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 01 March 2009 - 11:47 PM

Thanks for the reply! I hope I did this all right:

Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 2

3/1/2009 8:23:37 PM
mbam-log-2009-03-01 (20-23-37).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 210863
Time elapsed: 1 hour(s), 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b124429-d460-4c60-8b2b-828637569a92} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\suoxntek (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8b124429-d460-4c60-8b2b-828637569a92} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qieotpsv (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\qieotpsv (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qieotpsv (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b124429-d460-4c60-8b2b-828637569a92} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\pnkyswz.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zewxftp.dll (Trojan.Vundo.H) -> Delete on reboot.

=========================--=-=-=-=-=-=-=-=-=-=-


info.txt logfile of random's system information tool 1.05 2009-03-01 20:30:42

======Uninstall list======

-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3-->C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Audiosurf-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12900
Auto Gordian Knot 2.40-->C:\Program Files\AutoGK\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
CDisplayEx 1.4-->"C:\Program Files\CDisplayEx\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Creative EAX Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
Creative Speaker Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
Device Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy Hi-Q Recorder 2.0-->"C:\Program Files\Easy Hi-Q Recorder\unins000.exe"
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
FaceGen Modeller 3.1-->MsiExec.exe /I{332B1B33-D0EE-4A0A-AB2F-12BF56BCE1C3}
ffdshow [rev 1579] [2007-10-26]-->"C:\Program Files\ffdshow\unins000.exe"
Folding@Home-->C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\Folding@Home\UninstallDB9A.DAT
Free 3GP Video Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe"
FREE Hi-Q Recorder 1.92-->"C:\Program Files\FREE Hi-Q Recorder\unins000.exe"
Freelancer-->"D:\Program Files\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
Heart Of Darkness-->D:\PROGRA~1\HEARTO~1\UNWISE.EXE D:\PROGRA~1\HEARTO~1\INSTALL.LOG
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{3A316611-45D1-429C-AA26-B71259C44689}\setup\hpzscr01.exe -datfile hposcr11.dat
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
IONCROSS Freelancer Character Editor-->"C:\Program Files\IONCROSS Freelancer Character Editor\uninstall.exe"
IsoBuster 2.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Japanese Language Support-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KeyHoleTV-->"C:\Program Files\KeyHoleTV\uninstall.exe"
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
LimeWire PRO 4.12.3-->"C:\Program Files\LimeWire\uninstall.exe"
Linksys WUSB100 RangePlus Wireless USB Adapter-->C:\Program Files\InstallShield Installation Information\{E00A6137-2D82-4386-88EF-9AD4DFFF148A}\setup.exe -runfromtemp -l0x0409
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Mafia Game-->C:\WINDOWS\system32\MafiaSetup.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mirar-->mshta.exe http://remove.getmirar.com/
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
NVIDIA PureVideo Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
Oblivion - Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23D683DD-93C6-48E6-B84E-78B57778F126}\setup.exe" -l0x9 -removeonly
Oblivion mod manager 1.1.9-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
PC DUAL SHOCK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA12FD6C-169A-11D7-A6A9-00C026281E5B}\setup.exe" -l0x9
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Peggle Extreme-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerDVD Ultra-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime Alternative 2.7.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.60-->"C:\Program Files\Real Alternative\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Sony Ericsson Themes Creator 3.19-->C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec Endpoint Protection-->MsiExec.exe /I{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Typing of The Dead-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2E92CF8-8D2F-4203-B5C4-177174472C9A}\setup.exe"
Tweaper 1.2-->"C:\Program Files\Tweaper\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unofficial Oblivion Patch v2.2.0-->"C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe"
Unofficial Shivering Isles Patch v1.2.0-->"C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Shivering Isles Patch\unins000.exe"
Update for Windows Internet Explorer 8 (KB961813)-->"C:\WINDOWS\ie8updates\KB961813-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinAVI Video Converter-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8 Release Candidate 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"
YASA MP4 Video Converter v3.2 (build 0051)-->C:\PROGRA~1\YASAMP~1\UNWISE.EXE C:\PROGRA~1\YASAMP~1\INSTALL.LOG

======Hosts File======

195.245.119.131 browser-security.microsoft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: Symantec Endpoint Protection
FW: Symantec Endpoint Protection

System event log

Computer Name: ANGE
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Record Number: 5
Source Name: DCOM
Time Written: 20090219162946.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: ANGE
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service SENS with arguments ""
in order to run the server:
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Record Number: 4
Source Name: DCOM
Time Written: 20090219162946.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: ANGE
Event Code: 4
Message: Driver detected an internal error in its data structures for .

Record Number: 3
Source Name: sptd
Time Written: 20090219155809.000000-480
Event Type: error
User:

Computer Name: ANGE
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20090219155741.000000-480
Event Type: information
User:

Computer Name: ANGE
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090219155741.000000-480
Event Type: information
User:

Application event log

Computer Name: ANGE
Event Code: 6
Message:


Could not scan 2 files inside c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterRegistryTools2.zip due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent


Record Number: 129
Source Name: Symantec AntiVirus
Time Written: 20090220023243.000000-480
Event Type: warning
User:

Computer Name: ANGE
Event Code: 6
Message:


Could not scan 2 files inside c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterRegistryTools1.zip due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent


Record Number: 128
Source Name: Symantec AntiVirus
Time Written: 20090220023243.000000-480
Event Type: warning
User:

Computer Name: ANGE
Event Code: 6
Message:


Could not scan 2 files inside c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterRegistryTools.zip due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent


Record Number: 127
Source Name: Symantec AntiVirus
Time Written: 20090220023243.000000-480
Event Type: warning
User:

Computer Name: ANGE
Event Code: 6
Message:


Could not scan 2 files inside c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride1.zip due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent


Record Number: 126
Source Name: Symantec AntiVirus
Time Written: 20090220023243.000000-480
Event Type: warning
User:

Computer Name: ANGE
Event Code: 6
Message:


Could not scan 2 files inside c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent


Record Number: 125
Source Name: Symantec AntiVirus
Time Written: 20090220023243.000000-480
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Smart Projects\IsoBuster
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by ange at 2009-03-01 20:30:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 21 GB (28%) free of 76 GB
Total RAM: 1022 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:37 PM, on 3/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ange\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\ange\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\ange.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://central.informatica.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8B124429-D460-4C60-8B2B-828637569A92} - c:\windows\system32\pnkyswz.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: Mirar - {E51F80B8-5573-4DD6-980F-2DFCE033E7BC} - C:\WINDOWS\system32\winok77.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qoqw] C:\PROGRA~1\COMMON~1\qoqw\qoqwm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ange\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [tezrtsjhfr84iusjfo84f] C:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rxxxppcx.exe] C:\WINDOWS\rxxxppcx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rzjbicyk.exe] C:\WINDOWS\rzjbicyk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bnvxxran.exe] C:\WINDOWS\bnvxxran.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dbubimip.exe] C:\WINDOWS\dbubimip.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [tezrtsjhfr84iusjfo84f] C:\WINDOWS\TEMP\csrssc.exe (User 'Default user')
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB100\WUSB100.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130785168873
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130792793890
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - Winlogon Notify: suoxntek - C:\WINDOWS\SYSTEM32\pnkyswz.dll
O20 - Winlogon Notify: vtUonnoL - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SMS Agent Host (CcmExec) - Unknown owner - C:\WINDOWS\System32\CCM\CcmExec.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 9373 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-269536213-2167395947-3405039426-1011.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B124429-D460-4C60-8B2B-828637569A92}]
c:\windows\system32\pnkyswz.dll [2001-08-23 104960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-12 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E51F80B8-5573-4DD6-980F-2DFCE033E7BC} - Mirar - C:\WINDOWS\system32\winok77.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-02-11 1404928]
"P17Helper"=Rundll32 P17.dll []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]
"ccApp"=- []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2009-02-11 167936]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Aim6"= []
"qoqw"=C:\PROGRA~1\COMMON~1\qoqw\qoqwm.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"Google Update"=C:\Documents and Settings\ange\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-03 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\ange\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-03 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-03-14 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2009-02-11 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2008-10-15 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Wireless Network Monitor.lnk - C:\Program Files\Linksys\WUSB100\WUSB100.exe

C:\Documents and Settings\ange\Start Menu\Programs\Startup
Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\suoxntek]
C:\WINDOWS\system32\pnkyswz.dll [2001-08-23 104960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUonnoL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsphozrr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsphozrr.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Steam\steamapps\angethedude\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\angethedude\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\KeyHoleTV\KeyHoleTV.exe"="C:\Program Files\KeyHoleTV\KeyHoleTV.exe:*:Enabled:KeyHole TV Main Application"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Steam\steamapps\angethedude\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\angethedude\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Steam\steamapps\angethedude\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\angethedude\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\angethedude\zombie panic! source\hl2.exe"="C:\Program Files\Steam\steamapps\angethedude\zombie panic! source\hl2.exe:*:Enabled:hl2"
"D:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe"="D:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer"
"D:\Program Files\Microsoft Games\Freelancer\EXE\flserver.exe"="D:\Program Files\Microsoft Games\Freelancer\EXE\flserver.exe:*:Enabled:Freelancer"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Steam\steamapps\angethedude\insurgency\hl2.exe"="C:\Program Files\Steam\steamapps\angethedude\insurgency\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:left4dead"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{153edf66-24bd-11dd-bea7-0010c6b13f2b}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fc76668-fee8-11dd-9d6a-a92706811488}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a19a4d2e-c4c0-11dc-be75-0010c6b13f2b}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-03-01 20:30:13 ----D---- C:\rsit
2009-02-26 19:42:20 ----D---- C:\Program Files\Trend Micro
2009-02-26 19:32:29 ----D---- C:\32788R22FWJFW
2009-02-26 13:15:56 ----A---- C:\Bug.txt
2009-02-26 13:15:55 ----A---- C:\WINDOWS\system32\cmd.execf
2009-02-25 16:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-25 00:31:29 ----D---- C:\Documents and Settings\ange\Application Data\Malwarebytes
2009-02-25 00:31:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-25 00:31:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-21 02:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-02-21 02:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-02-21 02:51:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-21 02:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-02-21 02:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-21 02:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-02-21 02:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-21 02:50:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-21 02:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-02-21 02:49:47 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-02-21 02:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-02-21 02:49:18 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-02-21 02:49:05 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-02-21 02:48:53 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-02-21 02:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-02-21 02:48:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-21 02:48:19 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2009-02-21 02:48:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-02-21 02:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-02-21 02:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-02-21 02:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-02-21 02:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-02-21 02:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-02-21 02:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-02-21 02:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-02-21 02:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-02-21 02:46:18 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-02-21 02:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-02-21 02:45:56 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-02-21 02:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-02-21 02:45:33 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2009-02-21 02:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-21 02:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-21 02:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-21 02:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2009-02-21 02:44:41 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-02-21 02:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-21 02:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-02-21 02:43:07 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-02-21 02:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-02-21 02:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-21 02:41:43 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-02-21 02:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-02-21 02:41:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-02-21 02:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-02-21 02:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-02-21 02:40:42 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-02-21 02:40:27 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-02-21 02:40:17 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-02-21 02:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-02-21 02:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-02-21 02:39:42 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-02-21 02:38:46 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-02-21 02:38:35 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-02-21 02:38:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-21 02:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-02-21 02:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-21 02:37:56 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-02-21 02:37:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-21 02:37:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-02-21 02:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-21 02:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-02-21 02:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-21 02:36:10 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-02-21 02:35:55 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-02-21 02:35:44 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-02-21 02:35:34 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-02-21 02:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-21 02:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-02-21 02:35:00 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2009-02-21 02:34:49 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2009-02-21 02:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2009-02-21 02:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-02-21 02:34:18 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-02-21 02:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-02-21 02:33:56 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-02-21 02:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-21 02:33:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-02-21 02:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-21 02:33:08 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-02-21 02:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-02-21 02:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-21 02:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-21 02:32:26 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-02-21 02:32:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-21 02:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-21 02:31:55 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-02-21 02:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2009-02-21 02:31:34 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-02-21 02:31:23 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2009-02-21 02:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-02-21 02:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-02-21 02:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-02-21 02:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-02-21 02:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-02-21 02:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-02-20 13:39:17 ----D---- C:\WINDOWS\ie8updates
2009-02-20 13:36:53 ----HDC---- C:\WINDOWS\ie8
2009-02-20 13:07:03 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-02-20 13:06:42 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-20 13:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-02-20 02:00:34 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-02-19 16:59:35 ----D---- C:\Program Files\Symantec AntiVirus
2009-02-19 16:57:01 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-02-19 16:39:31 ----D---- C:\WINDOWS\Prefetch
2009-02-19 16:28:56 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-19 16:28:08 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-02-19 16:27:57 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-02-19 16:26:14 ----A---- C:\WINDOWS\system32\write.exe
2009-02-19 16:26:13 ----A---- C:\WINDOWS\system32\winmine.exe
2009-02-19 16:26:13 ----A---- C:\WINDOWS\system32\sol.exe
2009-02-19 16:26:13 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-02-19 16:26:13 ----A---- C:\WINDOWS\system32\charmap.exe
2009-02-19 16:26:13 ----A---- C:\WINDOWS\system32\calc.exe
2009-02-19 16:26:12 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-02-19 16:26:12 ----A---- C:\WINDOWS\system32\tskill.exe
2009-02-19 16:26:12 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-02-19 16:26:12 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-02-19 16:26:12 ----A---- C:\WINDOWS\system32\reset.exe
2009-02-19 16:26:12 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-02-19 16:26:12 ----A---- C:\WINDOWS\system32\freecell.exe
2009-02-19 16:26:11 ----A---- C:\WINDOWS\system32\regini.exe
2009-02-19 16:26:11 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-02-19 16:26:11 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-02-19 16:26:11 ----A---- C:\WINDOWS\system32\msg.exe
2009-02-19 16:26:11 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-02-19 16:26:08 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-02-19 16:26:07 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-02-19 16:26:06 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-02-19 16:26:06 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-02-19 16:26:05 ----A---- C:\WINDOWS\system32\spider.exe
2009-02-19 16:26:04 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-02-19 16:26:04 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-19 16:26:04 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-02-19 16:26:04 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-02-19 16:26:03 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-02-19 16:26:01 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-02-19 15:58:53 ----RA---- C:\WINDOWS\SET94.tmp
2009-02-19 15:58:50 ----RA---- C:\WINDOWS\SET85.tmp
2009-02-19 15:58:48 ----RA---- C:\WINDOWS\SET82.tmp
2009-02-19 15:42:23 ----RA---- C:\WINDOWS\SET8D.tmp
2009-02-19 15:42:18 ----RA---- C:\WINDOWS\SET81.tmp
2009-02-19 15:42:15 ----RA---- C:\WINDOWS\SET7E.tmp
2009-02-19 15:36:12 ----D---- C:\WINDOWS\NV896220.TMP
2009-02-19 15:30:30 ----RA---- C:\WINDOWS\SET8C.tmp
2009-02-19 15:30:27 ----RA---- C:\WINDOWS\SET80.tmp
2009-02-19 15:30:24 ----RA---- C:\WINDOWS\SET7D.tmp
2009-02-19 15:11:00 ----RA---- C:\WINDOWS\SET8B.tmp
2009-02-19 15:10:56 ----RA---- C:\WINDOWS\SET7F.tmp
2009-02-19 15:10:54 ----RA---- C:\WINDOWS\SET7C.tmp
2009-02-19 14:34:16 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-02-19 14:34:16 ----A---- C:\WINDOWS\system32\irclass.dll
2009-02-19 14:33:56 ----RA---- C:\WINDOWS\SETDF.tmp
2009-02-19 14:33:51 ----RA---- C:\WINDOWS\SETD3.tmp
2009-02-19 14:33:48 ----RA---- C:\WINDOWS\SETD0.tmp
2009-02-09 11:14:42 ----A---- C:\WINDOWS\system32\1E.tmp
2009-02-09 11:13:46 ----A---- C:\WINDOWS\system32\18.tmp
2009-02-09 11:13:45 ----A---- C:\WINDOWS\system32\17.tmp
2009-02-09 11:13:34 ----A---- C:\WINDOWS\system32\14.tmp
2009-02-09 11:13:20 ----A---- C:\WINDOWS\system32\12.tmp
2009-02-07 13:14:59 ----A---- C:\WINDOWS\system32\61.tmp
2009-02-07 12:33:50 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-03 17:51:34 ----A---- C:\WINDOWS\adobe.bat
2009-02-03 13:28:43 ----A---- C:\wgqjqf.exe
2009-02-03 13:28:38 ----A---- C:\nwurjr.exe
2009-02-03 13:28:37 ----A---- C:\ywdhlny.exe
2009-02-03 13:28:25 ----A---- C:\irvgoan.exe

======List of files/folders modified in the last 1 months======

2009-03-01 20:27:09 ----SHD---- C:\System Volume Information
2009-03-01 20:27:09 ----D---- C:\WINDOWS\system32\Restore
2009-03-01 20:26:50 ----AD---- C:\WINDOWS\Temp
2009-03-01 20:25:22 ----D---- C:\WINDOWS\system32\drivers
2009-03-01 20:24:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-01 20:20:25 ----D---- C:\Program Files\Mozilla Firefox
2009-03-01 00:57:08 ----D---- C:\WINDOWS\system32
2009-03-01 00:56:37 ----HD---- C:\WINDOWS\inf
2009-03-01 00:56:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-26 19:42:20 ----RD---- C:\Program Files
2009-02-26 03:14:20 ----D---- C:\WINDOWS
2009-02-25 19:53:18 ----SD---- C:\WINDOWS\Tasks
2009-02-25 16:01:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-25 00:25:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-21 17:37:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-21 17:34:48 ----SHD---- C:\WINDOWS\CSC
2009-02-21 12:56:06 ----D---- C:\Documents and Settings
2009-02-21 12:31:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-21 02:58:01 ----D---- C:\WINDOWS\Minidump
2009-02-21 02:57:44 ----D---- C:\WINDOWS\msagent
2009-02-21 02:51:34 ----A---- C:\WINDOWS\imsins.BAK
2009-02-21 02:50:21 ----D---- C:\Program Files\Messenger
2009-02-21 02:42:59 ----D---- C:\Program Files\Windows Media Player
2009-02-21 02:41:33 ----D---- C:\Program Files\Outlook Express
2009-02-21 02:41:33 ----D---- C:\Program Files\Common Files\System
2009-02-21 02:40:48 ----D---- C:\WINDOWS\system32\Com
2009-02-20 23:37:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-20 14:07:54 ----D---- C:\WINDOWS\system32\en-US
2009-02-20 14:07:54 ----D---- C:\WINDOWS\Media
2009-02-20 14:07:54 ----D---- C:\WINDOWS\Help
2009-02-20 14:07:54 ----D---- C:\Program Files\Internet Explorer
2009-02-20 13:50:10 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-20 09:41:27 ----D---- C:\Program Files\Folding@Home
2009-02-20 02:14:58 ----HD---- C:\Config.Msi
2009-02-20 02:02:51 ----SHD---- C:\WINDOWS\Installer
2009-02-20 02:02:40 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-20 02:02:08 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-20 02:00:56 ----D---- C:\Program Files\Symantec
2009-02-20 02:00:23 ----D---- C:\WINDOWS\WinSxS
2009-02-20 02:00:13 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-19 16:55:52 ----D---- C:\Documents and Settings\ange\Application Data\U3
2009-02-19 16:45:13 ----D---- C:\WINDOWS\Registration
2009-02-19 16:38:37 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-19 16:38:37 ----D---- C:\WINDOWS\system32\config
2009-02-19 16:38:36 ----D---- C:\WINDOWS\nview
2009-02-19 16:37:33 ----A---- C:\WINDOWS\setuplog.txt
2009-02-19 16:30:32 ----D---- C:\WINDOWS\security
2009-02-19 16:30:11 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-19 16:30:03 ----AC---- C:\WINDOWS\ODBCINST.INI
2009-02-19 16:29:36 ----D---- C:\WINDOWS\system32\ias
2009-02-19 16:29:00 ----RD---- C:\WINDOWS\Web
2009-02-19 16:28:47 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-19 16:28:31 ----A---- C:\WINDOWS\win.ini
2009-02-19 16:28:26 ----D---- C:\WINDOWS\system32\oobe
2009-02-19 16:28:25 ----D---- C:\Program Files\NetMeeting
2009-02-19 16:28:24 ----D---- C:\WINDOWS\srchasst
2009-02-19 16:28:16 ----D---- C:\Program Files\Movie Maker
2009-02-19 16:26:13 ----D---- C:\Program Files\Windows NT
2009-02-19 16:26:10 ----D---- C:\WINDOWS\system32\wbem
2009-02-19 16:11:11 ----SH---- C:\boot.ini
2009-02-19 15:59:15 ----A---- C:\WINDOWS\system.ini
2009-02-19 15:58:58 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-19 14:34:16 ----D---- C:\WINDOWS\system
2009-02-19 06:29:40 ----D---- C:\WINDOWS\system32\Setup
2009-02-19 06:29:32 ----D---- C:\WINDOWS\system32\usmt
2009-02-19 06:29:24 ----D---- C:\WINDOWS\AppPatch
2009-02-19 06:29:17 ----D---- C:\WINDOWS\mui
2009-02-19 06:29:17 ----D---- C:\WINDOWS\ehome
2009-02-19 06:29:16 ----D---- C:\WINDOWS\ime
2009-02-19 06:29:15 ----RSD---- C:\WINDOWS\Fonts
2009-02-19 06:29:04 ----D---- C:\WINDOWS\PeerNet
2009-02-19 06:28:52 ----D---- C:\WINDOWS\system32\npp
2009-02-19 06:27:00 ----D---- C:\WINDOWS\twain_32
2009-02-19 06:26:49 ----D---- C:\WINDOWS\system32\icsxml
2009-02-19 06:26:24 ----D---- C:\WINDOWS\system32\1033
2009-02-19 06:25:32 ----D---- C:\WINDOWS\Driver Cache
2009-02-11 16:45:26 ----A---- C:\WINDOWS\DUMP6baa.tmp
2009-02-11 02:06:47 ----A---- C:\WINDOWS\uninst.exe
2009-02-11 02:06:28 ----A---- C:\WINDOWS\system32\GkSui18.EXE
2009-02-11 02:05:59 ----RA---- C:\WINDOWS\system32\xmlinst.exe
2009-02-11 02:05:47 ----A---- C:\WINDOWS\system32\setupn.exe
2009-02-11 02:05:42 ----D---- C:\WINDOWS\system32\CCM
2009-02-11 02:05:32 ----A---- C:\WINDOWS\system32\Process.exe
2009-02-11 02:05:08 ----A---- C:\WINDOWS\system32\verclsid.exe
2009-02-11 02:04:35 ----A---- C:\WINDOWS\system32\wmpstub.exe
2009-02-11 02:04:13 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-02-11 02:04:12 ----A---- C:\WINDOWS\system32\swsc.exe
2009-02-11 02:04:12 ----A---- C:\WINDOWS\system32\swreg.exe
2009-02-11 02:04:00 ----A---- C:\WINDOWS\system32\slrundll.exe
2009-02-11 02:03:31 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-02-11 02:03:06 ----RA---- C:\WINDOWS\system32\MafiaSetup.exe
2009-02-11 02:03:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-11 02:03:00 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-11 02:03:00 ----A---- C:\WINDOWS\system32\java.exe
2009-02-11 02:02:55 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-02-11 02:02:55 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-02-11 02:02:00 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-02-11 02:01:58 ----A---- C:\WINDOWS\system32\DSndUp.exe
2009-02-11 02:01:29 ----A---- C:\WINDOWS\system32\dns-sd.exe
2009-02-11 02:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB839645$
2009-02-11 02:00:51 ----A---- C:\WINDOWS\system32\Copy of GkSui18.EXE
2009-02-11 02:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB837001$
2009-02-11 02:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB835732_RTM$
2009-02-11 02:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB835732$
2009-02-11 02:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB833998$
2009-02-11 02:00:31 ----A---- C:\WINDOWS\system32\AegisI5.exe
2009-02-11 02:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB828741_RTM$
2009-02-11 02:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB828741$
2009-02-11 02:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB828035$
2009-02-11 02:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB826942$
2009-02-11 02:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB826939$
2009-02-11 01:59:58 ----A---- C:\WINDOWS\system32\CleanUp.exe
2009-02-11 01:59:57 ----HDC---- C:\WINDOWS\$NtUninstallQ828026$
2009-02-11 01:59:30 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-02-11 01:58:41 ----A---- C:\WINDOWS\P17DEF.EXE
2009-02-11 01:58:40 ----A---- C:\WINDOWS\OALInst.exe
2009-02-11 01:55:14 ----HDC---- C:\WINDOWS\ie7
2009-02-11 01:54:31 ----A---- C:\WINDOWS\Property.exe
2009-02-11 01:52:50 ----A---- C:\WINDOWS\setdebug.exe
2009-02-11 01:47:22 ----SHD---- C:\RECYCLER
2009-02-11 01:46:37 ----A---- C:\WINDOWS\GetWinVer.exe
2009-02-11 01:37:26 ----D---- C:\Program Files\YASAMP4Converter
2009-02-11 01:36:31 ----D---- C:\Program Files\Windows Media Connect 2
2009-02-11 00:56:16 ----DC---- C:\I386
2009-02-10 15:35:24 ----A---- C:\WINDOWS\SMSCFG.ini
2009-02-03 14:30:58 ----A---- C:\WINDOWS\WININIT.INI
2009-02-03 14:20:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-03 13:31:44 ----D---- C:\Documents and Settings\ange\Application Data\Identities
2009-02-03 13:27:21 ----A---- C:\WINDOWS\system32\638ae4b4-.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-10-13 279600]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-10-13 43824]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-05-10 21419]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-16 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-16 18048]
R2 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-11-28 27072]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2005-03-17 132608]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090220.004\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090220.004\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-02-08 9856]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 517632]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-10-14 49536]
R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2005-10-09 17792]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
R4 SYMTDI;SYMTDI; - []
S1 ethbloms;ethbloms; C:\WINDOWS\system32\drivers\ethbloms.sys [2009-02-10 137600]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 FXDrv32;FXDrv32; \??\E:\FXDrv32.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mdxgthkn;mdxgthkn; \??\C:\DOCUME~1\ange\LOCALS~1\Temp\mdxgthkn.sys []
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys [2009-02-03 53248]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\System32\CCM\prepdrv.sys []
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-10-13 319664]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-08-21 27696]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2008-12-08 92488]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2009-02-11 229376]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2009-02-11 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-01-19 70968]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-11 182099]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec AntiVirus\Smc.exe [2008-12-08 1795400]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2009-02-11 24576]
S2 CcmExec;SMS Agent Host; C:\WINDOWS\System32\CCM\CcmExec.exe []
S2 qieotpsv;Intel Processor Helper; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2008-12-08 2440120]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2009-02-11 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-02-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-06-30 3093872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec AntiVirus\SNAC.EXE [2008-12-08 320840]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S4 ccEvtMgr;Symantec Event Manager; - []
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-12 168432]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:04 AM

Posted 02 March 2009 - 01:23 AM

Hi AngeTheDude,

I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now, if you did not install it.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player


If you uninstalled, please navigate to and delete the following folders
C:\Program Files\Viewpoint



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 12.
    You want the 32-bit version, not the 64 bit version :!:
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 12".
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language, then press Continue Selecting Windows give you the 32 bit version.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u12-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

    Examples of older versions in Add or Remove Programs:
    Java™ 6 Update 3
    Java™ 6 Update 5

  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your Symantec AntiVirus and Spybot Teatimer before running ComboFix, as they will prevent it from running.

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
To disable SYMANTEC ENDPOINT PROTECTION
Right click on the icon in the taskbar notification area & select "Disable Symantec EndPoint Protection".


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT
It is a simple procedure that will only take a few moments of your time. It is our safety net.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 AngeTheDude

AngeTheDude
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 02 March 2009 - 03:11 AM

I followed the instructions in regards to the Java update, and that was fine, but I cannot run Combofix. I click to run it and it shows a loading bar and then nothing happens.

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:04 AM

Posted 02 March 2009 - 11:28 AM

Hi AngeTheDude,

Did you disable your Symantec AntiVirus and Spybot Teatimer before running ComboFix, as they will prevent it from running?


If your still haveing problems with it try this:

Delete the ComboFix you now have on your desktop.


You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.



Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

You need to disable your Symantec AntiVirus and Spybot Teatimer before running ComboFix, as they will prevent it from running.

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
To disable SYMANTEC ENDPOINT PROTECTION
Right click on the icon in the taskbar notification area & select "Disable Symantec EndPoint Protection".


Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Edited by SifuMike, 02 March 2009 - 11:31 AM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 AngeTheDude

AngeTheDude
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 02 March 2009 - 03:38 PM

I did properly disable both Endpoint Protection and TeaTimer. Combo-Fix.exe still just shows the loading bar, the hourglass, and then nothing.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:04 AM

Posted 02 March 2009 - 03:45 PM

Hi,

Sounds like you are really infected. :thumbup2:

Let see if we can run Malwarebytes' Anti-Malware.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 02 March 2009 - 03:46 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 AngeTheDude

AngeTheDude
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 02 March 2009 - 03:47 PM

I've done that several times with MBAM and the trojan is always there upon restart. Are you sure I should do another MBAM scan?

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:04 AM

Posted 02 March 2009 - 03:49 PM

Yes. Update it run it again and post the log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 AngeTheDude

AngeTheDude
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 02 March 2009 - 06:08 PM

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 2

3/2/2009 1:32:29 PM
mbam-log-2009-03-02 (13-32-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 210110
Time elapsed: 40 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b124429-d460-4c60-8b2b-828637569a92} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\suoxntek (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8b124429-d460-4c60-8b2b-828637569a92} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qieotpsv (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\qieotpsv (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qieotpsv (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b124429-d460-4c60-8b2b-828637569a92} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\pnkyswz.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zewxftp.dll (Trojan.Vundo.H) -> Delete on reboot.

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:04 AM

Posted 02 March 2009 - 06:14 PM

HiAngeTheDude,

I was hoping the new update would take care of the infection, but no such luck. :thumbup2:


I will have to do this the hard way. It's much more work for me.


Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box at the top left.
  • Change the Rootkit Scan setting from "No" to Yes.
  • Click the Extras button under "Additional Scans".
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.
Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

Please post back with:
OTScanIT log
GMER Log

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 AngeTheDude

AngeTheDude
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 02 March 2009 - 07:14 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-02 16:11:51
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.14 ----

PAGE ntoskrnl.exe!SeTokenType + 7F 8056F2F5 7 Bytes JMP 873E8050
.text C:\WINDOWS\system32\drivers\vsphozrr.sys section is writeable [0xF7804000, 0x2B80, 0xEC000040]
.reloc C:\WINDOWS\system32\drivers\vsphozrr.sys section is executable [0xF780AE40, 0x640, 0xEE000040]
? C:\WINDOWS\system32\drivers\vsphozrr.sys Access is denied.

---- User code sections - GMER 1.0.14 ----

.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [ 25, 00, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [ 25 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtMapViewOfSection + 8 7C90DC5D 2 Bytes [ 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [ 65, 00, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [ A5, 01, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes [ E5, 01, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [ A5, 02, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [ 65, 01, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [ 65, 02, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes [ E5, 02, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [ A5, 00, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes [ E5, 00, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [ 25, 01, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [ 25, 02, 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [ E2 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [ 65 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtUnmapViewOfSection + 8 7C90E968 2 Bytes [ 16, 00 ]
.text C:\Documents and Settings\ange\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2356] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [ E2 ]

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs vsphozrr.sys
Device \FileSystem\Udfs \UdfsCdRom vsphozrr.sys
Device \FileSystem\Udfs \UdfsDisk vsphozrr.sys
Device \Driver\Tcpip \Device\Ip 8673C626
Device \FileSystem\RAW \Device\RawTape vsphozrr.sys
Device \FileSystem\MRxDAV \Device\WebDavRedirector vsphozrr.sys
Device \Driver\Tcpip \Device\Tcp 8673C626
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Tcpip \Device\Udp 8673C626
Device \Driver\Tcpip \Device\RawIp 8673C626
Device A vsphozrr.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver vsphozrr.sys
Device \Driver\Tcpip \Device\IPMULTICAST 8673C626
Device A mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A B8B447C8

AttachedDevice A fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.14 ----

Thread 4:560 86734FEB
Thread 4:564 86734FEB
Thread 4:568 86734FEB
Thread 4:572 86734FEB
Thread 4:576 86734FEB
Thread 4:580 86734FEB
Thread 4:584 86734FEB
Thread 4:588 86734FEB
Thread 4:592 86734FEB
Thread 4:596 86734FEB
Thread 4:600 86734FEB
Thread 4:604 86734FEB
Thread 4:608 86734FEB
Thread 4:612 86734FEB
Thread 4:616 86734FEB
Thread 4:620 86734FEB
Thread 4:624 86734FEB
Thread 4:628 86734FEB
Thread 4:632 86734FEB
Thread 4:636 86734FEB
Thread 4:640 86734FEB
Thread 4:644 86734FEB
Thread 4:648 86734FEB
Thread 4:652 86734FEB
Thread 4:656 86734FEB
Thread 4:660 86734FEB
Thread 4:664 86734FEB
Thread 4:668 86734FEB
Thread 4:672 86734FEB
Thread 4:676 86734FEB
Thread 4:680 86734FEB
Thread 4:684 86734FEB
Thread 4:688 86734FEB
Thread 4:692 86734FEB
Thread 4:696 86734FEB
Thread 4:700 86734FEB
Thread 4:704 86734FEB
Thread 4:708 86734FEB
Thread 4:712 86734FEB
Thread 4:716 86734FEB
Thread 4:720 86734FEB
Thread 4:724 86734FEB
Thread 4:728 86734FEB
Thread 4:732 86734FEB
Thread 4:736 86734FEB
Thread 4:740 86734FEB
Thread 4:744 86734FEB
Thread 4:748 86734FEB
Thread 4:752 86734FEB
Thread 4:756 86734FEB
Thread 4:760 86734FEB
Thread 4:764 86734FEB
Thread 4:768 86734FEB
Thread 4:772 86734FEB
Thread 4:776 86734FEB
Thread 4:780 86734FEB

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5B 0xA2 0xB3 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBD 0xFD 0xE0 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBB 0xD7 0x4D 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x88 0x15 0xDD 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5B 0xA2 0xB3 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBD 0xFD 0xE0 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBB 0xD7 0x4D 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9E 0x8D 0x4E 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5B 0xA2 0xB3 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBD 0xFD 0xE0 0x9A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBB 0xD7 0x4D 0x22 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x88 0x15 0xDD 0x3C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5B 0xA2 0xB3 0x20 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBD 0xFD 0xE0 0x9A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBB 0xD7 0x4D 0x22 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x88 0x15 0xDD 0x3C ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs jptenm.dll rpahdr.dll ftbejw.dll kurhni.dll cpggfy.dll cvfrwc.dll hkixiv.dll kcfuiz.dll,lwwbwm.dll hflerq.dll,cmxlla.dll xianhk.dll qcyxve.dll cofekc.dll acykhd.dll mvjrbz.dll czwvve.dll ykewzg.dll egyryz.dll viaacp.dll lemzls.dll gacxsf.dll miwsfk.dll eoodwv.dll qogpdj.dll zjvxmc.dll xpprov.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.14 ----

Attached Files



#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:04 AM

Posted 02 March 2009 - 08:14 PM

Hi,

From your OtScanIt2 log, I can see that combofix created several of its files, so it looks like it began to run :thumbup2: Did you let it complete? Did you stop it?
It might take 20 minutes to complete.



See if you have a C:\ComboFix.txt file or a c:\Qoobox folder
Post them if you find them.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 AngeTheDude

AngeTheDude
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 02 March 2009 - 09:03 PM

I do have a C:\Qoobox folder but no combofix.txt. I never stopped ComboFix because it never made it past the load bar.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users