Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

smss.exe, pp10.exe, and h36kdzr.exe


  • This topic is locked This topic is locked
5 replies to this topic

#1 DrizztD

DrizztD

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 14 July 2009 - 12:05 AM

My laptop had a severe case of multiple smss.exe running in my process manager. Both pp10.exe and h36kdzr.exe were also on my computer. i tried removing with HJT but i am new to the program (should have consulted this forum first). Currently my computer will minimize my full screen programs almost randomly, it will play random sound files that are not on my computer overlaping with the currently playing audio and the system seems to slowly crash, losing my ability to open programs until the point when the mouse pad will not work and i have to do a forced shutdown. the one error message that always pops up is that the ihaupd32.exe has crashed, immediately after start-up.

I greatly appreciate all the hard work you fine folks do for the rest of us.
Thank you.

here is the dds.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Thomas at 22:37:23.28 on Mon 07/13/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1247 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\WLTRAY .exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
svchost
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"C:\WINDOWS\system32\svchost.exe" 92869
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
svchost
C:\Documents and Settings\Thomas\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [pridl] "c:\documents and settings\thomas\application data\pridl\pridl.exe" 61A847B5BBF72811228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PC Security 2009] "c:\program files\pc_security2009\PC_Security2009.exe" /hide
StartupFolder: c:\documents and settings\thomas\start menu\programs\startup\ihaupd32.exe
StartupFolder: c:\docume~1\thomas\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\thomas\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\thomas\start menu\programs\startup\zqosys32.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
AppInit_DLLs: ,c:\docume~1\thomas\locals~1\temp\192009218946mxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thomas\applic~1\mozilla\firefox\profiles\12soqfp9.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 1
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 LasMan;Local Connection Manager;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
S2 RPCHE;Remote Procedure Call (RPCE);c:\program files\common files\microsoft shared\speech\csvd.exe [2009-1-29 17238528]
S2 sfx;sfx;c:\windows\system32\SvchoSt.ExE -k sfx [2004-8-4 14336]

=============== Created Last 30 ================

2009-07-13 20:05 45 a------- c:\windows\system32\ca.dat
2009-07-13 19:44 1 a------- c:\windows\system32\q1.dat
2009-07-13 19:44 1 a------- c:\windows\system32\idm.dat
2009-07-13 19:44 1 a------- c:\windows\system32\ck.dat
2009-07-13 19:44 1 a------- c:\windows\system32\c2d.dat
2009-07-13 19:36 46,080 a------- c:\windows\system32\spnmld.dll
2009-07-13 19:36 142 a------- c:\windows\system32\rxf
2009-07-12 23:20 <DIR> --d----- c:\windows\pss
2009-07-12 20:44 1,096 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-07-12 20:41 7,848 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-12 20:40 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SITEguard
2009-07-12 20:39 <DIR> --d----- c:\program files\STOPzilla!
2009-07-12 20:39 <DIR> --d----- c:\program files\common files\iS3
2009-07-12 20:39 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\STOPzilla!
2009-07-12 00:40 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 00:40 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-12 00:40 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-07-12 00:32 19,620 a------- c:\windows\kunisi.exe
2009-07-12 00:32 19,569 a------- c:\docume~1\alluse~1.win\applic~1\carukyfyge.pif
2009-07-12 00:32 19,299 a------- c:\windows\system32\wajagan._sy
2009-07-12 00:32 17,824 a------- c:\windows\enoluq.reg
2009-07-12 00:32 17,328 a------- c:\windows\hyxegizef.lib
2009-07-12 00:32 16,307 a------- c:\docume~1\alluse~1.win\applic~1\kivaxi.reg
2009-07-12 00:32 14,975 a------- c:\windows\system32\nekival.inf
2009-07-12 00:32 14,202 a------- c:\docume~1\thomas\applic~1\fyvidu.com
2009-07-12 00:32 13,762 a------- c:\docume~1\alluse~1.win\applic~1\ycoryxo.bin
2009-07-12 00:32 10,485 a------- c:\windows\myxuxohuwe.dll
2009-07-12 00:30 18,342 a------- c:\windows\system32\aweji.dl
2009-07-12 00:30 17,591 a------- c:\docume~1\alluse~1.win\applic~1\avekusomy.pif
2009-07-12 00:30 17,568 a------- c:\windows\system32\yxilepu.dl
2009-07-12 00:30 17,469 a------- c:\windows\icefi.sys
2009-07-12 00:30 17,206 a------- c:\program files\common files\ahip.dll
2009-07-12 00:30 17,112 a------- c:\program files\common files\ihexi.vbs
2009-07-12 00:30 16,089 a------- c:\program files\common files\nezet.bat
2009-07-12 00:30 14,313 a------- c:\windows\xazumiwy._dl
2009-07-12 00:30 14,299 a------- c:\program files\common files\nerekypese.scr
2009-07-12 00:30 13,624 a------- c:\windows\dahoduxis.com
2009-07-12 00:30 13,227 a------- c:\windows\ymatin.db
2009-07-12 00:30 12,750 a------- c:\windows\zoduz.dat
2009-07-12 00:30 12,037 a------- c:\windows\papasykuq.dl
2009-07-12 00:30 10,795 a------- c:\windows\aqevuxanul.ban
2009-07-12 00:30 10,495 a------- c:\windows\system32\qyrojo.dll
2009-07-12 00:30 10,043 a------- c:\windows\lybonyboso.vbs
2009-07-12 00:30 10,002 a------- c:\windows\bebuhyj.vbs
2009-07-12 00:29 <DIR> --d----- c:\program files\PC_Security2009
2009-07-12 00:29 238,596 a------- c:\windows\system32\wisdstr.exe
2009-07-12 00:29 <DIR> --d----- c:\program files\sFX
2009-07-12 00:29 15,360 a---h--- c:\windows\pp10 .exe
2009-07-12 00:29 25,600 a------- c:\windows\pp10.exe
2009-07-12 00:29 2 a------- c:\windows\0101120101464849.dat
2009-07-12 00:29 2 a------- c:\windows\010112010146118114.dat
2009-07-12 00:29 1 a------- c:\windows\934fdfg34fgjf23
2009-07-12 00:05 2,048 a------- C:\kpepb.exe
2009-07-12 00:05 24,576 a------- C:\egtau.exe
2009-07-12 00:05 25,600 a------- c:\windows\system32\braviax .exe
2009-07-11 21:29 <DIR> --d----- c:\program files\Cobian Backup 9
2009-07-10 00:27 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\98838586
2009-07-10 00:27 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\18828594
2009-07-10 00:27 91,852 a------- c:\windows\system32\drivers\19b43b3e.sys
2009-07-10 00:27 25,600 a------- C:\ciuge.exe
2009-07-10 00:27 705 a------- C:\clynbqef.exe
2009-07-10 00:27 201,016 a------- C:\lkrpk.exe
2009-07-10 00:27 56,320 a------- C:\eughafh.exe
2009-07-10 00:27 15,000 a------- c:\windows\system32\gsf83iujid.dll
2009-07-10 00:27 2 a------- C:\1009987828
2009-07-10 00:27 26,112 a------- c:\windows\ld12 .exe
2009-07-10 00:27 23,552 a------- c:\windows\ld12.exe
2009-07-09 21:12 <DIR> --d----- c:\program files\Trend Micro
2009-07-09 00:12 <DIR> --d----- c:\docume~1\thomas\applic~1\Messenger
2009-07-09 00:11 110,619 a------- c:\windows\system32\net.net
2009-06-25 19:47 <DIR> --d----- c:\program files\Masc software
2009-06-25 19:21 533,838 a------- C:\AnalysisLog.sr0
2009-06-25 19:13 <DIR> --d----- c:\program files\Dr.Kawashima
2009-06-21 21:13 529 a------- c:\windows\eReg.dat
2009-06-19 15:30 552 a------- c:\windows\system32\d3d8caps.dat

==================== Find3M ====================

2009-07-13 22:13 167,014 a------- c:\windows\system32\nvModes.dat
2009-07-12 20:33 25,600 a------- c:\windows\system32\wltray.exe
2009-07-12 00:32 16,756 a------- c:\program files\common files\hepapexi.lib
2009-07-12 00:32 11,259 a------- c:\program files\common files\vumohaxare.lib
2009-07-12 00:30 19,902 a------- c:\program files\common files\inotitamo.dl
2009-07-12 00:05 28,672 a------- c:\windows\system32\drivers\beep.sys
2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-05-17 21:40 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-17 21:40 22,328 a------- c:\docume~1\thomas\applic~1\PnkBstrK.sys
2009-05-17 21:39 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-05-17 21:39 2,337,865 a------- c:\windows\system32\pbsvc.exe
2009-05-17 21:39 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 22:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-28 22:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-21 16:40 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 22:38:10.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:14 PM

Posted 24 July 2009 - 06:25 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 DrizztD

DrizztD
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 26 July 2009 - 12:53 PM

Thank you for getting back to me.

I cannot run malwarebytes for some reason. It acts like it starts to run but the program will not come up.


I did not say this in the last post because it is not suggested to repost, but my computer now does not open my programs in the cd drive and more often than not it will not start from a reboot. it gets up to the point of the logon screen but will not load.


Here is the RSIT logs

Logfile of random's system information tool 1.06 (written by random/random)
Run by Thomas at 2009-07-26 11:42:21
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 120 GB (-9223372036854775807%) free of 236 GB
Total RAM: 2046 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:27 AM, on 7/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Thomas\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Thomas.exe

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: SITEguard BHO - {1827766b-9f49-4854-8034-f6ee26fcb1ec} - C:\Program Files\STOPzilla!\SZSG.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (file missing)
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset .exe C:\Program Files\Dell\QuickSet\quickset.exe .exe C:\Program Files\Dell\QuickSet\quickset.exe .exe C:\Program Files\Dell\QuickSet\quickset.exe .exe C:\Program Files\Dell\QuickSet\quickset.exe .exe C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: ,C:\DOCUME~1\Thomas\LOCALS~1\Temp\192009218946mxx.dll,C:\WINDOWS\TEMP\642547812443mmx.dll
O23 - Service: Avira AntiVir Scheduler (antivirschedulerservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7304 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766b-9f49-4854-8034-f6ee26fcb1ec}]
ZILLAbar Browser Helper Object - C:\Program Files\STOPzilla!\SZSG.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6f74-2d53-2644-206d7942484f}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3215f20-3212-11d6-9f8b-00d0b743919d}]
STOPzilla Browser Helper Object - C:\Program Files\STOPzilla!\SZIEBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-18 259696]
{98828DED-A591-462F-83BA-D2F62A68B8B8} - STOPzilla - C:\Program Files\STOPzilla!\SZSG.dll []
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-11-01 189736]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset .exe [2007-05-14 1191936]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-07-25 25600]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-26 25600]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-05-06 405504]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-12 8429568]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-12 81920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-08 136600]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-06-01 341312]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-26 25600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-25 39408]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-10 342848]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2009-07-26 25600]
"HijackThis startup scan"=C:\Program Files\Trend Micro\HijackThis\HijackThis.exe [2009-07-09 396288]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-07-26 25600]

C:\Documents and Settings\Thomas\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=",C:\DOCUME~1\Thomas\LOCALS~1\Temp\192009218946mxx.dll,C:\WINDOWS\TEMP\642547812443mmx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Ring Factory\RingFactory.exe"="C:\Program Files\Ring Factory\RingFactory.exe:*:Enabled:Ring Factory 3.0"
"C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe"="C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X"
"C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe"="C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Enabled:Tom Clancy's H.A.W.X"
"C:\Program Files\Encore\Hoyle Card Games 2009\Hoyle Card Games.exe"="C:\Program Files\Encore\Hoyle Card Games 2009\Hoyle Card Games.exe:*:Enabled:Hoyle Card Games"
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization"
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\malwarebytes\mbam.exe"="C:\Program Files\malwarebytes\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89dc76e9-3756-11dd-b9aa-806d6172696f}]
shell\autorun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce86a553-b1d6-11dd-a059-b8a7b193fd3d}]
shell\autorun\command - G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e00746cf-f5b8-11dd-a0ce-001d09d3efc1}]
shell\AutoRun\command - I:\HoyleCardGames2009.exe


======List of files/folders created in the last 1 months======

2009-07-26 11:42:21 ----D---- C:\rsit
2009-07-26 11:11:27 ----D---- C:\Program Files\PowerISO
2009-07-21 12:50:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-21 12:50:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-07-21 12:33:47 ----D---- C:\Documents and Settings\Thomas\Application Data\WinPatrol
2009-07-21 12:33:40 ----D---- C:\Program Files\BillP Studios
2009-07-21 12:32:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-07-21 12:32:11 ----D---- C:\Program Files\SpywareBlaster
2009-07-21 12:22:24 ----D---- C:\WINDOWS\Minidump
2009-07-20 23:14:27 ----D---- C:\Program Files\Avira
2009-07-20 23:14:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2009-07-20 23:01:21 ----D---- C:\Program Files\malwarebytes
2009-07-20 23:01:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-17 20:24:18 ----A---- C:\WINDOWS\ld12.exe
2009-07-14 23:07:44 ----A---- C:\fwot.exe
2009-07-14 23:07:44 ----A---- C:\benfuse.exe
2009-07-13 19:36:29 ----A---- C:\WINDOWS\system32\spnmld.dll
2009-07-12 23:20:08 ----D---- C:\WINDOWS\pss
2009-07-12 20:40:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SITEguard
2009-07-12 20:39:52 ----D---- C:\Program Files\Common Files\iS3
2009-07-12 20:39:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2009-07-12 00:32:56 ----A---- C:\WINDOWS\myxuxohuwe.dll
2009-07-12 00:32:56 ----A---- C:\WINDOWS\kunisi.exe
2009-07-12 00:32:56 ----A---- C:\Documents and Settings\Thomas\Application Data\fyvidu.com
2009-07-12 00:30:07 ----A---- C:\WINDOWS\system32\qyrojo.dll
2009-07-12 00:30:07 ----A---- C:\WINDOWS\lybonyboso.vbs
2009-07-12 00:30:07 ----A---- C:\WINDOWS\dahoduxis.com
2009-07-12 00:30:07 ----A---- C:\WINDOWS\bebuhyj.vbs
2009-07-12 00:30:07 ----A---- C:\Program Files\Common Files\nezet.bat
2009-07-12 00:30:07 ----A---- C:\Program Files\Common Files\ihexi.vbs
2009-07-12 00:30:07 ----A---- C:\Program Files\Common Files\ahip.dll
2009-07-12 00:29:30 ----A---- C:\WINDOWS\system32\wisdstr.exe
2009-07-12 00:29:24 ----D---- C:\Program Files\sFX
2009-07-12 00:29:18 ----AH---- C:\WINDOWS\pp10 .exe
2009-07-12 00:29:18 ----A---- C:\WINDOWS\pp10.exe
2009-07-12 00:05:23 ----A---- C:\kpepb.exe
2009-07-12 00:05:22 ----A---- C:\egtau.exe
2009-07-12 00:05:20 ----A---- C:\WINDOWS\system32\braviax .exe
2009-07-11 21:29:10 ----D---- C:\Program Files\Cobian Backup 9
2009-07-10 00:27:31 ----A---- C:\Documents and Settings\All Users.WINDOWS\Application Data\98838586.ini
2009-07-10 00:27:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\98838586
2009-07-10 00:27:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\18828594
2009-07-10 00:27:14 ----A---- C:\ciuge.exe
2009-07-10 00:27:11 ----A---- C:\clynbqef.exe
2009-07-10 00:27:06 ----A---- C:\WINDOWS\system32\gsf83iujid.dll
2009-07-10 00:27:06 ----A---- C:\lkrpk.exe
2009-07-10 00:27:06 ----A---- C:\eughafh.exe
2009-07-09 21:12:23 ----D---- C:\Program Files\Trend Micro
2009-07-09 00:12:58 ----D---- C:\Documents and Settings\Thomas\Application Data\Messenger
2009-07-05 15:20:51 ----D---- C:\Documents and Settings\Thomas\Application Data\Apple Computer

======List of files/folders modified in the last 1 months======

2009-07-26 11:41:18 ----D---- C:\Program Files\Mozilla Firefox
2009-07-26 11:39:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-26 11:39:33 ----D---- C:\WINDOWS\Temp
2009-07-26 11:39:33 ----D---- C:\WINDOWS\system32
2009-07-26 11:37:46 ----D---- C:\WINDOWS
2009-07-26 11:35:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-26 11:35:02 ----D---- C:\Documents and Settings\Thomas\Application Data\DNA
2009-07-26 11:21:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-26 11:21:22 ----D---- C:\Program Files\Windows Media Player
2009-07-26 11:21:18 ----D---- C:\Program Files\DNA
2009-07-26 11:11:27 ----RD---- C:\Program Files
2009-07-26 11:11:27 ----D---- C:\WINDOWS\system32\drivers
2009-07-25 13:28:18 ----A---- C:\WINDOWS\system32\wltray.exe
2009-07-24 14:13:11 ----D---- C:\Documents and Settings\Thomas\Application Data\BitTorrent
2009-07-21 13:17:36 ----SHD---- C:\WINDOWS\Installer
2009-07-21 13:17:36 ----D---- C:\Config.Msi
2009-07-21 13:17:35 ----RSD---- C:\WINDOWS\Fonts
2009-07-21 12:54:21 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-21 12:38:15 ----HD---- C:\WINDOWS\inf
2009-07-20 23:12:59 ----D---- C:\WINDOWS\WinSxS
2009-07-19 18:42:32 ----A---- C:\WINDOWS\system32\wltray.exe51
2009-07-19 16:35:32 ----A---- C:\WINDOWS\system32\wltray.exe55
2009-07-17 16:09:21 ----D---- C:\WINDOWS\Prefetch
2009-07-16 19:02:44 ----A---- C:\WINDOWS\system32\wltray.exe65
2009-07-15 23:30:54 ----A---- C:\WINDOWS\system32\wltray.exe53
2009-07-15 22:02:44 ----D---- C:\Documents and Settings
2009-07-14 22:16:50 ----A---- C:\WINDOWS\system32\wltray.exe60
2009-07-14 20:34:15 ----A---- C:\WINDOWS\system32\wltray.exe68
2009-07-12 23:25:26 ----SH---- C:\boot.ini
2009-07-12 23:25:26 ----A---- C:\WINDOWS\win.ini
2009-07-12 23:25:26 ----A---- C:\WINDOWS\system.ini
2009-07-12 20:46:53 ----D---- C:\Program Files\Common Files
2009-07-11 20:32:30 ----A---- C:\WINDOWS\system32\wltray.exe47
2009-07-10 01:03:48 ----A---- C:\WINDOWS\system32\wltray.exe54
2009-07-10 00:27:12 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-10 00:27:08 ----D---- C:\WINDOWS\system32\wbem
2009-07-09 21:56:02 ----SD---- C:\WINDOWS\Tasks
2009-07-09 21:53:35 ----D---- C:\Documents and Settings\Thomas\Application Data\SanDisk
2009-07-09 21:48:32 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-09 00:05:36 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-06-02 1287552]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-12 6345472]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-06 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-04-27 202912]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-08 152984]
R2 LasMan;Local Connection Manager; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-12 163908]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-06-02 24064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 antivirschedulerservice;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 antivirservice;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
S2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
S2 RPCHE;Remote Procedure Call (RPCE); C:\Program Files\Common Files\Microsoft Shared\Speech\csvd.exe [2009-01-29 17238528]
S2 sfx;sfx; C:\WINDOWS\sySTEM32\SvchoSt.ExE [2008-04-13 14336]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-21 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-07-26 11:42:31

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
cs1300-->MsiExec.exe /I{250E60B4-BC85-45F9-9744-32A9EC5F0BA2}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hoyle Card Games-->C:\Program Files\Encore\Hoyle Card Games 2009\Uninstall.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 4.3.1 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\malwarebytes\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
STOPzilla-->MsiExec.exe /X{2EB5618E-E9CB-436A-841E-E68767E63A01}
Sudoku Deluxe-->MsiExec.exe /X{FF0F8E63-36EC-4180-8DF2-0F3CE3D91966}
The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351)-->"C:\Program Files\Wolfram Research\Mathematica\7.0\SystemFiles\UninstallFiles\Windows\unins000.exe"
Wolfram Notebook Indexer 2.0-->MsiExec.exe /I{C260343B-6282-42A2-939F-1FF7E503F608}

=====HijackThis Backups=====

O4 - HKCU\..\Run: [rcqfb8dbm3tpdrsetf594] C:\DOCUME~1\Thomas\LOCALS~1\Temp\h36kdzr .exe [2009-07-11]
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\Thomas\LOCALS~1\Temp\h36kdzr .exe [2009-07-11]
O4 - HKCU\..\Run: [b9s2enn1o75ixmdxhk4g3bi2ys] C:\DOCUME~1\Thomas\LOCALS~1\Temp\h36kdzr .exe [2009-07-11]
O4 - HKCU\..\Run: [] C:\DOCUME~1\Thomas\LOCALS~1\Temp\h36kdzr .exe [2009-07-11]
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\Thomas\LOCALS~1\Temp\h36kdzr .exe [2009-07-11]
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\Thomas\LOCALS~1\Temp\h36kdzr .exe [2009-07-11]
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\Thomas\LOCALS~1\Temp\h36kdzr .exe [2009-07-11]
O4 - HKCU\..\Run: [] C:\DOCUME~1\Thomas\LOCALS~1\Temp\h36kdzr .exe [2009-07-11]
O4 - HKLM\..\Run: [PC Security 2009] "C:\Program Files\PC_Security2009\PC_Security2009.exe" /hide [2009-07-12]
O4 - HKCU\..\Run: [pridl] "C:\Documents and Settings\Thomas\Application Data\pridl\pridl.exe" 61A847B5BBF72811228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833 [2009-07-12]
O2 - BHO: SITEguard BHO - {1827766b-9f49-4854-8034-f6ee26fcb1ec} - C:\Program Files\STOPzilla!\SZSG.dll [2009-07-12]
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll [2009-07-12]
O2 - BHO: STOPzilla Browser Helper Object - {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Program Files\STOPzilla!\SZIEBHO.dll [2009-07-12]
O4 - HKCU\..\Run: [pridl] "C:\Documents and Settings\Thomas\Application Data\pridl\pridl.exe" 61A847B5BBF72811228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833 [2009-07-15]
O4 - HKLM\..\Run: [PC Security 2009] "C:\Program Files\PC_Security2009\PC_Security2009.exe" /hide [2009-07-16]
O4 - HKCU\..\Run: [pridl] "C:\Documents and Settings\Thomas\Application Data\pridl\pridl.exe" 61A847B5BBF72811228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833 [2009-07-16]
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe [2009-07-16]
O20 - AppInit_DLLs: ,C:\DOCUME~1\Thomas\LOCALS~1\Temp\192009218946mxx.dll [2009-07-16]
O4 - Startup: zqosys32.exe [2009-07-16]
O4 - Startup: ihaupd32.exe [2009-07-16]
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe [2009-07-17]
O2 - BHO: STOPzilla Browser Helper Object - {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing) [2009-07-19]
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (file missing) [2009-07-19]
O2 - BHO: SITEguard BHO - {1827766b-9f49-4854-8034-f6ee26fcb1ec} - C:\Program Files\STOPzilla!\SZSG.dll (file missing) [2009-07-19]
O20 - AppInit_DLLs: ,C:\DOCUME~1\Thomas\LOCALS~1\Temp\192009218946mxx.dll [2009-07-19]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)

======System event log======

Computer Name: ELEMENT
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 3922
Source Name: Service Control Manager
Time Written: 20090709215609.000000-360
Event Type: error
User:

Computer Name: ELEMENT
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 3919
Source Name: Service Control Manager
Time Written: 20090709215609.000000-360
Event Type: error
User:

Computer Name: ELEMENT
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 3916
Source Name: Service Control Manager
Time Written: 20090709215609.000000-360
Event Type: error
User:

Computer Name: ELEMENT
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 3913
Source Name: Service Control Manager
Time Written: 20090709215609.000000-360
Event Type: error
User:

Computer Name: ELEMENT
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 3910
Source Name: Service Control Manager
Time Written: 20090709215609.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: ELEMENT
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 1250
Source Name: LoadPerf
Time Written: 20090206113922.000000-420
Event Type: error
User:

Computer Name: ELEMENT
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Record Number: 1243
Source Name: LoadPerf
Time Written: 20090204173703.000000-420
Event Type: error
User:

Computer Name: ELEMENT
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 1242
Source Name: LoadPerf
Time Written: 20090204173703.000000-420
Event Type: error
User:

Computer Name: ELEMENT
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Record Number: 1236
Source Name: LoadPerf
Time Written: 20090204154844.000000-420
Event Type: error
User:

Computer Name: ELEMENT
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 1235
Source Name: LoadPerf
Time Written: 20090204154844.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 DrizztD

DrizztD
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 26 July 2009 - 02:22 PM

I renamed malwarebytes to get it to work.

here is the mbam log.

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/26/2009 1:09:52 PM
mbam-log-2009-07-26 (13-09-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 263581
Time elapsed: 46 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 17
Registry Values Infected: 9
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 163

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\Thomas\Local Settings\Temp\192009218946mxx.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdat.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdate (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbcc290a-5e32-4e54-80db-f0f3f3892444} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e3a14032-f6fc-426d-a024-bead613d5db3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dailybucks_install.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.48349.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sfx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sfx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sfx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sfx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RPCHE (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Security2009 (Rogue.PCSecurity2009) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmpnscfg (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spybotsd teatimer (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\broadcom wireless manager ui (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syntpenh (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winpatrol (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pwrisovm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sfx (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Thomas\Local Settings\Temp\192009218946mxx.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\Windows Media Player\wmpnscfg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Spybot - Search & Destroy\teatimer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wltray.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Synaptics\SynTP\syntpenh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\PowerISO\pwrisovm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\benfuse.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\ciuge.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\clynbqef.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\egtau.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\eughafh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\fwot.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\lkrpk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\all users.windows\application data\18828594\18828594 .exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\all users.windows\application data\18828594\18828594.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\all users.windows\application data\98838586\98838586 .exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\all users.windows\application data\98838586\98838586.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\1941323482.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\1989760982.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\2051792232.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\2111948482.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\3202159246.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\37.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\3933049524.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\565807510.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\cemwaxosrn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\dailybucks_install.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\db.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\debug.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\install.48349.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\installb[2].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\login.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\notepad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\oesacwxmrn.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\system.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\tdl6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\win.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\winamp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\winlogon .exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\zjhufhdfe.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\~TM18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\~TM3D.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\~TM7.tmp (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\documents and settings\Thomas\local settings\Temp\~TME.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\thomas ostdiek\local settings\Temp\lgbtiopd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\thomas ostdiek\local settings\Temp\lpbeykct.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\thomas ostdiek\local settings\Temp\myngtwnc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\thomas ostdiek\local settings\Temp\sfwxipxp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\thomas ostdiek\local settings\Temp\wqpkrhum.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\thomas ostdiek\local settings\Temp\yijvjqpj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\thomas ostdiek\local settings\temporary internet files\Content.IE5\0TUR09AR\h8vr[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\thomas ostdiek\local settings\temporary internet files\Content.IE5\CEYR04SO\kb600179[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\thomas ostdiek\local settings\temporary internet files\Content.IE5\EMGCTG4P\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\thomas ostdiek\local settings\temporary internet files\Content.IE5\O5YNOX2R\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\program files\billp studios\winpatrol\winpatrol .exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Dell\QuickSet\quickset.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe41 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe42 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe45 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe47 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe48 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe51 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe54 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe55 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\sFX\SfX.DlL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe52 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe53 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe54 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\synaptics\SynTP\syntpenh.exe47 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\synaptics\SynTP\syntpenh.exe48 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\synaptics\SynTP\syntpenh.exe49 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\synaptics\SynTP\syntpenh.exe50 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\synaptics\SynTP\syntpenh.exe52 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\synaptics\SynTP\syntpenh.exe54 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\synaptics\SynTP\syntpenh.exe55 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\synaptics\SynTP\syntpenh.exe57 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\trend micro\hijackthis\backups\backup-20090716-194353-107-zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\trend micro\hijackthis\backups\backup-20090716-194353-314-ihaupd32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe39 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe44 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe45 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe46 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe48 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe49 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe50 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe53 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe54 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe55 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe57 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe62 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\windows media player\wmpnscfg.exe65 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP23\A0009616.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP23\A0009617.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP23\A0009618.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP23\A0009619.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP23\A0009759.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP24\A0010568.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP24\A0010569.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP26\A0011692.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP26\A0011693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP27\A0011733.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP27\A0011734.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP27\A0011735.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP29\A0012849.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP31\A0014144.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP31\A0014185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0014375.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0014380.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0014822.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0014823.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015045.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015166.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015167.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015181.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015188.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP32\A0015190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP33\A0015251.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP33\A0015257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP33\A0015263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP33\A0015270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP33\A0015271.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a0159a45-c77e-42cd-903a-74fc8a64fac4}\RP122\A0027236.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a0159a45-c77e-42cd-903a-74fc8a64fac4}\RP139\A0029661.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\WINDOWS\ld12.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10 .exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\braviax .exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gsf83iujid.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wltray.exe47 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wltray.exe51 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wltray.exe53 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wltray.exe54 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wltray.exe55 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wltray.exe60 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wltray.exe65 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wltray.exe68 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv711246736802 .exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv711246736802.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\Temp\wpv751245771011.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thomas\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c2d.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idm.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\q1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ck.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Thomas\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ca.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\kpepb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:14 PM

Posted 26 July 2009 - 05:28 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:14 PM

Posted 30 July 2009 - 06:52 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users