Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan/Hidden Processes. Topic from Am I infected?.


  • This topic is locked This topic is locked
8 replies to this topic

#1 SpiderGat

SpiderGat

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 13 July 2009 - 03:24 AM

Referred here from: http://www.bleepingcomputer.com/forums/t/240164/trojanhorsegeneric13atph-moved/ ~ OB

Hello my name is George.

4 days ago I was surfing the web and all of a sudden AVG went crazy saying I had several types of Trojans and an uploader. under a minute later AVG was taking a dirt nap -.- It didn't sense anything at all. Ran a scan, found 3 things, backdoor and trojan. Couldn't remove them. All of my anti-Virus programs were disabled. Some internet searches froze the computer. Even the program I use to compile levels I build in Call of Duty 4 was disabled I'm supposing because of the power to compile. Managed to scan with Mbam. Came up with nothing.. that was a red flag if anything. Used RootRepeal to make a log. Showed 2 hidden services. both located in windows\system32\drivers. One named hjgruidqqbleiw.sys, the other named UACudlbpbbswfbtdushf.sys Garmanma told me to use Root repeal to wipe those files. Did that, root repeal said it was successful. Restarted the computer. AVG actually started up, went wild with 14 infections, none of which it could touch. Was able to install and quick scan with Mbam followed by full scan. Came up with 14 infections in various areas. Registry, Combofix, Virmundofix, wall textures from level editors, etc... Clean them out, restarted and cleaned out the rest on boot. All seems ok so far but those hidden services are still there according to rootRepeal. No other symptoms though. Even the game level compiler I was using will start again. I was told to include the DDS logs. Here they are. Thanks in advance to whoever takes this one. I really appreciate your work. God Bless.

George





DDS (Ver_09-06-26.01) - NTFSx86
Run by George N. Cahill IV at 3:06:04.68 on Mon 07/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2599 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\U-ABIT\uGuru\uGuru.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\George N. Cahill IV\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ABIT uGuruIII] c:\program files\u-abit\uguru\uGuru.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [LiveMonitor] c:\program files\msi\live update 3\LMonitor.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [razer] c:\program files\razer\razerhid.exe
StartupFolder: c:\docume~1\george~1.cah\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\george~1.cah\applic~1\mozilla\firefox\profiles\1578lmsg.default\
FF - prefs.js: browser.startup.homepage - hxxp://obscuritymod.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\george n. cahill iv\application data\mozilla\firefox\profiles\1578lmsg.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\george n. cahill iv\desktop\odex ltd\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: c:\documents and settings\george n. cahill iv\desktop\odex ltd\divx\divx web player\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-18 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-18 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-18 108552]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2008-5-18 14592]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-11 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 298776]
S3 EG1064v2;NDIS5.1 Miniport Driver for Linksys EG1064v2 Instant Gigabit Network Adapter Families;c:\windows\system32\drivers\EG1064v2.sys [2009-4-6 171264]
S3 Memctl;Memctl;c:\program files\u-abit\flashmenu\MEMCTL.SYS [2008-5-18 4047]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;c:\windows\system32\drivers\DELUSB_51.sys [2009-5-18 606208]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2009-6-26 13225]
S3 XDva195;XDva195;\??\c:\windows\system32\xdva195.sys --> c:\windows\system32\XDva195.sys [?]
S3 XDva262;XDva262;\??\c:\windows\system32\xdva262.sys --> c:\windows\system32\XDva262.sys [?]

=============== Created Last 30 ================

2009-07-12 21:45 --d----- c:\windows\system32\NtmsData
2009-07-11 19:44 38,160 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 19:44 19,096 -------- c:\windows\system32\drivers\mbam.sys
2009-07-10 21:11 --d----- c:\documents and settings\george n. cahill iv\DoctorWeb
2009-07-10 00:25 93 -------- c:\windows\system32\hjgruirpafgixd.dat
2009-07-09 12:51 3,976,714 -------- c:\windows\system32\uactmp.db
2009-07-09 12:22 1,110,399 -------- c:\windows\system32\UACxkibnotfngtnaotyq.db
2009-07-09 12:22 310 -------- c:\windows\system32\UACamqfuigitusfyfgxo.dat
2009-07-09 12:21 282,049 -------- c:\windows\system32\hjgruiwybsrdtr.dat
2009-07-09 12:21 67,584 -------- c:\windows\system32\drivers\hjgruidqqbleiw.sys
2009-07-02 13:55 41,808 -------- c:\windows\system32\xfcodec.dll
2009-07-01 19:51 --d----- c:\program files\Lame for Audacity
2009-06-30 08:16 --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-26 17:54 53,248 -------- c:\windows\system32\razer.cpl
2009-06-26 17:54 13,225 -------- c:\windows\system32\drivers\Razerlow.sys
2009-06-15 12:30 8 -------- c:\windows\system32\nvModes.dat
2009-06-14 17:51 --d----- c:\program files\Activision
2009-06-13 20:14 --d----- c:\docume~1\george~1.cah\applic~1\TeamViewer
2009-06-13 18:06 --d----- c:\documents and settings\george n. cahill iv\temp
2009-06-13 14:23 --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-06-13 14:23 --d----- c:\program files\DAEMON Tools Lite
2009-06-13 14:21 --d----- c:\docume~1\george~1.cah\applic~1\DAEMON Tools Lite

==================== Find3M ====================

2009-07-12 15:08 138,608 -------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-12 15:08 189,800 -------- c:\windows\system32\PnkBstrB.exe
2009-07-11 13:59 335,752 -------- c:\windows\system32\drivers\avgldx86.sys
2009-06-30 08:16 11,952 -------- c:\windows\system32\avgrsstx.dll
2009-06-13 14:21 721,904 -------- c:\windows\system32\drivers\sptd.sys
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-30 13:07 71,652 -------- c:\windows\DIIUnin.dat
2009-04-30 13:06 21,840 -------t c:\windows\system32\SIntfNT.dll
2009-04-30 13:06 17,212 -------t c:\windows\system32\SIntf32.dll
2009-04-30 13:06 12,067 -------t c:\windows\system32\SIntf16.dll
2009-04-30 12:57 94,208 -------- c:\windows\DIIUnin.exe
2009-04-30 12:57 2,829 -------- c:\windows\DIIUnin.pif
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-28 16:15 472,576 -------- c:\windows\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-07-27 09:01 22,328 a------- c:\docume~1\george~1.cah\applic~1\PnkBstrK.sys

============= FINISH: 3:06:24.57 ===============

PnkBstrk is PunkBuster, used for anti-cheating on many FPS games. LCDmon is for my G15 Logitech keyboard. Also, are Nvidia Omega Drivers potentially able to be used for bad since they aren't official? I know I probably have more to worry about elsewhere at the moment. I eagerly await a reply. I know you guys are backed up. See you soon. Hopefully not too late >.<

Attached Files


Edited by Orange Blossom, 14 July 2009 - 10:18 PM.


BC AdBot (Login to Remove)

 


#2 SpiderGat

SpiderGat
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 13 July 2009 - 01:30 PM

Also ran Mbam full scan last night as I wasn't comfortable just sitting around and letting whatever is still there stew. I was reading around the forums and saw that System restore got infected a lot. So i did the full scan and sure enough

c:\system volume information\_restore{99dcdd9d-c3dc-4d6e-b630-0ace326cdf91}\RP488\A0070593.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

Found a couple other things but that was the main one I was like O.O So yeah it only found 5 files infected that time. Had me delete them all and restart. All were successful according to Mbam. But I'm sure there are probably remnants somewhere. It also removed the quarantine from DoctorWeb >.<

c:\documents and settings\george n. cahill iv\doctorweb\quarantine\UACdwaxcteiciqgopmw0.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\george n. cahill iv\doctorweb\quarantine\UACdwaxcteiciqgopmw1.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\george n. cahill iv\doctorweb\quarantine\UACdwaxcteiciqgopmw2.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\george n. cahill iv\doctorweb\quarantine\UACdwaxcteiciqgopmwb.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

So those look good. But those hidden services I was talking about still show up with RootRepeal.

Eagerly Awaiting.

EDIT: Also worth noting. Something is still keeping Mbam and SAS from updating/contacting their servers.
George

EDIT EDIT: Finished scan with SAS
Found: Rogue.Component/trace
Rootkit.Agent/Gen

Found infections in HKLM\software\Microsoft\94D42F42

also a generic tracking cookie. Seems every time I scan I find different things in different places. I really hope this thing isn't terrible and is just letting me think I have it slightly under control xD

Hello SpiderGat,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 13 July 2009 - 04:09 PM.


#3 SpiderGat

SpiderGat
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 13 July 2009 - 04:08 PM

AVG just randomly popped up with some trojans (generic.13) in my system restore files. I recently backed up my computer while infected. Could they be in there also? What should I do while waiting for help?

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:48 AM

Posted 23 July 2009 - 10:31 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#5 SpiderGat

SpiderGat
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 27 July 2009 - 03:41 PM

Hello Syler, sorry about taking so long to get back to you. Dealing with work and family reunion at the same time >.<

Here are the logs you requested, and thank you for taking my topic! Much appreciated!

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/27/2009 3:31:54 PM
mbam-log-2009-07-27 (15-31-54).txt

Scan type: Full Scan (C:\|H:\|X:\|)
Objects scanned: 392724
Time elapsed: 49 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\george n. cahill iv\local settings\Temp\rasvsnet.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\george n. cahill iv\local settings\Temp\scanrwmoxe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\george n. cahill iv\local settings\Temp\db.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\hjgruidqqbleiw.sys (Trojan.Agent) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.06 (written by random/random)
Run by George N. Cahill IV at 2009-07-27 15:37:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 282 GB (59%) free of 477 GB
Total RAM: 3326 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:37 PM, on 7/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\U-ABIT\uGuru\uGuru.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\George N. Cahill IV\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\George N. Cahill IV.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bleepingcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\U-ABIT\uGuru\uGuru.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8714 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-05-24 1957888]
"WinSys2"=C:\WINDOWS\system32\winsys2.exe []
"LiveMonitor"=C:\Program Files\MSI\Live Update 3\LMonitor.exe [2006-09-05 497152]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-30 1948440]
"Launch LGDCore"=C:\Program Files\Logitech\G-series Software\LGDCore.exe [2005-11-02 1110079]
"Launch LCDMon"=C:\Program Files\Logitech\G-series Software\LCDMon.exe [2005-11-02 188928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2005-11-22 221184]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2004-02-23 188416]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-07 17421824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"razer"=C:\Program Files\Razer\razerhid.exe [2005-05-17 147456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuruIII"=C:\Program Files\U-ABIT\uGuru\uGuru.exe [2007-04-11 425984]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-06-23 1830128]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]

C:\Documents and Settings\George N. Cahill IV\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-30 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"C:\Documents and Settings\George N. Cahill IV\Desktop\Unreal Tournament 3\Binaries\UT3.exe"="C:\Documents and Settings\George N. Cahill IV\Desktop\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:UT3"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"I:\Xfire\Xfire.exe"="I:\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Documents and Settings\George N. Cahill IV\Desktop\AMA\alice.exe"="C:\Documents and Settings\George N. Cahill IV\Desktop\AMA\alice.exe:*:Enabled:American McGee's Alice"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"I:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="I:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\Program Files\Microsoft Games\MechWarrior Mercenaries Downloadable Trial\MW4Mercs.exe"="C:\Program Files\Microsoft Games\MechWarrior Mercenaries Downloadable Trial\MW4Mercs.exe:*:Enabled:MechWarrior IV"
"C:\Program Files\ctivisionnn\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\ctivisionnn\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"I:\World of Warcraft\Repair.exe"="I:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"I:\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"="I:\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\George N. Cahill IV\Local Settings\Temp\Blizzard Launcher Temporary - 19fa09a8\Launcher.exe"="C:\Documents and Settings\George N. Cahill IV\Local Settings\Temp\Blizzard Launcher Temporary - 19fa09a8\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"I:\Copy of Activision\Call of Duty 4 - Modern Warfare\mp_tool.exe"="I:\Copy of Activision\Call of Duty 4 - Modern Warfare\mp_tool.exe:*:Enabled:mp_tool"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Steam\steamapps\rumshifter\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\rumshifter\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Drive I\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Drive I\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"X:\Battlefield 2\BF2.exe"="X:\Battlefield 2\BF2.exe:*:Enabled:BF2"
"X:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="X:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Drive I\Xfire\Xfire.exe"="C:\Drive I\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Documents and Settings\George N. Cahill IV\Desktop\GAMES\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\George N. Cahill IV\Desktop\GAMES\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Documents and Settings\George N. Cahill IV\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\George N. Cahill IV\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Activision\Prototype\prototypef.exe"="C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype™"
"X:\Activision\Call of Duty 4 - Modern Warfare\mp_tool.exe"="X:\Activision\Call of Duty 4 - Modern Warfare\mp_tool.exe:*:Enabled:mp_tool"
"C:\Documents and Settings\George N. Cahill IV\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\George N. Cahill IV\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Disabled:Hamachi Client"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"="C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start"
"C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe"="C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7af8af1e-261d-11de-a15f-00508db685d1}]
shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ece0fb94-0429-11de-a144-00508db685d1}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-07-27 15:37:26 ----D---- C:\rsit
2009-07-21 03:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-21 03:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-21 03:00:28 ----A---- C:\WINDOWS\imsins.BAK
2009-07-21 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-13 13:52:37 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-13 13:52:29 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-13 13:52:29 ----D---- C:\Documents and Settings\George N. Cahill IV\Application Data\SUPERAntiSpyware.com
2009-07-12 21:45:35 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-11 20:06:34 ----A---- C:\RootRepeal report 07-11-09 (20-06-34).txt
2009-07-11 19:40:32 ----A---- C:\RootRepeal report 07-11-09 (19-40-32).txt
2009-07-11 19:34:39 ----A---- C:\RootRepeal report 07-11-09 (19-34-39).txt
2009-07-11 19:34:25 ----A---- C:\RootRepeal report 07-11-09 (19-34-25).txt
2009-07-11 14:05:06 ----A---- C:\RootRepeal report 07-11-09 (14-05-06).txt
2009-07-10 21:09:25 ----N---- C:\WINDOWS\ntbtlog.txt
2009-07-02 13:55:52 ----N---- C:\WINDOWS\system32\xfcodec.dll
2009-07-01 19:51:39 ----D---- C:\Program Files\Lame for Audacity
2009-06-30 08:16:48 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-06-28 00:36:02 ----A---- C:\commandlist.txt

======List of files/folders modified in the last 1 months======

2009-07-27 15:35:19 ----D---- C:\Program Files\Mozilla Firefox
2009-07-27 15:34:05 ----D---- C:\WINDOWS\Temp
2009-07-27 15:33:26 ----D---- C:\WINDOWS
2009-07-27 15:33:10 ----RD---- C:\Program Files
2009-07-27 15:33:10 ----D---- C:\WINDOWS\system32\drivers
2009-07-27 15:32:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-27 15:32:03 ----D---- C:\WINDOWS\Prefetch
2009-07-27 14:26:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-26 18:13:18 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-24 02:04:56 ----D---- C:\Documents and Settings\George N. Cahill IV\Application Data\Xfire
2009-07-21 03:01:53 ----HD---- C:\WINDOWS\inf
2009-07-21 03:01:53 ----D---- C:\WINDOWS\system32
2009-07-21 03:01:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-21 03:01:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-21 03:00:34 ----D---- C:\WINDOWS\Debug
2009-07-17 23:29:20 ----D---- C:\Program Files\Steam
2009-07-17 21:38:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-15 13:51:20 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-07-15 13:51:20 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-15 13:51:09 ----RSD---- C:\WINDOWS\assembly
2009-07-15 13:50:51 ----D---- C:\WINDOWS\system32\DirectX
2009-07-15 00:44:09 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-13 23:29:01 ----HD---- C:\$AVG8.VAULT$
2009-07-13 19:01:11 ----RASH---- C:\boot.ini
2009-07-13 19:01:11 ----D---- C:\WINDOWS\pss
2009-07-13 19:01:11 ----A---- C:\WINDOWS\win.ini
2009-07-13 19:01:11 ----A---- C:\WINDOWS\system.ini
2009-07-13 13:52:36 ----SHD---- C:\WINDOWS\Installer
2009-07-13 13:52:34 ----D---- C:\Config.Msi
2009-07-13 13:52:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-13 02:06:35 ----SHD---- C:\System Volume Information
2009-07-12 21:51:00 ----D---- C:\WINDOWS\repair
2009-07-12 21:50:47 ----D---- C:\WINDOWS\Registration
2009-07-12 21:45:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-11 22:05:04 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-09 20:32:20 ----D---- C:\Program Files\Internet Explorer
2009-07-07 10:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-30 13:02:36 ----D---- C:\Documents and Settings\George N. Cahill IV\Application Data\OpenOffice.org2
2009-06-30 08:16:43 ----N---- C:\WINDOWS\system32\avgrsstx.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-11 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-30 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-08 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 UGURU;UGURU; C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14592]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-09-13 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-11 4946944]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 a4frs9be;a4frs9be; C:\WINDOWS\system32\drivers\a4frs9be.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dbustrcm;dbustrcm; \??\C:\DOCUME~1\GEORGE~1.CAH\LOCALS~1\Temp\dbustrcm.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EG1064v2;NDIS5.1 Miniport Driver for Linksys EG1064v2 Instant Gigabit Network Adapter Families; C:\WINDOWS\system32\DRIVERS\EG1064v2.sys [2003-08-12 171264]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 Memctl;Memctl; \??\C:\Program Files\U-ABIT\FlashMenu\Memctl.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\LineageII\system\npkcrypt.sys []
S3 npkcusb;npkcusb; \??\C:\Program Files\LineageII\system\npkcusb.sys []
S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter; C:\WINDOWS\system32\DRIVERS\DELUSB_51.sys [2002-08-09 606208]
S3 Razerlow;Razerlow USB Filter Driver; C:\WINDOWS\System32\Drivers\Razerlow.sys [2005-04-24 13225]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 Winflash;WINFLASH; \??\C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva195;XDva195; \??\C:\WINDOWS\system32\XDva195.sys []
S3 XDva262;XDva262; \??\C:\WINDOWS\system32\XDva262.sys []
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-28 611664]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-11 907032]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-30 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-11-23 765952]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA-OMEGA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-15 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-26 189104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-07-27 15:37:38

======Uninstall list======

-->C:\Documents and Settings\George N. Cahill IV\Desktop\ODEX Ltd\DIVX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
abti uGuru-->C:\Program Files\InstallShield Installation Information\{FF8500E6-EA0D-11D7-8755-0080C8F92A32}\setup.exe -runfromtemp -l0x0009 -removeonly
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
American McGee's Alice™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77B5AD60-8F14-11D4-9BC9-0050041A1090}\Setup.exe"
America's Army 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/13140
ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe"
ATMA V 5.05-->C:\PROGRA~1\ATMAV~1\Setup.exe /remove
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D281B1C-BF39-4893-B32A-EAB3B84BDE34}\setup.exe" -l0x9 -removeonly
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battlefield 2™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Curse Client-->C:\Program Files\Curse\uninstall.exe
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Diskeeper Professional Premier Edition-->MsiExec.exe /X{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}
DivX Codec-->C:\Documents and Settings\George N. Cahill IV\Desktop\ODEX Ltd\DIVX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Documents and Settings\George N. Cahill IV\Desktop\ODEX Ltd\DIVX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Documents and Settings\George N. Cahill IV\Desktop\ODEX Ltd\DIVX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Documents and Settings\George N. Cahill IV\Desktop\ODEX Ltd\DIVX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Documents and Settings\George N. Cahill IV\Desktop\ODEX Ltd\DIVX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
Fraps-->"C:\Documents and Settings\George N. Cahill IV\Desktop\WoW addons\Fraps\uninstall.exe"
GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GoodMEM-->C:\Program Files\MSI\GoodMEM\Uninstal.exe
Google SketchUp 7-->MsiExec.exe /I{BEF106F8-2689-4530-925A-E1117836E8CD}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 5800-->msiexec /x{8FD66F0B-38FF-4834-88FF-56DC214A62ED}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"
Logitech G-series Keyboard Software-->MsiExec.exe /X{2FB418AB-562D-43B4-BA0D-9282AAD8C207}
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapMage Demo-->MsiExec.exe /I{656C5F13-B547-49FA-8DCB-9DA60BC7A976}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
MSI Live-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\MSI Live\Uninst.isu"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
Nvidia Omega Drivers v2.169.21 Setup Files-->"C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe" "/U:C:\Program Files\Nvidia Omega Drivers\v2.169.21\Omega Uninstall.xml"
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
Outspark Sharp Launcher-->MsiExec.exe /X{B5560986-7A6A-4CCA-A808-853D2CED3796}
PC Wizard 2008.1.871-->"C:\Program Files\PC Wizard 2008\unins000.exe"
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
Prototype™-->C:\Program Files\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Razer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6D5CFB3-7095-4073-B6B7-B7E909838C57}\Setup.exe"
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VTFEdit 1.2.5-->"C:\Program Files\VTFEdit\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - ABIT (UGURU) System (3.0.2005.531 )-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\uguru_347F83755F38F1570B602823E659DC5335F5A948\uguru.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
YouSendIt Express-->C:\Program Files\InstallShield Installation Information\{CBB6F775-E76E-49F7-98D3-1519414B1E4B}\setup.exe -runfromtemp -l0x0409

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: WINNERSINCLAIR
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\INVINC-12 on the network \Device\NetBT_Tcpip_{F310A5B2-5EE7-4ABF-99C2-4A2E02B7375F}.
The data is the error code.

Record Number: 32175
Source Name: BROWSER
Time Written: 20090630135603.000000-300
Event Type: warning
User:

Computer Name: WINNERSINCLAIR
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\INVISI-MEDIA on the network \Device\NetBT_Tcpip_{F310A5B2-5EE7-4ABF-99C2-4A2E02B7375F}.
The data is the error code.

Record Number: 32174
Source Name: BROWSER
Time Written: 20090630135459.000000-300
Event Type: warning
User:

Computer Name: WINNERSINCLAIR
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 31983
Source Name: W32Time
Time Written: 20090629015745.000000-300
Event Type: warning
User:

Computer Name: WINNERSINCLAIR
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 31982
Source Name: Tcpip
Time Written: 20090628222637.000000-300
Event Type: warning
User:

Computer Name: WINNERSINCLAIR
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 31681
Source Name: W32Time
Time Written: 20090627073558.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: WINNERSINCLAIR
Event Code: 1000
Message: Faulting application iw3mp.exe, version 0.0.0.0, faulting module iw3mp.exe, version 0.0.0.0, fault address 0x0027b8a4.

Record Number: 329
Source Name: Application Error
Time Written: 20080821235910.000000-300
Event Type: error
User:

Computer Name: WINNERSINCLAIR
Event Code: 1002
Message: Hanging application nvcplui.exe, version 1.5.2400.10, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 325
Source Name: Application Hang
Time Written: 20080819212855.000000-300
Event Type: error
User:

Computer Name: WINNERSINCLAIR
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20080.4669, faulting module unknown, version 0.0.0.0, fault address 0x017de66d.

Record Number: 321
Source Name: Application Error
Time Written: 20080815163943.000000-300
Event Type: error
User:

Computer Name: WINNERSINCLAIR
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20080.4669, faulting module unknown, version 0.0.0.0, fault address 0x03013a89.

Record Number: 316
Source Name: Application Error
Time Written: 20080815143422.000000-300
Event Type: error
User:

Computer Name: WINNERSINCLAIR
Event Code: 1517
Message: Windows saved user WINNERSINCLAIR\George N. Cahill IV registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 306
Source Name: Userenv
Time Written: 20080813164326.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Diskeeper Corporation\Diskeeper;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:48 AM

Posted 27 July 2009 - 03:50 PM

Hello SpiderGat,

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:48 AM

Posted 31 July 2009 - 06:13 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:48 AM

Posted 10 August 2009 - 02:56 PM

Reopened at OP request.

unite.jpg


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:48 AM

Posted 18 August 2009 - 01:56 PM

Due to the lack of feedback this Topic is closed.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users