Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal of Trojan.Patched.EL from laptop


  • This topic is locked This topic is locked
9 replies to this topic

#1 Ken Alonso

Ken Alonso

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Northern Virginia
  • Local time:02:59 PM

Posted 04 September 2009 - 02:33 PM

Hi!

i am new to this forum and am desperately trying to remove "Trojan.Patched.EL" from my computer. i am running XP Professional SP2 and found this trojan after doing a deep scan with BitDefender. After BitDefender could not de-infect, delete or quarantine the trojan, i decided to seek help here.

i have also tried to delete the wininet.dll AND kernel32.dll files in c:\windows\system32 directory in Safe Mode but when i tried that i get the following:

Error Deleting File or Folder" dialog box, which says: "Cannot delete kernal32: Access is denied. Make sure the disk is not full or write protected and that the file is not currently in use.

i downloaded AND ran DDS and have attached the log files to this post.

I am hoping someone knows how to remove this trojan.

thanks, ken

Attached Files

  • Attached File  DDS.zip   8.13KB   2 downloads


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 21 September 2009 - 02:40 AM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 25 September 2009 - 06:14 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 28 September 2009 - 06:25 AM

Topic reopened at OP request.

unite.jpg


#5 Ken Alonso

Ken Alonso
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Northern Virginia
  • Local time:02:59 PM

Posted 28 September 2009 - 03:53 PM

hi syler -

i did some things before my last post and wanted to list them here, as well as the log files.

in trying to repair my infected computer, i could no longer boot up in normal OR safe mode.

so, i started up recovery console from my DELL XP SP2 install disk and restored system files by doing:

1) made a new c:\window\system32\tmp folder at the c:\windows command prompt and typed the following COPY and DELETE commands:

copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak

delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default

2) copied repair files in order to try to get Windows XP to boot by typing the following commands:

copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\system\software c:\windows\system32\config\software
copy c:\windows\repair\system\sam c:\windows\system32\config\sam
copy c:\windows\repair\system\security c:\windows\system32\config\security
copy c:\windows\repair\system\default c:\windows\system32\config\default



the computer seem to boot up find in normal Windows mode but then, suddenly, a Windows Installer window popped up. So, i cancelled and ended the task in task manager. Then, several seconds later, i got a "STOP: c000021a {Fatal System Error}. The Windows SubSystem system process terminated unexpedtedly with a status of 0xc0000005 (Ox7c9106c3 0x0154f36c). The system has been shut down. Beginning dump of physical memory." message. However, i was now able to boot up once again in safe mode with command prompt AND safe mode.



next, i did the following in safe mode:

1) ran HostsXpert 4.2 and clicked "Restore MS Hosts File" and "Make Read Only" buttons.

2) ran ATF Cleaner and on Main screen chose "Select All" for "Select Files to Delete". Then, i clicked the "Empty Selected" button. Then, i went to the Firefox window and repeated the same steps.

3) ran a "Full Scan" in Malwarebytes' Anti-Malware program, which found one infected file. Here is the mbam-log:

Malwarebytes' Anti-Malware 1.40
Database version: 2708
Windows 5.1.2600 Service Pack 2 (Safe Mode)

9/27/2009 9:42:34 PM
mbam-log-2009-09-27 (21-42-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 491698
Time elapsed: 3 hour(s), 2 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmrgsnomyl (Trojan.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I then restarted in normal mode. The computer froze at the Windows XP logo screen with the status bar.

I went back into safe mode and ran ComboFix and when ComboFix restarted the machine i logged into windows in normal mode. The ComboFix blue pop up window appeared saying it was preparing the log file and not to start any programs. In another 30 seconds or so, again, i received the infamous blue screen of death with the same "STOP: c000021a Fatal System Error; The Windows SubSystem system process terminated unexpectedly . . ." message AND the dump of physical memory began as before.

After the dump, i booted up in safe mode and after running ComboFix a second time, it created the log file w/o restarting. I restarted in normal mode again AND again the same fatal system error.

Lastly, i restarted in Recovery Console and ran "chkdsk c: /r ". The results said it found and fixed one or more errors. I exited out of Recovery Console and had windows boot in normal mode. Once again, i received the c000021a Fatal System Error.




Now, per your request, i have run RSIT and posted the logs below:

Here is the LOG.TXT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ken Alonso at 2009-09-28 15:37:39
Microsoft Windows XP Professional Service Pack 2
System drive C: has 191 GB (82%) free of 233 GB
Total RAM: 3262 MB (88% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:53 PM, on 9/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ken Alonso\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Ken Alonso.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071130
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.1.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\program files\cvs\cvs photo editor plus\corel photo downloader.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198266393265
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: activePDF Server (A4ACTIVEPDFSERVER) - activePDF, Inc. - C:\WINDOWS\system32\APSERVER.EXE
O23 - Service: activePDF DocConverter SystemOnly Launch (APDCSYSO) - Unknown owner - C:\WINDOWS\system32\APDCSYSO.EXE
O23 - Service: activePDF DocConverter (APDOCCONV) - activePDF, Inc. - C:\WINDOWS\system32\APDOCCNV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca0123c76228a4) (gupdate1ca0123c76228a4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: rpcnetp - Unknown owner - C:\WINDOWS\System32\rpcnetp.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12918 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
ZILLAbar Browser Helper Object - C:\Program Files\STOPzilla!\SZSG.dll [2009-08-18 259520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
STOPzilla Browser Helper Object - C:\Program Files\STOPzilla!\SZIEBHO.dll [2009-08-18 222656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15 161096]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-08-07 259696]
{98828DED-A591-462F-83BA-D2F62A68B8B8} - STOPzilla - C:\Program Files\STOPzilla!\SZSG.dll [2009-08-18 259520]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll [2009-08-07 128832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-07-18 851968]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-07-26 8466432]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-07-26 81920]
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-08-28 36864]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-07-25 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-07-25 974848]
"Launch LCDMon"=C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe [2007-07-18 775952]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"QuickTime Task"=C:\program files\quicktime\qttask.exe [2009-05-26 413696]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-08-24 1181064]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-10 198160]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-06-13 73728]
"WrtMon.exe"=C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-08-26 68592]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-03 149280]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [2009-08-13 1096192]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [2009-08-06 64000]
"Corel Photo Downloader"=C:\program files\cvs\cvs photo editor plus\corel photo downloader.exe [2007-02-06 478800]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-07-17 405504]
"SRFirstRun"=rundll32 srclient.dll,CreateFirstRunRp []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-12-18 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-03 1228800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-30 1862144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-08-26 68592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-04-16 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-12-18 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe"="C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client"
"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe"="C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:*:Enabled:Microsoft Visual Studio 2005"
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier"
"C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE"="C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel"
"C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\ssmsee.exe"="C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\ssmsee.exe:*:Enabled:Microsoft SQL Server Management Studio Express"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Documents and Settings\Ken Alonso\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Ken Alonso\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:msmsgs"
"C:\WINDOWS\system32\dllhost.exe"="C:\WINDOWS\system32\dllhost.exe:*:Enabled:dllhost"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-09-28 15:37:40 ----D---- C:\Program Files\trend micro
2009-09-28 15:37:39 ----D---- C:\rsit
2009-09-28 15:35:15 ----SHD---- C:\RECYCLER
2009-09-28 00:17:12 ----D---- C:\WINDOWS\temp
2009-09-28 00:17:10 ----A---- C:\ComboFix.txt
2009-09-28 00:06:07 ----D---- C:\Combo-Fix
2009-09-27 23:23:08 ----A---- C:\Boot.bak
2009-09-27 23:23:00 ----RASHD---- C:\cmdcons
2009-09-27 23:22:05 ----A---- C:\WINDOWS\zip.exe
2009-09-27 23:22:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-27 23:22:05 ----A---- C:\WINDOWS\SWSC.exe
2009-09-27 23:22:05 ----A---- C:\WINDOWS\SWREG.exe
2009-09-27 23:22:05 ----A---- C:\WINDOWS\sed.exe
2009-09-27 23:22:05 ----A---- C:\WINDOWS\PEV.exe
2009-09-27 23:22:05 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-27 23:22:05 ----A---- C:\WINDOWS\grep.exe
2009-09-27 23:20:58 ----D---- C:\WINDOWS\ERDNT
2009-09-27 21:51:51 ----D---- C:\Qoobox
2009-09-27 16:44:38 ----D---- C:\WINDOWS\Prefetch
2009-09-27 12:25:58 ----D---- C:\WINDOWS\tmp
2009-09-26 13:31:48 ----D---- C:\HostsXpert
2009-09-18 12:20:22 ----A---- C:\PE-Files.txt
2009-09-18 12:12:56 ----A---- C:\Win-Files.txt
2009-09-18 12:06:38 ----D---- C:\WINDOWS\Temporary Internet Files
2009-09-18 12:05:06 ----D---- C:\WINDOWS\Recent
2009-09-18 12:05:05 ----D---- C:\WINDOWS\History
2009-09-17 07:45:12 ----D---- C:\Program Files\DIFX
2009-09-17 07:44:48 ----A---- C:\WINDOWS\system32\NETw5r32.dll
2009-09-17 07:44:48 ----A---- C:\WINDOWS\system32\NETw5c32.dll
2009-09-17 06:31:11 ----RASH---- C:\BOOT.INI
2009-09-16 20:46:55 ----A---- C:\msicuu2.exe
2009-09-16 19:42:22 ----A---- C:\ICS_Dx32.exe
2009-09-16 19:29:07 ----D---- C:\WINDOWS\LastGood
2009-09-15 23:28:29 ----RA---- C:\WINDOWS\SET12A.tmp
2009-09-15 23:28:29 ----RA---- C:\WINDOWS\SET129.tmp
2009-09-15 23:28:10 ----RA---- C:\WINDOWS\SETEE.tmp
2009-09-15 23:28:06 ----RA---- C:\WINDOWS\SETE2.tmp
2009-09-15 23:28:04 ----RA---- C:\WINDOWS\SETDF.tmp
2009-09-15 22:48:02 ----D---- C:\Documents and Settings\All Users\Application Data\RegCure
2009-09-15 22:47:41 ----D---- C:\Program Files\RegCure
2009-09-14 17:46:44 ----D---- C:\WINDOWS\system32\Profiles
2009-09-14 17:37:01 ----A---- C:\WINDOWS\system32\wmpsrcwp.dll
2009-09-14 17:37:01 ----A---- C:\WINDOWS\system32\wmpencen.dll
2009-09-14 17:37:01 ----A---- C:\WINDOWS\system32\Audiodev.dll
2009-09-14 17:36:57 ----A---- C:\WINDOWS\system32\wpdtrace.dll
2009-09-14 17:36:57 ----A---- C:\WINDOWS\system32\wpdsp.dll
2009-09-14 17:36:57 ----A---- C:\WINDOWS\system32\wpdmtpus.dll
2009-09-14 17:36:56 ----A---- C:\WINDOWS\system32\wpdmtpdr.dll
2009-09-14 17:36:56 ----A---- C:\WINDOWS\system32\wpdmtp.dll
2009-09-14 17:36:56 ----A---- C:\WINDOWS\system32\wpdconns.dll
2009-09-14 17:36:56 ----A---- C:\WINDOWS\system32\wpd_ci.dll
2009-09-14 17:36:56 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2009-09-14 17:36:56 ----A---- C:\WINDOWS\system32\wdfapi.dll
2009-09-14 17:36:56 ----A---- C:\WINDOWS\system32\uwdf.exe
2009-09-14 17:36:53 ----A---- C:\WINDOWS\system32\WMVADVE.DLL
2009-09-14 17:36:53 ----A---- C:\WINDOWS\system32\WMDRMNet.dll
2009-09-14 17:36:53 ----A---- C:\WINDOWS\system32\WMDRMdev.dll
2009-09-14 17:36:49 ----A---- C:\WINDOWS\system32\wmvadvd.dll
2009-09-14 17:36:13 ----D---- C:\WINDOWS\LastGood.Tmp
2009-09-14 16:07:08 ----RA---- C:\WINDOWS\SET177.tmp
2009-09-14 16:07:08 ----RA---- C:\WINDOWS\SET176.tmp
2009-09-14 16:06:44 ----RA---- C:\WINDOWS\SET13B.tmp
2009-09-14 16:06:39 ----RA---- C:\WINDOWS\SET12F.tmp
2009-09-14 16:06:38 ----RA---- C:\WINDOWS\SET12C.tmp
2009-09-14 11:55:00 ----D---- C:\WINDOWS\dell
2009-09-14 08:24:05 ----A---- C:\WINDOWS\system32\phversion.txt
2009-09-11 07:53:16 ----D---- C:\found.000
2009-09-10 21:19:08 ----D---- C:\Documents and Settings\Ken Alonso\Application Data\BitDefender
2009-09-10 12:53:53 ----HD---- C:\WINDOWS\system32\Settings
2009-09-10 11:58:34 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-09-10 11:57:49 ----D---- C:\Program Files\STOPzilla!
2009-09-10 11:57:47 ----D---- C:\Program Files\Common Files\iS3
2009-09-10 11:57:47 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-09-09 12:47:29 ----D---- C:\Program Files\Lavasoft
2009-09-09 12:47:29 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-09-09 08:36:10 ----A---- C:\WINDOWS\system32\pluginsx86.exe
2009-09-07 07:07:24 ----A---- C:\WINDOWS\system32\sbbd.exe
2009-09-07 07:05:30 ----D---- C:\VIPRERESCUE
2009-09-06 13:36:05 ----D---- C:\WINDOWS\BDOSCAN8
2009-09-05 13:36:06 ----D---- C:\Program Files\Alwil Software
2009-09-04 13:30:55 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-03 14:39:55 ----D---- C:\Documents and Settings\Ken Alonso\Application Data\QuickScan
2009-09-03 11:51:39 ----A---- C:\WINDOWS\system32\rpcnet.exe
2009-09-03 11:47:07 ----A---- C:\WINDOWS\system32\bda49.tmp
2009-09-03 10:36:50 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-03 10:36:50 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-03 10:36:50 ----A---- C:\WINDOWS\system32\java.exe
2009-09-03 10:36:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-02 22:24:08 ----A---- C:\WINDOWS\system32\bda95.tmp
2009-09-02 18:55:11 ----D---- C:\Documents and Settings\Ken Alonso\Application Data\Systweak
2009-09-02 18:55:11 ----D---- C:\Documents and Settings\All Users\Application Data\Systweak
2009-09-02 18:50:16 ----D---- C:\Program Files\Systweak
2009-09-02 18:24:30 ----A---- C:\WINDOWS\system32\bda77.tmp
2009-09-02 18:24:00 ----A---- C:\WINDOWS\system32\bda72.tmp
2009-09-02 17:05:03 ----A---- C:\WINDOWS\system32\bda4E.tmp
2009-09-02 17:04:43 ----A---- C:\WINDOWS\system32\bda4D.tmp
2009-09-02 17:03:39 ----A---- C:\WINDOWS\system32\bda36.tmp
2009-09-02 17:02:49 ----A---- C:\WINDOWS\system32\bda31.tmp
2009-09-02 17:02:22 ----A---- C:\WINDOWS\system32\bda30.tmp
2009-09-02 17:01:51 ----A---- C:\WINDOWS\system32\bda2E.tmp
2009-09-02 17:01:10 ----A---- C:\WINDOWS\system32\bda2C.tmp
2009-09-02 17:00:50 ----A---- C:\WINDOWS\system32\bda2B.tmp
2009-09-02 16:59:56 ----A---- C:\WINDOWS\system32\bda27.tmp
2009-09-02 16:58:49 ----A---- C:\WINDOWS\system32\bda24.tmp
2009-09-02 16:58:19 ----A---- C:\WINDOWS\system32\bda23.tmp
2009-09-01 11:11:47 ----A---- C:\WINDOWS\system32\bda76.tmp
2009-09-01 11:11:07 ----A---- C:\WINDOWS\system32\bda73.tmp
2009-09-01 11:08:33 ----A---- C:\WINDOWS\bdagent.INI
2009-09-01 10:53:55 ----A---- C:\WINDOWS\system32\bda54.tmp
2009-09-01 10:51:34 ----A---- C:\WINDOWS\system32\bda4A.tmp
2009-09-01 10:51:24 ----A---- C:\WINDOWS\system32\bda48.tmp
2009-09-01 10:51:14 ----A---- C:\WINDOWS\system32\bda47.tmp
2009-09-01 10:50:53 ----A---- C:\WINDOWS\system32\bda45.tmp
2009-09-01 10:50:11 ----A---- C:\WINDOWS\system32\bda40.tmp
2009-09-01 10:49:51 ----A---- C:\WINDOWS\system32\bda3E.tmp
2009-09-01 10:30:45 ----D---- C:\Program Files\BitDefender
2009-09-01 10:30:45 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-09-01 10:27:29 ----D---- C:\Program Files\Common Files\BitDefender
2009-09-01 09:13:54 ----A---- C:\WINDOWS\system32\msiscan.exe
2009-08-30 14:05:35 ----D---- C:\Program Files\Avira
2009-08-30 14:05:35 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

======List of files/folders modified in the last 1 months======

2009-09-28 15:37:40 ----RD---- C:\Program Files
2009-09-28 15:28:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-28 15:28:10 ----D---- C:\WINDOWS\system32\drivers
2009-09-28 15:27:30 ----SHD---- C:\WINDOWS\CSC
2009-09-28 15:27:12 ----D---- C:\WINDOWS
2009-09-28 15:27:08 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2009-09-28 05:11:58 ----A---- C:\WINDOWS\system32\rpcnetp.dll
2009-09-28 05:11:56 ----A---- C:\WINDOWS\system32\rpcnet.dll
2009-09-28 05:11:12 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-28 00:20:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-28 00:17:13 ----D---- C:\WINDOWS\system32
2009-09-28 00:15:17 ----SD---- C:\WINDOWS\Tasks
2009-09-28 00:14:32 ----A---- C:\WINDOWS\system.ini
2009-09-28 00:11:33 ----D---- C:\WINDOWS\AppPatch
2009-09-28 00:11:24 ----D---- C:\Program Files\Common Files
2009-09-28 00:08:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-28 00:03:46 ----D---- C:\Program Files\Common Files\Logitech
2009-09-28 00:02:20 ----HD---- C:\WINDOWS\inf
2009-09-27 23:59:02 ----D---- C:\WINDOWS\Minidump
2009-09-27 23:34:35 ----D---- C:\WINDOWS\system32\config
2009-09-27 23:33:50 ----SHD---- C:\WINDOWS\Installer
2009-09-27 23:33:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-27 17:34:40 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-27 17:23:33 ----D---- C:\WINDOWS\system32\Restore
2009-09-27 17:23:32 ----SHD---- C:\System Volume Information
2009-09-27 16:43:50 ----D---- C:\WINDOWS\Help
2009-09-27 16:14:13 ----A---- C:\WINDOWS\setuplog.txt
2009-09-27 07:55:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-26 06:48:39 ----D---- C:\WINDOWS\system32\Setup
2009-09-26 06:48:39 ----D---- C:\WINDOWS\system
2009-09-26 06:48:27 ----D---- C:\WINDOWS\system32\usmt
2009-09-26 06:48:05 ----D---- C:\WINDOWS\mui
2009-09-26 06:48:05 ----D---- C:\WINDOWS\ehome
2009-09-26 06:48:04 ----D---- C:\WINDOWS\ime
2009-09-26 06:48:03 ----RSD---- C:\WINDOWS\Fonts
2009-09-26 06:48:02 ----D---- C:\WINDOWS\Media
2009-09-26 06:47:59 ----D---- C:\WINDOWS\system32\wbem
2009-09-26 06:47:53 ----RD---- C:\WINDOWS\Web
2009-09-26 06:47:48 ----D---- C:\WINDOWS\PeerNet
2009-09-26 06:47:30 ----D---- C:\WINDOWS\system32\npp
2009-09-26 06:47:22 ----D---- C:\WINDOWS\msagent
2009-09-26 06:43:55 ----D---- C:\WINDOWS\twain_32
2009-09-26 06:43:09 ----D---- C:\WINDOWS\system32\icsxml
2009-09-26 06:42:28 ----D---- C:\WINDOWS\system32\ias
2009-09-26 06:42:20 ----D---- C:\WINDOWS\system32\1033
2009-09-26 06:40:51 ----D---- C:\WINDOWS\Driver Cache
2009-09-18 12:10:37 ----D---- C:\WINDOWS\repair
2009-09-17 07:44:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-17 07:44:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-17 04:19:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-17 04:19:24 ----D---- C:\WINDOWS\system32\oobe
2009-09-16 20:48:59 ----D---- C:\Program Files\MSECache
2009-09-16 20:12:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-16 20:11:23 ----D---- C:\WINDOWS\security
2009-09-16 19:37:20 ----D---- C:\WINDOWS\nview
2009-09-16 19:30:01 ----D---- C:\Program Files\Windows Media Player
2009-09-16 19:28:30 ----A---- C:\WINDOWS\OEWABLog.txt
2009-09-16 19:28:27 ----D---- C:\WINDOWS\Registration
2009-09-16 19:28:22 ----A---- C:\WINDOWS\ODBCINST.INI
2009-09-16 19:27:13 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-09-16 19:26:58 ----A---- C:\WINDOWS\win.ini
2009-09-16 19:21:49 ----D---- C:\WINDOWS\system32\Com
2009-09-15 23:34:38 ----D---- C:\drivers
2009-09-15 23:28:30 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-09-14 17:44:11 ----A---- C:\WINDOWS\imsins.BAK
2009-09-14 17:36:15 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-14 17:33:36 ----D---- C:\Program Files\Outlook Express
2009-09-14 17:33:35 ----D---- C:\Program Files\Common Files\System
2009-09-14 17:33:27 ----D---- C:\Program Files\Internet Explorer
2009-09-14 11:54:59 ----D---- C:\WINDOWS\WinSxS
2009-09-13 11:19:13 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-09-13 11:18:24 ----D---- C:\Program Files\Spyware Doctor
2009-09-10 21:12:58 ----D---- C:\Program Files\Mozilla Firefox
2009-09-10 15:11:06 ----D---- C:\Program Files\Common Files\Uninstall
2009-09-04 14:05:39 ----D---- C:\Documents and Settings
2009-09-03 10:36:12 ----D---- C:\Program Files\Java
2009-09-03 01:42:39 ----D---- C:\i386
2009-08-30 14:33:40 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-30 14:12:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-30 14:03:34 ----RSD---- C:\WINDOWS\assembly
2009-08-30 14:01:51 ----D---- C:\Program Files\Microsoft SQL Server

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-07-17 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-17 56832]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-17 37376]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-07-18 161792]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-08-06 110728]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2004-05-14 147236]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-12 2211456]
R3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 23180]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-18 202912]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-30 21393]
S2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys []
S2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
S2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
S2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
S2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
S2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
S2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
S2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
S2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
S2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
S2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
S2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 BCASPROT;Advanced System Protector; \??\C:\Program Files\Systweak\Advanced System Protector\sasprot32.sys []
S3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2009-06-29 152328]
S3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys []
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
S3 catchme;catchme; \??\C:\DOCUME~1\KENALO~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-07-26 6838368]
S3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.; \??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys []
S3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
S3 physX32;physX32; C:\WINDOWS\system32\DRIVERS\physX32.sys [2007-06-26 117888]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-07-17 1222840]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-04 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-08-24 1097096]
S2 A4ACTIVEPDFSERVER;activePDF Server; C:\WINDOWS\system32\APSERVER.EXE [2004-07-29 360139]
S2 APDCSYSO;activePDF DocConverter SystemOnly Launch; C:\WINDOWS\system32\APDCSYSO.EXE [2002-08-05 28672]
S2 APDOCCONV;activePDF DocConverter; C:\WINDOWS\system32\APDOCCNV.EXE [2002-10-07 98304]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
S2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 gupdate1ca0123c76228a4;Google Update Service (gupdate1ca0123c76228a4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-10 133104]
S2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
S2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-03 153376]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-08-07 330200]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-07-03 475136]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-07-26 155716]
S2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
S2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S2 rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2009-09-09 56680]
S2 rpcnetp;rpcnetp; C:\WINDOWS\System32\rpcnetp.exe [2009-09-28 17408]
S2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-07-25 987136]
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
S2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
S2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
S2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2007-07-17 94208]
S2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2009-07-20 57344]
S2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [2009-08-11 1576976]
S2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
S2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-07-25 294912]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-06-25 176128]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-30 1862144]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RampartSvc;SonicWall VPN Client Service; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2004-10-15 131072]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------





Here is INFO.TXT:

info.txt logfile of random's system information tool 1.06 2009-09-28 15:37:58

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec /X{AC434EC8-B3CC-4003-92C1-0AE751CCFEB5}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
activePDF DocConverter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B09844C-B342-4C9E-A16F-DA7032C7B417}\Setup.exe"
activePDF Server-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B9CFDC9-4CCF-48D3-8D5C-6BAAEC4F5506}\Setup.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AGEIA PhysX v7.06.26-->MsiExec.exe /X{AC434EC8-B3CC-4003-92C1-0AE751CCFEB5}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
BitDefender Internet Security 2010-->MsiExec.exe /X{8227074F-0438-4DCE-886F-3E55FB86B79D}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs-->MsiExec.exe /X{177D1318-3E4B-4A7C-A300-AC4E21BE090B}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Canon IJ Network Scan Utility-->C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSU.EXE
Canon IJ Network Tool-->C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MP Navigator EX 1.1-->"C:\Program Files\Canon\MP Navigator EX 1.1\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.1\uninst.ini
Canon MX850 series User Registration-->C:\Program Files\Canon\IJEREG\MX850 series\UNINST.EXE
Canon MX850 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Computrace-->MsiExec.exe /X{20159B36-3A64-49AB-B3AA-FE6DE1D93C7C}
CVS Photo Editor Plus-->MsiExec.exe /X{E0150C73-3138-4FD2-B038-7F2637C9B5C7}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
FileZilla Client 3.2.6.1-->C:\Program Files\FileZilla Client\uninstall.exe
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GIMP 2.4.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GNU Privacy Guard-->"C:\Program Files\GNU\GnuPG\uninst-gnupg.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.43\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
hp deskjet 6122 series-->rundll32 hpzcon07.dll,VendorJettison hp deskjet 6122 series
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
Ipswitch WS_FTP 12-->C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Laptop Integrated Webcam Driver (1.03.02.0719) -->C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Gaming LCD Software 1.04-->MsiExec.exe /X{F7511FE7-BA89-4939-B2EF-A3F287B0F298}
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ASP.NET 2.0 AJAX Extensions 1.0-->MsiExec.exe /X{082BDF7B-4810-4599-BF0D-E3AC44EC8524}
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server 2000 Sample Database Scripts-->MsiExec.exe /I{ABB6AC00-F1D8-4EBF-8128-830D090B76C0}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Database Publishing Wizard 1.1-->MsiExec.exe /X{8C6EE0B4-650F-452E-B9C2-882A72227B19}
Microsoft SQL Server Management Objects Collection -->MsiExec.exe /I{F90E143F-8EB2-4E41-BF4B-E00B046C33E5}
Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{20608BFA-6068-48FE-A410-400F2A124C27}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Presto! PageManager 7.15.20-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
QualxServ Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RadControls for ASPNET AJAX Q2 2008-->C:\Program Files\InstallShield Installation Information\{BA704848-4CC3-11DD-9180-596855D89593}\setup.exe -runfromtemp -l0x0409
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
RegCure 1.6.0.0-->C:\Program Files\RegCure\uninst.exe
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
ScanSoft OmniPage SE 4-->MsiExec.exe /I{FE893E2C-11B4-47CB-88F6-6647D90C6A13}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {66DA9ADD-B1C4-4891-84D6-706E216B411B} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {964C8238-245C-4475-BB6E-D19D2C1220F2} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnagIt 9-->MsiExec.exe /I{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SonicWALL Global VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}\setup.exe" -l0x9 -FromCPL
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
STOPzilla-->MsiExec.exe /X{DB9ECBEC-F228-460D-8CF7-DCDCC872CBAB}
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
TortoiseSVN 1.4.5.10425 (32 bit)-->MsiExec.exe /X{F4BBA950-56F0-4335-8D93-EE64BFF593A0}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wmaiper-->MsiExec.exe /I{E3B5D92A-94E3-4F48-AA38-83317662116B}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Home & Business 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax Home & Business 2007-->C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
WebDialogs Unyte-->C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F09C3B9060684346A02C2F528049D062\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

======Security center information======

AV: BitDefender Antivirus
FW: BitDefender Firewall

======System event log======

Computer Name: KEN
Event Code: 7001
Message: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 33
Source Name: Service Control Manager
Time Written: 20090927172454.000000-240
Event Type: error
User:

Computer Name: KEN
Event Code: 7001
Message: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 32
Source Name: Service Control Manager
Time Written: 20090927172454.000000-240
Event Type: error
User:

Computer Name: KEN
Event Code: 7001
Message: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 31
Source Name: Service Control Manager
Time Written: 20090927172454.000000-240
Event Type: error
User:

Computer Name: KEN
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 23
Source Name: b57w2k
Time Written: 20090927170829.000000-240
Event Type: warning
User:

Computer Name: KEN
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 14
Source Name: b57w2k
Time Written: 20090927164559.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: KEN
Event Code: 17049
Message: Unable to cycle error log file from 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4' due to OS error '5(Access is denied.)'. A process outside of SQL Server may be preventing SQL Server from reading the files. As a result, errorlog entries may be lost and it may not be possible to view some SQL Server errorlogs. Make sure no other processes have locked the file with write-only access."

Record Number: 11
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090927164623.000000-240
Event Type: error
User:

Computer Name: KEN
Event Code: 17049
Message: Unable to cycle error log file from 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5' due to OS error '5(Access is denied.)'. A process outside of SQL Server may be preventing SQL Server from reading the files. As a result, errorlog entries may be lost and it may not be possible to view some SQL Server errorlogs. Make sure no other processes have locked the file with write-only access."

Record Number: 10
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090927164623.000000-240
Event Type: error
User:

Computer Name: KEN
Event Code: 17049
Message: Unable to cycle error log file from 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.6' due to OS error '5(Access is denied.)'. A process outside of SQL Server may be preventing SQL Server from reading the files. As a result, errorlog entries may be lost and it may not be possible to view some SQL Server errorlogs. Make sure no other processes have locked the file with write-only access."

Record Number: 9
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090927164623.000000-240
Event Type: error
User:

Computer Name: KEN
Event Code: 1001
Message: Detection of product '{FE893E2C-11B4-47CB-88F6-6647D90C6A13}', feature 'OmniPageSE' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 6
Source Name: MsiInstaller
Time Written: 20090927164521.000000-240
Event Type: warning
User: KEN\Ken Alonso

Computer Name: KEN
Event Code: 1004
Message: Detection of product '{FE893E2C-11B4-47CB-88F6-6647D90C6A13}', feature 'OmniPageSE', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Record Number: 5
Source Name: MsiInstaller
Time Written: 20090927164521.000000-240
Event Type: warning
User: KEN\Ken Alonso

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0a
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"OldPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;c:\Program Files\pdf-tools\bin;c:\Program Files\pdf-tools\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------




Hope this helps you determine why i keep getting the Fatal System Error.

Thanks, Ken

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 28 September 2009 - 08:35 PM

It sounds like your system is in a rite mess, and you haven't helped it by some of the actions you have taken, I don't no if I will be able to
fix this since you have done so much to it, but I will have a look.

i have also tried to delete the wininet.dll AND kernel32.dll files in c:\windows\system32 directory in Safe Mode but when i tried that i get the following:

Error Deleting File or Folder" dialog box, which says: "Cannot delete kernal32: Access is denied. Make sure the disk is not full or write protected and that the file is not currently in use.


These two files are important system files and it's a good job you didn't manage to delete them.

so, i started up recovery console from my DELL XP SP2 install disk and restored system files by doing:

1) made a new c:\window\system32\tmp folder at the c:\windows command prompt and typed the following COPY and DELETE commands:

ETC.........


This procedure does not restore your system files, or any files, it restores the registry to it's default state when windows was installed.
Your registry looks like it is current, did you get the instructions from here, if so did you then follow part two at some point or did you
restore it another way?

I went back into safe mode and ran ComboFix


ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Post the contents of C:\ComboFix.txt in your next reply.


I really think the best course of action would be to format here, since your computer is in such a mess and I can see that you have been dealing with a rootkit.


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program.
  • Cancel any prompts to download the latest CureIt version and click Start.
  • At the prompt to "Start scan now", click Ok. Allow the setup.exe/driver to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Please post back here with the following logs:
  • Combofix.txt
  • Dr Web report
Thanks

unite.jpg


#7 Ken Alonso

Ken Alonso
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Northern Virginia
  • Local time:02:59 PM

Posted 30 September 2009 - 09:11 AM

syler -

wow! now i see how are card number was trying to be used and BofA alerted us.

i will go ahead and re-format, just to be safe. i will read your link about re-installing, just to make sure i really clean this pc.

btw, you have any suggestions for anti-virus, spyware, etc. that would prevent a trojan like this from infecting our pc again? i have read a lot and hear many different things.

i would appreciate it.

thanks again for all your help.

- ken

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 30 September 2009 - 09:40 AM

Hi Ken,

I think formatting is a very good idea especially since you know that they have already been able to get your card details.
It's the first time someone has told me that, good on Bofa stopping it though :(

Their is no one AntiVirus\Spyware\Malware that can guarantee to stop every virus as it is impossible since new malware and varients
appear on a daily basis. Their are some AV considered to be slightly better than other, them being Kaspersky and NOD32 IMO.

Apart from that it is really just about good surfing habits, stay away from P2P, don't go surfing on dodgy or unknown sites, dont open emails
or accept files from people you don't know and keep all your software up to date.

If you follow these then you will dramatically reduce your risk of picking up an infections.

Let me know if their is anything else, if not I will close this topic.

Syler

unite.jpg


#9 Ken Alonso

Ken Alonso
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Northern Virginia
  • Local time:02:59 PM

Posted 30 September 2009 - 12:46 PM

nope. now, it's time to re-format :( and join the blokes in the pub.

thanks, ken

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:59 PM

Posted 30 September 2009 - 01:25 PM

Good luck with nuking it :(

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users