Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Home laptop with lots of Trojans, Malware, and constant lock ups or shut downs


  • Please log in to reply
34 replies to this topic

#1 Azendel

Azendel

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 09 July 2009 - 09:29 AM

My laptop is dreadfully messed up. Im not even sure how to describe it other than a massive infection. Spybot and Adware all come up with a bunch of things (around 70). My internet wont work, but i already had Hijackthis loaded, so here is the log. Please help...this is my school computer and my thesis is coming up soon! Need it to finish a Masters! Thanks


Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:29 AM, on 7/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\nrds.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Documents and Settings\All Users\Application Data\93527806\93527806.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Application Data\93527806\93527806 .exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\WINDOWS\system32\qgccrsj0ec9g.exe
C:\Documents and Settings\Wilke\Wilke.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080110
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=5nMMnMSypzYU763wFjyTdarNLP0
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe
O2 - BHO: (no name) - {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nrds] C:\WINDOWS\system32\nrds.exe \u
O4 - HKLM\..\Run: [rgcarsj0ec9g] C:\WINDOWS\system32\qgccrsj0ec9g.exe
O4 - HKLM\..\Run: [13517814] C:\Documents and Settings\All Users\Application Data\13517814\13517814.exe
O4 - HKLM\..\Run: [93527806] C:\Documents and Settings\All Users\Application Data\93527806\93527806.exe
O4 - HKLM\..\Run: [93527806 ] C:\Documents and Settings\All Users\Application Data\93527806\93527806 .exe
O4 - HKLM\..\Run: [93527806 ] C:\Documents and Settings\All Users\Application Data\93527806\93527806 .exe
O4 - HKLM\..\Run: [93527806 ] C:\Documents and Settings\All Users\Application Data\93527806\93527806 .exe
O4 - HKLM\..\Run: [93527806 ] C:\Documents and Settings\All Users\Application Data\93527806\93527806 .exe
O4 - HKLM\..\Run: [93527806 ] C:\Documents and Settings\All Users\Application Data\93527806\93527806 .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Wilke] C:\Documents and Settings\Wilke\Wilke.exe /i
O4 - Startup: ihaupd32.exe
O4 - Startup: zqosys32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Wilke\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\24326375.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\24326375.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: LJahrLITx - {60867787-CA2C-DD2D-C357-1ABE79D93E95} - C:\WINDOWS\system32\vuvn.dll (file missing)
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast!antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Update Service (gupdate1c98d719e2479c2) (gupdate1c98d719e2479c2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10546 bytes

BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 09 July 2009 - 09:54 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Azendel

Azendel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 09 July 2009 - 10:10 PM

I was able to download the programs, but all I was able to do was to run The Comedian. I get 75% through with malware and my laptop bluescreens and forces a shut down. spybot continues to be a problem as well, because when i try to run it the computer freezes and blue screens also. I can shut down teatimer but the only way I have been able to successfully do that is through ctrl+alt+delete and find it in processes and shut it down manually. I will keep trying to run malwarebytes. will letting it run for a while (30 mins seems to be about the amount of time i get till blue screen every time) and pausing it and then letting it delete stuff be helpful?

Thanks for the quick response. I would love to get this fixed without losing info or having to reload windows or something drastic like that. school lappy = loads of info possibly lost....

Thanks again.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 09 July 2009 - 11:16 PM

Proceed with RSIT and GMER steps and post the logs here please :thumbup2:

If you can't do both steps tell me, we'll do another route..

Edited by fenzodahl512, 09 July 2009 - 11:19 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Azendel

Azendel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 10 July 2009 - 05:21 PM

Ok, i had to jump through some hoops, but got it to work, sort of. I ran malwarebytes until it was about time for the crash...and stopped the scan and created a report (deleting the items it had found up to that point). Rebooted, scanned again, and the laptop did not crash this time. so i have 2 malwarebytes logs, and the others. ill post them now:

#6 Azendel

Azendel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 10 July 2009 - 05:26 PM

Malwarebytes' Anti-Malware 1.38
Database version: 2401
Windows 5.1.2600 Service Pack 2

7/9/2009 11:43:20 PM
mbam-log-2009-07-09 (23-43-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 88434
Time elapsed: 20 minute(s), 30 second(s)

Memory Processes Infected: 13
Memory Modules Infected: 4
Registry Keys Infected: 6
Registry Values Infected: 19
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 195

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\13517814\13517814 .exe (Rogue.Multiple.H) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\93527806\93527806 .exe (Rogue.Multiple.H) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\smss.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\nrds.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\qgccrsj0ec9g.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Cutwail) -> Unloaded process successfully.
C:\WINDOWS\system32\regedit.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Wilke\reader_s.exe (Trojan.Cutwail) -> Unloaded process successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (TrojanProxy.Slenugga) -> Unloaded process successfully.
C:\Documents and Settings\Wilke\Local Settings\Temp\kzyi9xdn .exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Wilke\Local Settings\Temp\kzyi9xdn .exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Wilke\Local Settings\Temp\781.exe (TrojanProxy.Slenugga) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\sgc9rsj0ec9g.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Wilke\Local Settings\Temp\353453910mmx.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\24326375.dll (Hijack.LSP) -> Delete on reboot.
C:\WINDOWS\system32\sdjee3inf.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e9d4c81-9f27-4c14-b804-7b0f6bc88a4f} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fc1b64d9-3499-4791-82d5-aabac3faea45} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13517814 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\93527806 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\93527806 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\93527806 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\93527806 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\93527806 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\93527806 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\93527806 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\93527806 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\93527806 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\93527806 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nrds (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rgcarsj0ec9g (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Cutwail) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Dropper) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Cutwail) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg515-k641-55sf-n66p (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\swg (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (regedit.exe"%1" %*) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\drivers\smss.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\13517814 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\93527806 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\sdjee3inf.dll (Trojan.Zlob.H) -> Delete on reboot.
c:\documents and settings\all users\application data\13517814\13517814 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13517814\13517814.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13517814\13517814.exe47 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13517814\13517814.exe4902 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13517814\13517814.exe52 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13517814\13517814.exe53 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13517814\13517814.exe55 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13517814\13517814.exe62 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13517814\13517814.exe63 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13517814\13517814.glu (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13517814\pc13517814 cnf (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13517814\pc13517814 ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe67 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe66 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe58 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe65 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe57 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe64 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe4904 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe52 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe55 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe56 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806 .exe63 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806.exe48 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806.exe4903 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806.exe52 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806.exe53 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806.exe54 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\93527806\93527806.exe57 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sgc9rsj0ec9g.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Wilke\Local Settings\Temp\353453910mmx.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\24326375.dll (Hijack.LSP) -> Delete on reboot.
C:\WINDOWS\system32\drivers\smss.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nrds.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qgccrsj0ec9g.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regedit.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\Wilke\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wilke\Local Settings\Temp\kzyi9xdn .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wilke\Local Settings\Temp\781.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\fdvjfx.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\furvsh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\gjpipkpu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\jsrtadqg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\qvqeddj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\stfqqym.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\iqdjo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\reader_s .exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\reader_s.exe43 (Trojan.Cutwail) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\reader_s.exe47 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\reader_s.exe58 (Trojan.Cutwail) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\Wilke.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\148.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\259.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\qf6idzbd6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\qt4yninz6j.exe (Rogue.AntiVirusBest) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\rgr37.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\sg0v9b.exe (Rogue.AntiVirusBest) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\svchost .exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\svchost.exe42 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\svchost.exe46 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\xddwdlgt.exe (Rogue.AntiVirusBest) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\yvcz7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\zjhufhdfe.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\~TM11.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\~TM13.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\~TM15.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\~TMC.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\~TME.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\ms1247105212 .exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\ms1247105212.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\o620stkm6.exe (Rogue.AntiVirusBest) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\i33x4aumj3.exe (Rogue.AntiVirusBest) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\install.48349.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\jej2njidao.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\jgchemc.exe (Rogue.AntiVirusBest) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\kzyi9xdn .exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\kzyi9xdn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\kzyi9xdn.exe40 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\kzyi9xdn.exe42 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\kzyi9xdn.exe43 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\kzyi9xdn.exe47 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\l0x9n0.exe (Rogue.AntiVirusBest) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\l3one0o6nm.exe (Rogue.AntiVirusBest) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\679.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\gwfaq.exe (Rogue.AntiVirusBest) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\gx1hr0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\h76fi0obc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\963.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\a9g1ie0e0h.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\asa7hridf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\cn3mt1wj0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\taskmgr.exe42 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\umq3c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\umq3c.exe40 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\uungk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\305.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\377.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\430.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\494.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\611.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\663.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\PUO3HFD0\fcdzd[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\PUO3HFD0\aasuper1[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\PUO3HFD0\aasuper1[2].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\PUO3HFD0\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\PUO3HFD0\wfcdqr[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\aasuper1[1].htm (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\fcdzd[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\vfcggulym[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\vfcggulym[2].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\wfcdqr[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\wfcdqr[2].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\fcdzd[2].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\fivijnnboc[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\fivijnnboc[2].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\fivijnnboc[3].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\flvjj[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\flvjj[2].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\flvjj[3].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\VDF1SP4T\flvjj[5].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\XP887FUY\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\XP887FUY\aasuper3[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\XP887FUY\fivijnnboc[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\XP887FUY\pqz[2].exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\XP887FUY\ccznrrs[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\XP887FUY\vfcggulym[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\XP887FUY\vfcggulym[2].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\XP887FUY\wfcdqr[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\YAM4EU1D\aasuper1[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\YAM4EU1D\aasuper3[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\YAM4EU1D\aasuper3[2].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\YAM4EU1D\aasuper3[3].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\YAM4EU1D\install.48349[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\YAM4EU1D\wfcdqr[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\YWCVTHUU\fcdzd[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\YWCVTHUU\preloader_9[1].exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\YWCVTHUU\click[1].jpg (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\YWCVTHUU\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\temporary internet files\Content.IE5\YWCVTHUU\loaderadv563[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\start menu\Programs\Startup\ihaupd32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\start menu\Programs\Startup\zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe38 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe39 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe40 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe41 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe47 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe4899 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe50 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe52 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe53 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe57 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe37 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe38 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe40 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe46 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe4897 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe50 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe52 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe55 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\QooBox\quarantine\C\WINDOWS\system32\bmcmvehn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\QooBox\quarantine\C\WINDOWS\system32\exotbqqr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\QooBox\quarantine\C\WINDOWS\system32\hfqduxws.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\QooBox\quarantine\C\WINDOWS\system32\jgyntljf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\QooBox\quarantine\C\WINDOWS\system32\lurpwqiv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\QooBox\quarantine\C\WINDOWS\system32\oxxnwkfc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\QooBox\quarantine\C\WINDOWS\system32\pynckqot.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\QooBox\quarantine\C\WINDOWS\system32\tcwjvyss.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\QooBox\quarantine\C\WINDOWS\system32\vxkiisva.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\QooBox\quarantine\C\WINDOWS\system32\wacissqx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\QooBox\quarantine\C\WINDOWS\system32\xbabwbkb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq .exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe44 (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe46 (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe47 (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe48 (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe59 (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-4394000586-5477696287-464166432-2678\wnzip32.exe (Backdoor.SdBot) -> Delete on reboot.


Malwarebytes' Anti-Malware 1.38
Database version: 2401
Windows 5.1.2600 Service Pack 2

7/10/2009 4:08:04 PM
mbam-log-2009-07-10 (16-08-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 175098
Time elapsed: 44 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 52

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast!AntiVirus (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dailybucks_install.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf7husjnfg98gi498aejhiugjkdg4 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Recover! (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{46c166aa-3108-11d4-9348-00c04f8eeb71}\inprocserver32\(default) (Hijack.Hnetcfg) -> Bad: (\\?\globalroot\systemroot\installer\149d5.msi) Good: (hnetcfg.dll) -> Quarantined and deleted successfully.

Folders Infected:
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\gsf83iujid.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qgccrsj0ec9g .exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qgccrsj0ec9g.exe46 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qgccrsj0ec9g.exe49 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qgccrsj0ec9g.exe51 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qgccrsj0ec9g.exe55 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\qgccrsj0ec9g.exe61 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\reader_s .exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\reader_s.exe52 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\reader_s.exe59 (Trojan.Cutwail) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\reader_s.exe61 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\reader_s.exe70 (Trojan.Cutwail) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\securentm.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\netsik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\fips32cup.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\ws2_32sik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BN10.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BN12.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BN9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BNA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BNB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BNC.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BND.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BNE.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BNF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\Local Settings\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ckxd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\Local Settings\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\Local Settings\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\local settings\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BN15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\BM63b544b5.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\BM63b544b5.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\Local Settings\Temp\services.exe (Password.Stealer) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\chrome\amba.jar (Trojan.Hanam) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wilke\Local Settings\Temp\debug.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\Wilke\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Wilke\Local Settings\Temp\db.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\gklrwl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\illhtee.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

info.txt logfile of random's system information tool 1.06 2009-07-10 16:38:14

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
ACTIVstudio PE Help (GBR) v2.0.3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D70793DC-06DB-4316-BFBF-F860302F069A}
ACTIVstudio PE Help (USA) v2.0.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8DB96305-6AB9-4F13-9EFC-337B8591886E}
ACTIVstudio Professional Edition v2.1.34-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{B4D050BA-F0A6-4F57-A0AC-CDCE03EA9B62} /l1033
ACTIVstudio Resources (USA) v2.5.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A118956E-C109-4D0D-BE7F-EBA225B28269}
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Cisco Clean Access Agent-->MsiExec.exe /X{41C18715-AFF0-49E9-B940-287A50532D33}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Docking Station-->C:\Program Files\Docking Station\InstallBlast.exe --uninstall
Driver Detective-->MsiExec.exe /X{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
eBook: Elementary Education Curriculum, Instruction and Assessment Study Guide, 2nd Edition-->MsiExec.exe /X{B0324B10-848F-4061-A345-3585284955A7}
eBook: Principles of Learning and Teaching (PLT)-->MsiExec.exe /X{7490CF08-A332-42D3-BD01-47F77556066C}
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LEGO Digital Designer-->C:\Program Files\LEGO Company\LEGO Digital Designer\Uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PANTECH PC USB Modem Software-->C:\Program Files\PANTECH\PANTECH USB Modem\PTDMUninstall.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickBooks Pro 2006-->msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2006" ADDREMOVE=1
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SPORE™ Creepy & Cute Parts Pack-->"C:\Program Files\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\setup.exe" -runfromtemp -l0x0009 -removeonly
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

=====HijackThis Backups=====

O20 - Winlogon Notify: pmnolji - pmnolji.dll (file missing) [2008-03-01]
O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file) [2008-03-01]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2008-03-01]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: GEVIN
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001E4C753867. The following
error occurred:
An operation was attempted on something that is not a socket.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 33285
Source Name: Dhcp
Time Written: 20090611075008.000000-240
Event Type: warning
User:

Computer Name: GEVIN
Event Code: 1002
Message: The IP address lease 10.119.30.141 for the Network Card with network address 001E4C753867 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 33263
Source Name: Dhcp
Time Written: 20090610171407.000000-240
Event Type: error
User:

Computer Name: GEVIN
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{F0687F40-F7AA-42C7-9FF5-9FE9FFA2614B}.

Record Number: 33243
Source Name: Server
Time Written: 20090610084450.000000-240
Event Type: warning
User:

Computer Name: GEVIN
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001E4C753867. The IP address being used is 169.254.33.4.

Record Number: 33242
Source Name: Dhcp
Time Written: 20090610084441.000000-240
Event Type: warning
User:

Computer Name: GEVIN
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001E4C753867. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 33241
Source Name: Dhcp
Time Written: 20090610084439.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: GEVIN
Event Code: 20
Message:
Record Number: 4255
Source Name: Google Update
Time Written: 20090321205236.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GEVIN
Event Code: 20
Message:
Record Number: 4248
Source Name: Google Update
Time Written: 20090321125137.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GEVIN
Event Code: 20
Message:
Record Number: 4247
Source Name: Google Update
Time Written: 20090320220127.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GEVIN
Event Code: 20
Message:
Record Number: 4246
Source Name: Google Update
Time Written: 20090320210130.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GEVIN
Event Code: 20
Message:
Record Number: 4245
Source Name: Google Update
Time Written: 20090320200131.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-07-10 16:38:14

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
ACTIVstudio PE Help (GBR) v2.0.3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D70793DC-06DB-4316-BFBF-F860302F069A}
ACTIVstudio PE Help (USA) v2.0.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8DB96305-6AB9-4F13-9EFC-337B8591886E}
ACTIVstudio Professional Edition v2.1.34-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{B4D050BA-F0A6-4F57-A0AC-CDCE03EA9B62} /l1033
ACTIVstudio Resources (USA) v2.5.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A118956E-C109-4D0D-BE7F-EBA225B28269}
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Cisco Clean Access Agent-->MsiExec.exe /X{41C18715-AFF0-49E9-B940-287A50532D33}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Docking Station-->C:\Program Files\Docking Station\InstallBlast.exe --uninstall
Driver Detective-->MsiExec.exe /X{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
eBook: Elementary Education Curriculum, Instruction and Assessment Study Guide, 2nd Edition-->MsiExec.exe /X{B0324B10-848F-4061-A345-3585284955A7}
eBook: Principles of Learning and Teaching (PLT)-->MsiExec.exe /X{7490CF08-A332-42D3-BD01-47F77556066C}
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LEGO Digital Designer-->C:\Program Files\LEGO Company\LEGO Digital Designer\Uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PANTECH PC USB Modem Software-->C:\Program Files\PANTECH\PANTECH USB Modem\PTDMUninstall.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickBooks Pro 2006-->msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2006" ADDREMOVE=1
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SPORE™ Creepy & Cute Parts Pack-->"C:\Program Files\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\setup.exe" -runfromtemp -l0x0009 -removeonly
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

=====HijackThis Backups=====

O20 - Winlogon Notify: pmnolji - pmnolji.dll (file missing) [2008-03-01]
O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file) [2008-03-01]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2008-03-01]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: GEVIN
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001E4C753867. The following
error occurred:
An operation was attempted on something that is not a socket.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 33285
Source Name: Dhcp
Time Written: 20090611075008.000000-240
Event Type: warning
User:

Computer Name: GEVIN
Event Code: 1002
Message: The IP address lease 10.119.30.141 for the Network Card with network address 001E4C753867 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 33263
Source Name: Dhcp
Time Written: 20090610171407.000000-240
Event Type: error
User:

Computer Name: GEVIN
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{F0687F40-F7AA-42C7-9FF5-9FE9FFA2614B}.

Record Number: 33243
Source Name: Server
Time Written: 20090610084450.000000-240
Event Type: warning
User:

Computer Name: GEVIN
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001E4C753867. The IP address being used is 169.254.33.4.

Record Number: 33242
Source Name: Dhcp
Time Written: 20090610084441.000000-240
Event Type: warning
User:

Computer Name: GEVIN
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001E4C753867. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 33241
Source Name: Dhcp
Time Written: 20090610084439.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: GEVIN
Event Code: 20
Message:
Record Number: 4255
Source Name: Google Update
Time Written: 20090321205236.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GEVIN
Event Code: 20
Message:
Record Number: 4248
Source Name: Google Update
Time Written: 20090321125137.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GEVIN
Event Code: 20
Message:
Record Number: 4247
Source Name: Google Update
Time Written: 20090320220127.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GEVIN
Event Code: 20
Message:
Record Number: 4246
Source Name: Google Update
Time Written: 20090320210130.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GEVIN
Event Code: 20
Message:
Record Number: 4245
Source Name: Google Update
Time Written: 20090320200131.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\

-----------------EOF-----------------

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-10 18:06:14
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\11c7f9e1.sys ZwCreateEvent [0xB8F770AD]
SSDT \SystemRoot\System32\drivers\11c7f9e1.sys ZwCreateKey [0xB8F75185]
SSDT \SystemRoot\System32\drivers\11c7f9e1.sys ZwOpenKey [0xB8F75245]

Code 8A872500 pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? elbs.sys The system cannot find the file specified. !
? C:\WINDOWS\System32\drivers\8c358e8e.sys The system cannot find the file specified.
? C:\WINDOWS\System32\drivers\6d50f76d.sys The system cannot find the file specified.
? C:\WINDOWS\System32\drivers\4a3c0cef.sys The system cannot find the file specified.
? C:\WINDOWS\System32\drivers\2f141943.sys The system cannot find the file specified.
? C:\WINDOWS\System32\drivers\11c7f9e1.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\winlogon.exe[744] C:\WINDOWS\system32\winlogon.exe section is executable [0x01076000, 0xB000, 0x60000060]
.rsrc C:\WINDOWS\system32\winlogon.exe[744] C:\WINDOWS\system32\winlogon.exe entry point in ".rsrc" section [0x01080000]
.rsrc C:\WINDOWS\system32\services.exe[788] C:\WINDOWS\system32\services.exe section is executable [0x0101C000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\services.exe[788] C:\WINDOWS\system32\services.exe entry point in ".rsrc" section [0x0101D000]
.rsrc C:\WINDOWS\system32\svchost.exe[996] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[996] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\system32\svchost.exe[1064] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1064] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\System32\svchost.exe[1096] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\System32\svchost.exe[1096] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\system32\svchost.exe[1228] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1228] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\system32\svchost.exe[1296] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1296] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\system32\svchost.exe[1348] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1348] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.reloc C:\WINDOWS\Explorer.EXE[1576] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x5000, 0x62000060]
.reloc C:\WINDOWS\Explorer.EXE[1576] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x010FF000]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 11c7f9e1.sys
Device \Driver\NDIS \Device\Ndis [8A84C982] NDIS.sys[.reloc]
Device \Driver\Tcpip \Device\Ip 11c7f9e1.sys

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp 11c7f9e1.sys
Device \Driver\Tcpip \Device\Udp 11c7f9e1.sys
Device \Driver\Tcpip \Device\RawIp 11c7f9e1.sys
Device \Driver\Tcpip \Device\IPMULTICAST 11c7f9e1.sys
Device \FileSystem\Fastfat \Fat B3DA1C8A
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\drivers\11c7f9e1.sys (*** hidden *** ) [SYSTEM] 11c7f9e1 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\drivers\2f141943.sys (*** hidden *** ) [SYSTEM] 2f141943 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\drivers\4a3c0cef.sys (*** hidden *** ) [SYSTEM] 4a3c0cef <-- ROOTKIT !!!
Service C:\WINDOWS\System32\drivers\6d50f76d.sys (*** hidden *** ) [SYSTEM] 6d50f76d <-- ROOTKIT !!!
Service C:\WINDOWS\System32\drivers\8c358e8e.sys (*** hidden *** ) [SYSTEM] 8c358e8e <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\11c7f9e1@ImagePath \SystemRoot\System32\drivers\11c7f9e1.sys
Reg HKLM\SYSTEM\controlset002\Services\11c7f9e1@Type 1
Reg HKLM\SYSTEM\controlset002\Services\11c7f9e1@Start 1
Reg HKLM\SYSTEM\controlset002\Services\11c7f9e1@ErrorControl 1
Reg HKLM\SYSTEM\controlset002\Services\11c7f9e1@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\controlset002\Services\2f141943@ImagePath \SystemRoot\System32\drivers\2f141943.sys
Reg HKLM\SYSTEM\controlset002\Services\2f141943@Type 1
Reg HKLM\SYSTEM\controlset002\Services\2f141943@Start 1
Reg HKLM\SYSTEM\controlset002\Services\2f141943@ErrorControl 1
Reg HKLM\SYSTEM\controlset002\Services\2f141943@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\controlset002\Services\4a3c0cef@ImagePath \SystemRoot\System32\drivers\4a3c0cef.sys
Reg HKLM\SYSTEM\controlset002\Services\4a3c0cef@Type 1
Reg HKLM\SYSTEM\controlset002\Services\4a3c0cef@Start 1
Reg HKLM\SYSTEM\controlset002\Services\4a3c0cef@ErrorControl 1
Reg HKLM\SYSTEM\controlset002\Services\4a3c0cef@F96ZK6nPB YmluZGVyeXNlcnZpY2UubW9iaQ==
Reg HKLM\SYSTEM\controlset002\Services\6d50f76d@ImagePath \SystemRoot\System32\drivers\6d50f76d.sys
Reg HKLM\SYSTEM\controlset002\Services\6d50f76d@Type 1
Reg HKLM\SYSTEM\controlset002\Services\6d50f76d@Start 1
Reg HKLM\SYSTEM\controlset002\Services\6d50f76d@ErrorControl 1
Reg HKLM\SYSTEM\controlset002\Services\8c358e8e@ImagePath \SystemRoot\System32\drivers\8c358e8e.sys
Reg HKLM\SYSTEM\controlset002\Services\8c358e8e@Type 1
Reg HKLM\SYSTEM\controlset002\Services\8c358e8e@Start 1
Reg HKLM\SYSTEM\controlset002\Services\8c358e8e@ErrorControl 1
Reg HKLM\SYSTEM\controlset002\Services\8c358e8e@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\CurrentControlSet\Services\11c7f9e1@ImagePath \SystemRoot\System32\drivers\11c7f9e1.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\11c7f9e1@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\11c7f9e1@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\11c7f9e1@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\11c7f9e1@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\CurrentControlSet\Services\2f141943@ImagePath \SystemRoot\System32\drivers\2f141943.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\2f141943@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\2f141943@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\2f141943@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\2f141943@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\CurrentControlSet\Services\4a3c0cef@ImagePath \SystemRoot\System32\drivers\4a3c0cef.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\4a3c0cef@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4a3c0cef@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4a3c0cef@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4a3c0cef@F96ZK6nPB YmluZGVyeXNlcnZpY2UubW9iaQ==
Reg HKLM\SYSTEM\CurrentControlSet\Services\6d50f76d@ImagePath \SystemRoot\System32\drivers\6d50f76d.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\6d50f76d@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\6d50f76d@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\6d50f76d@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\8c358e8e@ImagePath \SystemRoot\System32\drivers\8c358e8e.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\8c358e8e@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\8c358e8e@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\8c358e8e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\8c358e8e@F96ZK6nPB YWR2YW50YXN0YXIudXM=

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys (size mismatch) 182656/182912 bytes executable
File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 212480/182912 bytes executable
File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 212480/182912 bytes executable

---- EOF - GMER 1.0.15 ----

#7 Azendel

Azendel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 10 July 2009 - 05:33 PM

quick note.....my wireless wont work on the laptop. so i put the log files on a flash....transfered them to my home pc....and posted from my home pc. which is now also infected. =/ doing the exact same things. my life sucks.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 10 July 2009 - 11:58 PM

Wow... That computer has very nice amount of juice (malware) that I love to play :thumbup2:

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

------------------------------------------------------------------------------------------------------------------

NOTE: IMPORTANT! To other lurkers who see this topic, if you ever want to use ComboFix, please have a look at below tutorial.. You have been warned!

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Azendel

Azendel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 11 July 2009 - 08:39 AM

ok, trying to get the files to download. another note....it takes roughly 10 minutes for laptop to boot to desktop. i also ran the comedian on my desktop that got infected via flash drive (from laptop) and was then able to do a system restore...it seems to have done the trick. no error messages yet. ill post new logs from laptop when i get them. thanks for your help.

Edited by Azendel, 11 July 2009 - 08:44 AM.


#10 Azendel

Azendel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 11 July 2009 - 09:13 AM

ComboFix 09-07-09.08 - Wilke 07/11/2009 9:48.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1707 [GMT -4:00]
Running from: c:\documents and settings\Wilke\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\93527806.ini
c:\documents and settings\Wilke\nah_dqxb .exe
c:\documents and settings\Wilke\nah_log.dat
c:\recycler\S-1-5-21-4394000586-5477696287-464166432-2678
c:\windows\Installer\111be.msi
c:\windows\Installer\11db4.msi
c:\windows\Installer\133ec.msi
c:\windows\Installer\140cd.msi
c:\windows\Installer\149d5.msi
c:\windows\Installer\14a04.msi
c:\windows\Installer\14ec7.msi
c:\windows\Installer\14fff.msi
c:\windows\system32\405345.exe
c:\windows\system32\drivers\11c7f9e1.sys
c:\windows\system32\drivers\2f141943.sys
c:\windows\system32\drivers\440670e3.sys
c:\windows\system32\drivers\4a3c0cef.sys
c:\windows\system32\drivers\69a9b002.sys
c:\windows\system32\drivers\6d50f76d.sys
c:\windows\system32\drivers\85c4dc5b.sys
c:\windows\system32\drivers\8c358e8e.sys
c:\windows\system32\drivers\8fb9d424.sys
c:\windows\system32\drivers\b2170ff0.sys

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\i386\grpconv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_avast!antivirus
-------\Legacy_fips32cup
-------\Legacy_netsik
-------\Legacy_ws2_32sik
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_11c7f9e1
-------\Service_2f141943
-------\Service_4a3c0cef
-------\Service_6d50f76d
-------\Service_8c358e8e


((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-11 13:53 . 2004-08-04 11:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-07-11 13:53 . 2004-08-04 11:00 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2009-07-10 20:38 . 2009-07-10 20:38 -------- d-----w- C:\rsit
2009-07-10 00:37 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 00:36 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 00:13 . 2009-07-10 00:13 -------- d-----w- c:\program files\ERUNT
2009-07-09 02:08 . 2009-07-09 02:08 13312 ---ha-w- c:\documents and settings\Wilke\ixya.exe
2009-07-09 02:07 . 2009-07-10 00:19 0 ----a-w- c:\windows\system32\drivers\6630ec78.sys
2009-07-09 01:55 . 2009-07-09 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-08 00:05 . 2009-07-08 00:33 -------- d-----w- c:\program files\DeskMates
2009-07-05 19:04 . 2009-07-05 19:04 -------- d-----w- c:\documents and settings\Wilke\Application Data\dvdcss
2009-06-30 18:42 . 2009-06-30 18:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-30 02:12 . 2009-06-30 21:08 -------- d-----w- c:\windows\.jagex_cache_32
2009-06-24 20:16 . 2009-06-24 20:16 -------- d-----w- c:\program files\Paint.NET
2009-06-24 20:16 . 2009-06-30 01:45 -------- d-----w- c:\documents and settings\Wilke\Local Settings\Application Data\Paint.NET
2009-06-24 19:27 . 2009-06-24 19:27 0 ----a-w- c:\windows\nsreg.dat
2009-06-24 19:27 . 2009-06-24 19:27 -------- d-----w- c:\documents and settings\Wilke\Local Settings\Application Data\Mozilla
2009-06-24 01:46 . 2009-06-24 01:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-24 01:45 . 2009-06-24 01:45 152576 ----a-w- c:\documents and settings\Wilke\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-23 00:47 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Wilke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-23 00:47 . 2009-06-23 00:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-23 00:46 . 2009-06-23 00:47 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-23 00:46 . 2009-06-23 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-23 00:46 . 2009-06-23 00:52 -------- d-----w- c:\program files\NOS
2009-06-12 17:49 . 2009-06-12 17:49 -------- d-----w- C:\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 19:35 . 2008-01-14 20:08 49832 ----a-w- c:\documents and settings\Wilke\Application Data\wklnhst.dat
2009-07-10 03:02 . 2008-01-18 00:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-10 00:37 . 2008-03-25 14:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 02:09 . 2004-08-10 18:51 212480 -c--a-w- c:\windows\system32\drivers\ndis.sys
2009-07-09 01:53 . 2008-01-10 23:04 211231 ----a-w- c:\windows\system32\nvModes.dat
2009-07-09 01:52 . 2008-09-07 19:33 -------- d-----w- c:\documents and settings\Wilke\Application Data\SPORE
2009-07-06 18:44 . 2008-01-10 23:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-30 01:40 . 2008-02-21 21:38 -------- d-----w- c:\program files\iWin.com Games
2009-06-30 01:38 . 2008-01-10 23:27 -------- d-----w- c:\program files\Google
2009-06-30 01:38 . 2009-05-09 19:39 -------- d-----w- c:\program files\Flash Effect SiteBuilder
2009-06-24 20:15 . 2008-01-14 17:08 58072 -c--a-w- c:\documents and settings\Wilke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-24 01:46 . 2008-01-10 23:17 -------- d-----w- c:\program files\Java
2009-06-23 00:48 . 2008-01-10 23:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-23 00:43 . 2008-01-10 23:31 -------- d-----w- c:\program files\MSECache
2009-06-11 11:50 . 2009-02-12 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-10 21:46 . 2009-06-10 21:46 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-09 15:04 . 2008-01-14 20:09 -------- d-----w- c:\documents and settings\Wilke\Application Data\Template
2009-06-04 19:12 . 2008-01-14 17:52 -------- d-----w- c:\program files\World of Warcraft
2009-05-28 21:49 . 2009-05-28 21:47 -------- d-----w- c:\program files\ETS
2009-05-28 21:49 . 2009-05-28 21:45 -------- d-----w- c:\documents and settings\Wilke\Application Data\GetRightToGo
2009-05-07 15:44 . 2004-08-10 18:51 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2004-08-10 18:51 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-10 18:51 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 18:51 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 11:00 17408 CA51D5D3A5DB3ACD13BEEA5E62671D6C c:\windows\system32\svchost.exe

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 11:00 506368 4B499836DF75BAB6AFB9B296146B4CF1 c:\windows\system32\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2009-07-09 02:09 212480 4E8B4F9E5CD6EB7042F726D1DEAD2DB7 c:\windows\system32\dllcache\ndis.sys
[-] 2009-07-09 02:09 212480 4E8B4F9E5CD6EB7042F726D1DEAD2DB7 c:\windows\system32\drivers\ndis.sys

[-] 2007-06-13 10:23 1035776 086CAD1C0FCFB2AC3DF6267189A5E235 c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 11:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[-] 2009-02-06 10:22 113152 61199046A4EC54F22A3E7F5E1F73E957 c:\windows\system32\services.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 11:00 14848 DE7F99439FAE6C54B51AB023D441DF2C c:\windows\system32\lsass.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-10 23:53 58880 8EDADE301C620C0C31738BCEAEC764ED c:\windows\system32\spoolsv.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-02-29 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-24 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-06 1626112]

c:\documents and settings\Wilke\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=c:\windows\pss\Clean Access Agent.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 ddnt;ddnt;c:\windows\system32\drivers\ddnt.sys [6/17/2008 4:28 PM 7072]
S1 6630ec78;6630ec78;c:\windows\system32\drivers\6630ec78.sys [7/8/2009 10:07 PM 0]
S2 gupdate1c98d719e2479c2;Google Update Service (gupdate1c98d719e2479c2);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 8:25 PM 133104]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [1/15/2008 7:20 PM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [1/15/2008 7:20 PM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [1/15/2008 7:20 PM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [1/15/2008 7:20 PM 59520]
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 00:25]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 00:25]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
SSODL-LJahrLITx-{60867787-CA2C-DD2D-C357-1ABE79D93E95} - c:\windows\system32\vuvn.dll


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=5nMMnMSypzYU763wFjyTdarNLP0
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Wilke\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Wilke\Application Data\Mozilla\Firefox\Profiles\jkqs97iw.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 10:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1500592501-1384178667-1691300321-1006\Software\SecuROM\License information*]
"datasecu"=hex:62,b7,45,98,79,ca,5e,9a,d0,f7,cc,f5,a7,97,20,66,5a,72,28,5a,3f,
57,be,04,a8,e7,7c,b1,0c,4a,57,32,e2,d2,64,23,2b,a9,a8,bb,f1,dd,f8,6a,83,f2,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-07-11 10:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-11 14:04
ComboFix2.txt 2008-03-06 17:13
ComboFix3.txt 2008-03-05 18:33
ComboFix4.txt 2008-03-02 01:33
ComboFix5.txt 2009-07-11 13:47

Pre-Run: 105,401,155,584 bytes free
Post-Run: 105,418,993,664 bytes free

238 --- E O F --- 2009-06-12 17:44


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:19 AM, on 7/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080110
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=5nMMnMSypzYU763wFjyTdarNLP0
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Wilke\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 1 missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Update Service (gupdate1c98d719e2479c2) (gupdate1c98d719e2479c2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5919 bytes

#11 Azendel

Azendel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 11 July 2009 - 09:15 AM

i couldnt download recovery console because i cant get online with my laptop. wireless seems to be disabled...vzaccess (verizon aircard) program wont open...arg. thanks again for the help...hope we can fix this soon!

#12 Azendel

Azendel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 11 July 2009 - 09:25 AM

i reloaded my vzaccess program to try to get internet working, and it keeps giving the same error when i try to run the program:
SMWAN
Windows sockets initialization failed.

so....ill still have to post and transfer logs and programs through a PC to the laptop

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 11 July 2009 - 09:32 AM

Do you use ActivStudio2 software or something similar?

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
6630ec78

File::
c:\documents and settings\Wilke\ixya.exe
c:\windows\system32\drivers\6630ec78.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 Azendel

Azendel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 11 July 2009 - 10:09 AM

ComboFix 09-07-09.08 - Wilke 07/11/2009 10:51.6.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1651 [GMT -4:00]
Running from: c:\documents and settings\Wilke\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wilke\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\Wilke\ixya.exe"
"c:\windows\system32\drivers\6630ec78.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Wilke\ixya.exe
c:\windows\system32\drivers\6630ec78.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_6630ec78


((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-11 14:22 . 2008-05-17 04:46 77824 ----a-w- c:\windows\system32\PTDUwmcp.dll
2009-07-11 13:53 . 2004-08-04 11:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-07-11 13:53 . 2004-08-04 11:00 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2009-07-10 20:38 . 2009-07-10 20:38 -------- d-----w- C:\rsit
2009-07-10 00:37 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 00:36 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 00:13 . 2009-07-10 00:13 -------- d-----w- c:\program files\ERUNT
2009-07-09 01:55 . 2009-07-09 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-08 00:05 . 2009-07-08 00:33 -------- d-----w- c:\program files\DeskMates
2009-07-05 19:04 . 2009-07-05 19:04 -------- d-----w- c:\documents and settings\Wilke\Application Data\dvdcss
2009-06-30 18:42 . 2009-06-30 18:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-30 02:12 . 2009-06-30 21:08 -------- d-----w- c:\windows\.jagex_cache_32
2009-06-24 20:16 . 2009-06-24 20:16 -------- d-----w- c:\program files\Paint.NET
2009-06-24 20:16 . 2009-06-30 01:45 -------- d-----w- c:\documents and settings\Wilke\Local Settings\Application Data\Paint.NET
2009-06-24 19:27 . 2009-06-24 19:27 0 ----a-w- c:\windows\nsreg.dat
2009-06-24 19:27 . 2009-06-24 19:27 -------- d-----w- c:\documents and settings\Wilke\Local Settings\Application Data\Mozilla
2009-06-24 01:46 . 2009-06-24 01:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-24 01:45 . 2009-06-24 01:45 152576 ----a-w- c:\documents and settings\Wilke\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-23 00:47 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Wilke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-23 00:47 . 2009-06-23 00:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-23 00:46 . 2009-06-23 00:47 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-23 00:46 . 2009-06-23 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-23 00:46 . 2009-06-23 00:52 -------- d-----w- c:\program files\NOS
2009-06-12 17:49 . 2009-06-12 17:49 -------- d-----w- C:\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 14:22 . 2008-01-15 23:20 -------- d-----w- c:\program files\PANTECH
2009-07-10 19:35 . 2008-01-14 20:08 49832 ----a-w- c:\documents and settings\Wilke\Application Data\wklnhst.dat
2009-07-10 03:02 . 2008-01-18 00:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-10 00:37 . 2008-03-25 14:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 02:09 . 2004-08-10 18:51 212480 -c--a-w- c:\windows\system32\drivers\ndis.sys
2009-07-09 01:53 . 2008-01-10 23:04 211231 ----a-w- c:\windows\system32\nvModes.dat
2009-07-09 01:52 . 2008-09-07 19:33 -------- d-----w- c:\documents and settings\Wilke\Application Data\SPORE
2009-07-06 18:44 . 2008-01-10 23:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-30 01:40 . 2008-02-21 21:38 -------- d-----w- c:\program files\iWin.com Games
2009-06-30 01:38 . 2008-01-10 23:27 -------- d-----w- c:\program files\Google
2009-06-30 01:38 . 2009-05-09 19:39 -------- d-----w- c:\program files\Flash Effect SiteBuilder
2009-06-24 20:15 . 2008-01-14 17:08 58072 -c--a-w- c:\documents and settings\Wilke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-24 01:46 . 2008-01-10 23:17 -------- d-----w- c:\program files\Java
2009-06-23 00:48 . 2008-01-10 23:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-23 00:43 . 2008-01-10 23:31 -------- d-----w- c:\program files\MSECache
2009-06-11 11:50 . 2009-02-12 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-10 21:46 . 2009-06-10 21:46 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-09 15:04 . 2008-01-14 20:09 -------- d-----w- c:\documents and settings\Wilke\Application Data\Template
2009-06-04 19:12 . 2008-01-14 17:52 -------- d-----w- c:\program files\World of Warcraft
2009-05-28 21:49 . 2009-05-28 21:47 -------- d-----w- c:\program files\ETS
2009-05-28 21:49 . 2009-05-28 21:45 -------- d-----w- c:\documents and settings\Wilke\Application Data\GetRightToGo
2009-05-07 15:44 . 2004-08-10 18:51 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2004-08-10 18:51 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-10 18:51 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 18:51 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 11:00 17408 CA51D5D3A5DB3ACD13BEEA5E62671D6C c:\windows\system32\svchost.exe

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 11:00 506368 4B499836DF75BAB6AFB9B296146B4CF1 c:\windows\system32\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2009-07-09 02:09 212480 4E8B4F9E5CD6EB7042F726D1DEAD2DB7 c:\windows\system32\dllcache\ndis.sys
[-] 2009-07-09 02:09 212480 4E8B4F9E5CD6EB7042F726D1DEAD2DB7 c:\windows\system32\drivers\ndis.sys

[-] 2007-06-13 10:23 1035776 086CAD1C0FCFB2AC3DF6267189A5E235 c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 11:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[-] 2009-02-06 10:22 113152 61199046A4EC54F22A3E7F5E1F73E957 c:\windows\system32\services.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 11:00 14848 DE7F99439FAE6C54B51AB023D441DF2C c:\windows\system32\lsass.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-10 23:53 58880 8EDADE301C620C0C31738BCEAEC764ED c:\windows\system32\spoolsv.exe

.
((((((((((((((((((((((((((((( SnapShot@2009-07-11_14.00.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 14:59 . 2009-07-11 14:59 16384 c:\windows\temp\Perflib_Perfdata_254.dat
+ 2004-08-10 18:51 . 2009-07-11 14:03 64602 c:\windows\system32\perfc009.dat
- 2004-08-10 18:51 . 2009-07-11 13:40 64602 c:\windows\system32\perfc009.dat
+ 2004-08-10 18:51 . 2009-07-11 14:03 408238 c:\windows\system32\perfh009.dat
- 2004-08-10 18:51 . 2009-07-11 13:40 408238 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-02-29 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-24 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-06 1626112]

c:\documents and settings\Wilke\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=c:\windows\pss\Clean Access Agent.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 ddnt;ddnt;c:\windows\system32\drivers\ddnt.sys [6/17/2008 4:28 PM 7072]
S2 gupdate1c98d719e2479c2;Google Update Service (gupdate1c98d719e2479c2);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 8:25 PM 133104]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [1/15/2008 7:20 PM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [1/15/2008 7:20 PM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [1/15/2008 7:20 PM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [1/15/2008 7:20 PM 59520]
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 00:25]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 00:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=5nMMnMSypzYU763wFjyTdarNLP0
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Wilke\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Wilke\Application Data\Mozilla\Firefox\Profiles\jkqs97iw.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 11:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1500592501-1384178667-1691300321-1006\Software\SecuROM\License information*]
"datasecu"=hex:62,b7,45,98,79,ca,5e,9a,d0,f7,cc,f5,a7,97,20,66,5a,72,28,5a,3f,
57,be,04,a8,e7,7c,b1,0c,4a,57,32,e2,d2,64,23,2b,a9,a8,bb,f1,dd,f8,6a,83,f2,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-07-11 11:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-11 15:04
ComboFix2.txt 2009-07-11 14:04
ComboFix3.txt 2008-03-06 17:13
ComboFix4.txt 2008-03-05 18:33
ComboFix5.txt 2009-07-11 14:48

Pre-Run: 105,362,542,592 bytes free
Post-Run: 105,327,722,496 bytes free

213 --- E O F --- 2009-06-12 17:44


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:58 AM, on 7/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080110
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=5nMMnMSypzYU763wFjyTdarNLP0
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Wilke\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 1 missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Update Service (gupdate1c98d719e2479c2) (gupdate1c98d719e2479c2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 5807 bytes

#15 Azendel

Azendel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 11 July 2009 - 10:12 AM

yeah, the activboard software is pretty neat. i just got hired (yesterday actually!!!!) for a kindergarten class and will have a smartboard. looking forward to it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users