Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security tool infection


  • This topic is locked This topic is locked
35 replies to this topic

#1 moe0303

moe0303

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 18 October 2009 - 09:41 PM

Hi,

I was directed to this forum from my original post here: http://www.bleepingcomputer.com/forums/t/264996/security-tool-spy-sheriff-infection/.

I downloaded and tried to run DDS, but it didn't seem to work. I had to boot into safe mode to post this because the virus eventually shuts down my computer So, I thought I'd give DDS a shot again (in safe mode) and it worked this time...I hope that is ok. I have posted the log below I have also zipped and attached the attach.txt file created by DDS. Thanks in advance for your help. Please let me know if you need anything else.


DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by Administrator at 22:22:01.18 on Sun 10/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.297 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: defect08.dll: {473e2738-e5f2-d9f2-65c9-a8e775a0c7e4} -
mWinlogon: System=cskim.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {08BEC6AA-49FC-4379-3587-4B21E286C19E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Corel Reminder]
mRun: [QuickPassword] c:\program files\activcard\activcard gold\agquickp.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [01176318] c:\documents and settings\all users\application data\01176318\01176318.exe
mRun: [60285425] c:\docume~1\alluse~1\applic~1\60285425\60285425.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [72905528] c:\docume~1\alluse~1\applic~1\72905528\72905528.exe
mRun: [00898934] c:\docume~1\alluse~1\applic~1\00898934\00898934.exe
mRun: [82340623] c:\docume~1\alluse~1\applic~1\82340623\82340623.exe
mRun: [92384228] c:\documents and settings\all users\application data\92384228\92384228.exe
mRun: [sosotonov] Rundll32.exe "c:\windows\system32\sabobosu.dll",a
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: NoBandCustomize = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: itt-tech.edu\www.distance-education
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/support/plugins/ebraryRdr.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111681466748
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {2B3400A4-257E-4D52-B573-90A84B283D32} = 192.168.1.1
TCP: {F119F32C-933C-4791-80BB-A3850827B45C} = 192.168.1.1
Filter: text/html - {7C177970-312E-4F34-B175-E91631A1F04F} -
Filter: text/plain - {7C177970-312E-4F34-B175-E91631A1F04F} -
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\windows\system32\wehokepu.dll tavagato.dll c:\windows\system32\sabobosu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: bewigudey - {2bcc989b-cd63-440b-b44b-305adb8e4947} - c:\windows\system32\sabobosu.dll
STS: mujuzedij: {2bcc989b-cd63-440b-b44b-305adb8e4947} - c:\windows\system32\sabobosu.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli lesopidi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ybaondep.default\
FF - prefs.js: keyword.URL - hxxp://www.speedbit.com/search/searchresults.asp?src=default&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: signed.applets.codebase_principal_support - true
FF - user.js: capability.principal.codebase.p0.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.p0.id - hxxp://www.distance-education.itt-tech.edu
FF - user.js: capability.principal.codebase.p0.subjectName -
============= SERVICES / DRIVERS ===============

S2 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe [2002-9-12 53248]
S2 Accoca;ActivCard Gold service;c:\program files\common files\activcard\accoca.exe [2004-8-11 143360]
S2 ACTR;Smart Card Reader;c:\windows\system32\drivers\ACTR.SYS [2003-2-6 16408]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [2002-8-2 47660]
S3 Actrpcsc;Actrpcsc;c:\windows\system32\drivers\actrpcsc.sys [2003-9-16 14784]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-1-25 16512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-4 102448]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2001-8-23 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\drivers\sccmusbm.sys [2007-8-12 23936]
S4 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-6-15 115952]

=============== Created Last 30 ================

2009-10-17 10:21 --d----- c:\docume~1\alluse~1\applic~1\92384228
2009-10-14 03:33 --d----- c:\docume~1\alluse~1\applic~1\82340623
2009-10-13 03:33 --d----- c:\docume~1\alluse~1\applic~1\00898934
2009-10-12 22:28 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 22:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-10-12 22:27 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 01:13 223,744 a------- c:\windows\system32\CNMLM97.DLL
2009-10-12 00:47 --d----- c:\program files\Canon
2009-10-12 00:26 3,630 a------- c:\windows\system32\tmp.reg
2009-10-11 21:13 --d----- C:\SAIC
2009-10-10 18:55 --dsh--- C:\found.001
2009-10-06 19:54 --dsh--- C:\found.000
2009-10-04 12:35 --d----- c:\docume~1\admini~1\applic~1\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-10-04 12:34 --d----- c:\program files\DIRECTV
2009-10-02 22:32 195,440 -------- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-08-21 23:05 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-08 13:40 1,011,437 a--sh--- c:\windows\system32\dovanine.exe
2009-07-12 15:33 50,688 a--sh--- c:\windows\system32\fesisone.dll
2009-07-18 00:32 38,400 a--sh--- c:\windows\system32\fomasopi.dll
2009-07-11 16:05 38,400 a--sh--- c:\windows\system32\fuzedanu.dll
2009-07-14 15:34 51,712 a--sh--- c:\windows\system32\gejuloha.dll
2009-07-14 15:33 51,712 a--sh--- c:\windows\system32\gelaginu.dll
2009-07-16 17:25 1,111,915 a--sh--- c:\windows\system32\gesewufi.exe
2009-07-08 13:40 37,888 a--sh--- c:\windows\system32\gikuseju.dll
2009-07-13 15:33 1,011,606 a--sh--- c:\windows\system32\gikuzese.exe
2009-07-14 03:33 1,011,604 a--sh--- c:\windows\system32\hegiguve.exe
2009-07-18 19:39 38,400 a--sh--- c:\windows\system32\kirasahi.dll
2009-07-08 13:40 51,200 a--sh--- c:\windows\system32\kofelabe.dll
2009-07-08 01:40 27,136 a--sh--- c:\windows\system32\kotefupu.dll
2009-07-13 03:33 1,011,312 a--sh--- c:\windows\system32\kunuteva.exe
2009-07-14 15:33 1,114,220 a--sh--- c:\windows\system32\kutipani.exe
2009-07-14 15:34 51,712 a--sh--- c:\windows\system32\lesopidi.dll
2009-07-13 15:33 37,888 a--sh--- c:\windows\system32\levewani.dll
2009-07-18 00:32 1,114,665 a--sh--- c:\windows\system32\mijejabe.exe
2009-07-17 10:21 38,400 a--sh--- c:\windows\system32\pebemona.dll
2009-07-08 01:40 37,888 a--sh--- c:\windows\system32\pewejima.dll
2009-07-11 16:05 51,712 a--sh--- c:\windows\system32\pidezabi.dll
2009-07-18 19:39 89,088 a--sh--- c:\windows\system32\sabobosu.dll
2009-07-14 15:34 51,712 a--sh--- c:\windows\system32\tavagato.dll
2009-07-12 15:33 1,011,387 a--sh--- c:\windows\system32\vizaratu.exe
2009-07-14 15:33 37,888 a--sh--- c:\windows\system32\vowikiho.dll
2009-07-18 19:39 1,011,235 a--sh--- c:\windows\system32\wavenimu.exe
2009-07-08 01:40 1,050,659 a--sh--- c:\windows\system32\wegaheba.exe
2009-07-11 16:05 27,648 a--sh--- c:\windows\system32\yaruvofo.dll
2009-07-14 03:33 38,400 a--sh--- c:\windows\system32\yudukoke.dll
2009-07-17 10:21 89,088 a--sh--- c:\windows\system32\zakupuju.dll
2009-07-17 10:21 1,088,034 a--sh--- c:\windows\system32\zamivoru.exe
2009-07-11 16:05 1,011,296 a--sh--- c:\windows\system32\zanaruma.exe
2009-07-16 17:25 38,400 a--sh--- c:\windows\system32\ziwemove.dll

============= FINISH: 22:25:12.93 ===============



And here is the root repeal log which I was asked to provide from the previous post...


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/18 00:43
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAAA09000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A59000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8E49000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "" at address 0x82d58730

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaaf59cc0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xaaf59f20

Stealth Objects
-------------------
Object: Hidden Module [Name: tdlcmd.dll]
Process: svchost.exe (PID: 1204) Address: 0x00790000 Size: 24576

Object: Hidden Module [Name: tdlwsp.dll]
Process: Explorer.EXE (PID: 1844) Address: 0x00c80000 Size: 28672

Object: Hidden Module [Name: tdlwsp.dll]
Process: firefox.exe (PID: 824) Address: 0x00a60000 Size: 28672

Object: Hidden Module [Name: tdlwsp.dll]
Process: Explorer.EXE (PID: 3140) Address: 0x00c80000 Size: 28672

==EOF==

Attached Files


Edited by moe0303, 18 October 2009 - 09:43 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:53 PM

Posted 29 October 2009 - 08:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan

We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
And

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:53 PM

Posted 02 November 2009 - 10:24 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:53 PM

Posted 02 November 2009 - 10:25 PM

Reopened at user's request

---------------------------------------------

Please post the requested logs. Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 moe0303

moe0303
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 05 November 2009 - 12:02 AM

DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by Administrator at 22:55:09.60 on Wed 11/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.294 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: defect08.dll: {473e2738-e5f2-d9f2-65c9-a8e775a0c7e4} -
mWinlogon: System=cskim.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ADC PlugIn: {77dc0b63-ff35-4ba9-8be8-aa9eb676fa02} - c:\windows\system32\plugie.dll
BHO: {8afb78ff-4c8c-408e-a173-063eae953c42} - beromavu.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {08BEC6AA-49FC-4379-3587-4B21E286C19E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Corel Reminder]
mRun: [QuickPassword] c:\program files\activcard\activcard gold\agquickp.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [01176318] c:\documents and settings\all users\application data\01176318\01176318.exe
mRun: [60285425] c:\docume~1\alluse~1\applic~1\60285425\60285425.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [72905528] c:\docume~1\alluse~1\applic~1\72905528\72905528.exe
mRun: [00898934] c:\docume~1\alluse~1\applic~1\00898934\00898934.exe
mRun: [82340623] c:\docume~1\alluse~1\applic~1\82340623\82340623.exe
mRun: [92384228] c:\documents and settings\all users\application data\92384228\92384228.exe
mRun: [62788334] c:\docume~1\alluse~1\applic~1\62788334\62788334.exe
mRun: [08887334] c:\docume~1\alluse~1\applic~1\08887334\08887334.exe
mRun: [65149429] c:\docume~1\alluse~1\applic~1\65149429\65149429.exe
mRun: [76974639] c:\documents and settings\all users\application data\76974639\76974639.exe
mRun: [72368329] c:\docume~1\alluse~1\applic~1\72368329\72368329.exe
mRun: [sosotonov] Rundll32.exe "c:\windows\system32\garazuha.dll",a
mRun: [bakizedizo] Rundll32.exe "fulivapo.dll",s
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: NoBandCustomize = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: itt-tech.edu\www.distance-education
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/support/plugins/ebraryRdr.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111681466748
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {2B3400A4-257E-4D52-B573-90A84B283D32} = 192.168.1.1
TCP: {F119F32C-933C-4791-80BB-A3850827B45C} = 192.168.1.1
Filter: text/html - {7C177970-312E-4F34-B175-E91631A1F04F} -
Filter: text/plain - {7C177970-312E-4F34-B175-E91631A1F04F} -
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\windows\system32\wehokepu.dll c:\windows\system32\garazuha.dll c:\windows\system32\wayerode.dll c:\windows\system32\nifayoga.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: jaziniyaz - {e666e78d-3a32-44af-bdee-3ec63436c7d6} - c:\windows\system32\wayerode.dll
SSODL: judemimeg - {77a53e0e-6872-4f5a-a54c-3deb8ab25d4e} - c:\windows\system32\nifayoga.dll
SSODL: tanikohir - {6c4be00a-d8c9-4988-83ce-d45dc6d8a7bf} - c:\windows\system32\garazuha.dll
STS: tokatiluy: {e666e78d-3a32-44af-bdee-3ec63436c7d6} - c:\windows\system32\wayerode.dll
STS: kupuhivus: {77a53e0e-6872-4f5a-a54c-3deb8ab25d4e} - c:\windows\system32\nifayoga.dll
STS: tokatiluy: {6c4be00a-d8c9-4988-83ce-d45dc6d8a7bf} - c:\windows\system32\garazuha.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ybaondep.default\
FF - prefs.js: keyword.URL - hxxp://www.speedbit.com/search/searchresults.asp?src=default&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: signed.applets.codebase_principal_support - true
FF - user.js: capability.principal.codebase.p0.granted - UniversalXPConnect
FF - user.js: capability.principal.codebase.p0.id - hxxp://www.distance-education.itt-tech.edu
FF - user.js: capability.principal.codebase.p0.subjectName -
============= SERVICES / DRIVERS ===============

S2 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe [2002-9-12 53248]
S2 Accoca;ActivCard Gold service;c:\program files\common files\activcard\accoca.exe [2004-8-11 143360]
S2 ACTR;Smart Card Reader;c:\windows\system32\drivers\ACTR.SYS [2003-2-6 16408]
S2 WDefend;WDefend;c:\windows\svohost.exe [2009-10-19 274432]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [2002-8-2 47660]
S3 Actrpcsc;Actrpcsc;c:\windows\system32\drivers\actrpcsc.sys [2003-9-16 14784]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-1-25 16512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-4 102448]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2001-8-23 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\drivers\sccmusbm.sys [2007-8-12 23936]
S4 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-6-15 115952]

============== File Associations ===============

exefile=c:\windows\system32\pump.exe "%1" %*

=============== Created Last 30 ================

2009-10-25 10:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\72368329
2009-10-21 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\76974639
2009-10-21 05:07 4 a------- c:\windows\system32\bincd32.dat
2009-10-20 16:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\65149429
2009-10-19 18:46 <DIR> --d----- c:\windows\system32\schtml
2009-10-19 18:44 9 a------- c:\windows\system32\nuar.old
2009-10-19 18:43 274,432 a------- c:\windows\svohost.exe
2009-10-19 18:43 58 a------- c:\windows\wp4.dat
2009-10-19 18:43 1 a------- c:\windows\wp3.dat
2009-10-19 18:43 559,104 a------- c:\windows\system32\plugie.dll
2009-10-19 18:43 36 a------- c:\windows\system32\skynet.dat
2009-10-19 18:43 513,536 a------- c:\windows\system32\pump.exe
2009-10-19 18:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\08887334
2009-10-19 18:39 <DIR> --d----- c:\program files\Windows Police Pro
2009-10-19 06:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\62788334
2009-10-17 09:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\92384228
2009-10-14 02:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\82340623
2009-10-13 02:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\00898934
2009-10-12 21:28 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 21:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-10-12 21:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 00:13 223,744 a------- c:\windows\system32\CNMLM97.DLL
2009-10-11 23:47 <DIR> --d----- c:\program files\Canon
2009-10-11 23:26 3,630 a------- c:\windows\system32\tmp.reg
2009-10-11 20:13 <DIR> --d----- C:\SAIC
2009-10-10 17:55 <DIR> --dsh--- C:\found.001
2009-10-06 18:54 <DIR> --dsh--- C:\found.000

==================== Find3M ====================

2009-10-01 09:29 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-08-21 22:05 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-04 04:40 51,200 a--sh--- c:\windows\system32\beromavu.dll
2009-07-21 21:33 51,712 a--sh--- c:\windows\system32\bowikiku.dll
2009-07-08 12:40 1,011,437 a--sh--- c:\windows\system32\dovanine.exe
2009-07-12 14:33 50,688 a--sh--- c:\windows\system32\fesisone.dll
2009-07-17 23:32 38,400 a--sh--- c:\windows\system32\fomasopi.dll
2009-08-04 04:39 51,200 a--sh--- c:\windows\system32\fujewipe.dll
2009-08-04 04:40 51,200 a--sh--- c:\windows\system32\fulivapo.dll
2009-07-11 15:05 38,400 a--sh--- c:\windows\system32\fuzedanu.dll
2009-07-21 21:33 90,112 a--sh--- c:\windows\system32\garazuha.dll
2009-07-14 14:33 51,712 a--sh--- c:\windows\system32\gelaginu.dll
2009-07-16 16:25 1,111,915 a--sh--- c:\windows\system32\gesewufi.exe
2009-07-08 12:40 37,888 a--sh--- c:\windows\system32\gikuseju.dll
2009-07-13 14:33 1,011,606 a--sh--- c:\windows\system32\gikuzese.exe
2009-07-20 16:48 1,011,676 a--sh--- c:\windows\system32\hayeluze.exe
2009-07-14 02:33 1,011,604 a--sh--- c:\windows\system32\hegiguve.exe
2009-07-21 21:33 1,051,682 a--sh--- c:\windows\system32\hekomuno.exe
2009-07-19 18:39 39,424 a--sh--- c:\windows\system32\helileve.dll
2009-07-18 18:39 38,400 a--sh--- c:\windows\system32\kirasahi.dll
2009-07-08 12:40 51,200 a--sh--- c:\windows\system32\kofelabe.dll
2009-07-08 00:40 27,136 a--sh--- c:\windows\system32\kotefupu.dll
2009-07-25 10:42 38,400 a--sh--- c:\windows\system32\kowajovu.dll
2009-07-13 02:33 1,011,312 a--sh--- c:\windows\system32\kunuteva.exe
2009-07-14 14:33 1,114,220 a--sh--- c:\windows\system32\kutipani.exe
2009-07-13 14:33 37,888 a--sh--- c:\windows\system32\levewani.dll
2009-07-19 18:39 1,011,359 a--sh--- c:\windows\system32\lokudeti.exe
2009-07-17 23:32 1,114,665 a--sh--- c:\windows\system32\mijejabe.exe
2009-08-04 04:39 90,112 a--sh--- c:\windows\system32\nifayoga.dll
2009-07-21 21:33 38,912 a--sh--- c:\windows\system32\nodutike.dll
2009-07-20 16:48 38,400 a--sh--- c:\windows\system32\nozigita.dll
2009-07-17 09:21 38,400 a--sh--- c:\windows\system32\pebemona.dll
2009-07-08 00:40 37,888 a--sh--- c:\windows\system32\pewejima.dll
2009-07-11 15:05 51,712 a--sh--- c:\windows\system32\pidezabi.dll
2009-08-04 04:39 38,912 a--sh--- c:\windows\system32\piwihivo.dll
2009-07-19 06:39 38,400 a--sh--- c:\windows\system32\raromozo.dll
2009-07-19 06:39 1,011,347 a--sh--- c:\windows\system32\rimuwuka.exe
2009-07-12 14:33 1,011,387 a--sh--- c:\windows\system32\vizaratu.exe
2009-07-14 14:33 37,888 a--sh--- c:\windows\system32\vowikiho.dll
2009-07-18 18:39 1,011,235 a--sh--- c:\windows\system32\wavenimu.exe
2009-07-25 10:42 90,112 a--sh--- c:\windows\system32\wayerode.dll
2009-07-08 00:40 1,050,659 a--sh--- c:\windows\system32\wegaheba.exe
2009-07-25 10:42 1,011,753 a--sh--- c:\windows\system32\yajezadi.exe
2009-07-11 15:05 27,648 a--sh--- c:\windows\system32\yaruvofo.dll
2009-07-14 02:33 38,400 a--sh--- c:\windows\system32\yudukoke.dll
2009-07-17 09:21 89,088 a--sh--- c:\windows\system32\zakupuju.dll
2009-07-17 09:21 1,088,034 a--sh--- c:\windows\system32\zamivoru.exe
2009-07-11 15:05 1,011,296 a--sh--- c:\windows\system32\zanaruma.exe
2009-07-16 16:25 38,400 a--sh--- c:\windows\system32\ziwemove.dll

============= FINISH: 22:59:41.35 ===============

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:53 PM

Posted 05 November 2009 - 08:53 AM

Yes, there's quite a bit of activity on the logs.

First we must disable Security Tool

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Then please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#7 moe0303

moe0303
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 06 November 2009 - 08:19 PM

Hi,

Sorry that it has taken so long to get back to you. I ran Rkill and afterward, I ran the combofix and it gets thru stage 50. However, while preparing the log, I have gotten a blue screen the past 2 times (kernel_Data_Inpage_Error). I am able to boot up, but I don't have the logs. What should I do next? Please let me know if you need any more information. Thanks again for your help.

moe

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:53 PM

Posted 06 November 2009 - 08:54 PM

Please attempt to run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop. Change the name to MBlah.scr
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#9 moe0303

moe0303
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 07 November 2009 - 08:21 PM

Here it is. I should inform you that I did run this in safe mode because the pop-ups are a burden and eventually, the system actually shuts down after a while. If you want I can run it again in normal mode, but i just wanted to get thru the scan in safe mode first.

Malwarebytes' Anti-Malware 1.41
Database version: 3119
Windows 5.1.2600 Service Pack 2 (Safe Mode)

11/7/2009 8:08:14 PM
mbam-log-2009-11-07 (20-08-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 171887
Time elapsed: 32 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 12
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 147

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{77dc0b63-ff35-4ba9-8be8-aa9eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0b63-ff35-4ba9-8be8-aa9eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77dc0b63-ff35-4ba9-8be8-aa9eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDefend (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sosotonov (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\92384228 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\01176318 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\60285425 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\72905528 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\00898934 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\82340623 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\62788334 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\08887334 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65149429 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\76974639 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\72368329 (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\92384228 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\00898934 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\08887334 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\72368329 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\82340623 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\92384228\92384228.bat (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\92384228\92384228.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\plugie.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\62788334\62788334.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\65149429\65149429.exe.vir (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\76974639\76974639.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\svohost.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bowikiku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dovanine.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fesisone.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fomasopi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fuzedanu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\garazuha.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gelaginu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gesewufi.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gikuseju.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gikuzese.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hayeluze.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hegiguve.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hekomuno.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\helileve.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kedisuzo.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kirasahi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kofelabe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kotefupu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kowajovu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kunuteva.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kutipani.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\levewani.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lokudeti.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mijejabe.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mubajovi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nodutike.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nozigita.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pebemona.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pewejima.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pidezabi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\piwihivo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\raromozo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rimuwuka.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\roliwiza.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\saguyeba.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vizaratu.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vowikiho.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wavenimu.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wayerode.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wegaheba.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yajezadi.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yaruvofo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yudukoke.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zakupuju.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zamivoru.exe.vir (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zanaruma.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ziwemove.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1067\A0347857.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1067\A0347858.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1067\A0347859.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1069\A0350995.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1069\A0350996.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1069\A0350997.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1069\A0353040.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1069\A0353041.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1069\A0353042.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1070\A0354074.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1070\A0354086.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1070\A0354087.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1070\A0354088.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1070\A0354090.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1070\A0354091.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1070\A0354114.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1071\A0354127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0354185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0355193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0357200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0357213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0358221.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0358222.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0359230.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0359231.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0359232.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0359234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0359239.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0359240.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0361243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0361244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0361245.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0363275.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0363276.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0363283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0363284.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0363285.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1072\A0363288.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363333.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363341.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363350.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363351.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363353.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363357.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363360.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363362.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363364.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363365.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363366.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363367.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363368.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363369.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363370.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363371.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363372.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363373.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363374.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363375.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363379.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363380.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363381.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363382.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363383.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363384.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363385.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363386.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363387.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363388.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363389.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363390.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363393.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363396.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363398.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363399.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363407.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363408.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363409.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363411.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363413.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363414.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363415.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363416.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363417.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363418.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0363419.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0364431.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:53 PM

Posted 08 November 2009 - 04:57 AM

Can you run it in normal mode please :(
Posted Image
m0le is a proud member of UNITE

#11 moe0303

moe0303
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 08 November 2009 - 01:07 PM

Malwarebytes' Anti-Malware 1.41
Database version: 3123
Windows 5.1.2600 Service Pack 2

11/8/2009 8:40:05 AM
mbam-log-2009-11-08 (08-40-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 175440
Time elapsed: 50 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0370443.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5177D287-3C15-4726-A970-CBFFC53DE363}\RP1073\A0370444.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:53 PM

Posted 08 November 2009 - 02:44 PM

Okay, now please delete the Combofix .exe file and redownload the program.

Attempt to run it as before.


Then please run RootRepeal and post the results.


Finally, please post an RSIT log
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Thanks :(
Posted Image
m0le is a proud member of UNITE

#13 moe0303

moe0303
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 08 November 2009 - 08:07 PM

I tried to run the combofix after redownloading it as suggested, the result was the same as before (kernel_Data_Inpage_Error). I wasn't sure if I should download the rsit tool, but since I already had the root repeal, I ran a quick scan with it and here is that log. Let me know if you need any more info...

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/08 20:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF84F2000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: actrpcsc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\actrpcsc.sys
Address: 0xF8A8F000 Size: 6272 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xAA819000 Size: 15968 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAAB07000 Size: 138368 File Visible: - Signed: -
Status: -

Name: APPDRV.SYS
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
Address: 0xF75C0000 Size: 16128 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF8466000 Size: 95360 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF8C85000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\BATTC.SYS
Address: 0xF8959000 Size: 16384 File Visible: - Signed: -
Status: -

Name: bcmwl5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
Address: 0xF7B6C000 Size: 369024 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF8AA1000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF8951000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xAA8F9000 Size: 63744 File Visible: - Signed: -
Status: -

Name: Cdr4_xp.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS
Address: 0xF8741000 Size: 61152 File Visible: - Signed: -
Status: -

Name: Cdralw2k.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdralw2k.SYS
Address: 0xF88A9000 Size: 21856 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF8751000 Size: 49536 File Visible: - Signed: -
Status: -

Name: cdudf_xp.SYS
Image Path: C:\WINDOWS\System32\Drivers\cdudf_xp.SYS
Address: 0xAACE1000 Size: 241152 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF8581000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\CmBatt.sys
Address: 0xF8A25000 Size: 14080 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF8955000 Size: 9344 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF8571000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF847E000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF8A45000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF8711000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA969000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8AB3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAAC82000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8BDF000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\System32\DRIVERS\e100b325.sys
Address: 0xF7B46000 Size: 154112 File Visible: - Signed: -
Status: -

Name: eeCtrl.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xAA9E7000 Size: 385024 File Visible: - Signed: -
Status: -

Name: EraserUtilRebootDrv.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0xAA9CA000 Size: 118784 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF8681000 Size: 34944 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF8446000 Size: 128896 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF8A9F000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF84A4000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EC000 Size: 131968 File Visible: - Signed: -
Status: -

Name: hcmon.sys
Image Path: C:\WINDOWS\system32\Drivers\hcmon.sys
Address: 0xAA309000 Size: 40960 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF88F9000 Size: 28672 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys
Address: 0xF78DF000 Size: 705280 File Visible: - Signed: -
Status: -

Name: HSF_DPV.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
Address: 0xF798C000 Size: 1033600 File Visible: - Signed: -
Status: -

Name: HSFHWICH.sys
Image Path: C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys
Address: 0xF7A89000 Size: 208000 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA9F41000 Size: 262784 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF8721000 Size: 52736 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBFA41000 Size: 983040 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBFA06000 Size: 241664 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF9E4000 Size: 139264 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
Address: 0xF7BFE000 Size: 1168736 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF9D5000 Size: 61440 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF8731000 Size: 41856 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF8701000 Size: 36096 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xAA9A9000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xAAC4F000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF8541000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF88A1000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8A41000 Size: 8192 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xF7ABC000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF841D000 Size: 92544 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys
Address: 0xAA511000 Size: 11840 File Visible: - Signed: -
Status: -

Name: mmc_2K.SYS
Image Path: C:\WINDOWS\System32\Drivers\mmc_2K.SYS
Address: 0xF88D9000 Size: 22688 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF8AA3000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF8891000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF8899000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF8551000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xAA062000 Size: 179584 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xAAA45000 Size: 453632 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF8909000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF87A1000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF82F4000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF8335000 Size: 107904 File Visible: - Signed: -
Status: -

Name: naveng.sys
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091002.003\naveng.sys
Address: 0xA92B6000 Size: 78208 File Visible: - Signed: -
Status: -

Name: navex15.sys
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091002.003\navex15.sys
Address: 0xA92CA000 Size: 1316864 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF8350000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF8A31000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xAA809000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF78A9000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF85B1000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF8641000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xAAB29000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF8911000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF837D000 Size: 574464 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8C41000 Size: 2944 File Visible: - Signed: -
Status: -

Name: OMCI.SYS
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
Address: 0xF75CC000 Size: 12864 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF87C9000 Size: 18688 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF84E1000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF8B09000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF87C1000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF84C3000 Size: 119936 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF7ADF000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF7898000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF88C1000 Size: 17792 File Visible: - Signed: -
Status: -

Name: pwd_2k.SYS
Image Path: C:\WINDOWS\System32\Drivers\pwd_2k.SYS
Address: 0xF78C0000 Size: 126944 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF87D1000 Size: 19392 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF8A21000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF8771000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF8781000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF8791000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF88C9000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xAAAB4000 Size: 174592 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF8AA5000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xF77BF000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF8761000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA95BF000 Size: 49152 File Visible: No Signed: -
Status: -

Name: savrt.sys
Image Path: C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
Address: 0xAAEC8000 Size: 360448 File Visible: - Signed: -
Status: -

Name: Savrtpel.sys
Image Path: C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
Address: 0xAAE92000 Size: 81920 File Visible: - Signed: -
Status: -

Name: SCDEmu.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCDEmu.SYS
Address: 0xF8661000 Size: 43776 File Visible: - Signed: -
Status: -

Name: SMCLIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\SMCLIB.SYS
Address: 0xAA32D000 Size: 16384 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF8434000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xA9E77000 Size: 333184 File Visible: - Signed: -
Status: -

Name: STAC97.sys
Image Path: C:\WINDOWS\system32\drivers\STAC97.sys
Address: 0xF7B03000 Size: 272896 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF8A91000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SYMDNS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMDNS.SYS
Address: 0xF8919000 Size: 28672 File Visible: - Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: C:\Program Files\Symantec\SYMEVENT.SYS
Address: 0xAAEA6000 Size: 139264 File Visible: - Signed: -
Status: -

Name: SYMFW.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMFW.SYS
Address: 0xAAB93000 Size: 167936 File Visible: - Signed: -
Status: -

Name: SYMIDS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMIDS.SYS
Address: 0xF8631000 Size: 49152 File Visible: - Signed: -
Status: -

Name: symidsco.sys
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20090925.001\symidsco.sys
Address: 0xAAB51000 Size: 270336 File Visible: - Signed: -
Status: -

Name: SYMNDIS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
Address: 0xF8621000 Size: 45056 File Visible: - Signed: -
Status: -

Name: SYMREDRV.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Address: 0xF8611000 Size: 40960 File Visible: - Signed: -
Status: -

Name: SYMTDI.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Address: 0xAABBC000 Size: 241664 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xAA499000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xAABF7000 Size: 360320 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF88B1000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF85A1000 Size: 40704 File Visible: - Signed: -
Status: -

Name: UdfReadr_xp.SYS
Image Path: C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS
Address: 0xAAC9C000 Size: 206464 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF7766000 Size: 364160 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF8A97000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF8889000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF85D1000 Size: 57600 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF7BC7000 Size: 143360 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF8881000 Size: 20480 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF8901000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xF7BEA000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VMNET.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VMNET.SYS
Address: 0xAA80D000 Size: 12288 File Visible: - Signed: -
Status: -

Name: vmnetbridge.sys
Image Path: C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
Address: 0xF87E9000 Size: 23424 File Visible: - Signed: -
Status: -

Name: vmnetuserif.sys
Image Path: C:\WINDOWS\system32\drivers\vmnetuserif.sys
Address: 0xA9D7B000 Size: 15616 File Visible: - Signed: -
Status: -

Name: vmx86.sys
Image Path: C:\WINDOWS\system32\Drivers\vmx86.sys
Address: 0xAA04A000 Size: 94848 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF8561000 Size: 52352 File Visible: - Signed: -
Status: -

Name: vstor2.sys
Image Path: C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
Address: 0xA9B8F000 Size: 11520 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF8691000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF8939000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xAA364000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF8A43000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF840A000 Size: 77568 File Visible: - Signed: -
Status: -

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:53 PM

Posted 09 November 2009 - 08:43 AM

Thanks. now please run RSIT and post the log
Posted Image
m0le is a proud member of UNITE

#15 moe0303

moe0303
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 09 November 2009 - 05:37 PM

Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-09 17:30:04
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (23%) free of 38 GB
Total RAM: 503 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:37, on 11/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\proquota.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R3 - URLSearchHook: (no name) - {473E2738-E5F2-D9F2-65C9-A8E775A0C7E4} - defect08.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {8afb78ff-4c8c-408e-a173-063eae953c42} - beromavu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.distance-education.itt-tech.edu
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/d...ntrol_en_US.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtual...iveXClient1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111681466748
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B3400A4-257E-4D52-B573-90A84B283D32}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F119F32C-933C-4791-80BB-A3850827B45C}: NameServer = 192.168.1.1
O18 - Filter hijack: text/html - {7C177970-312E-4F34-B175-E91631A1F04F} - C:\WINDOWS\system32\kbbh.dll
O18 - Filter: text/plain - {7C177970-312E-4F34-B175-E91631A1F04F} - C:\WINDOWS\system32\kbbh.dll
O21 - SSODL: jaziniyaz - {e666e78d-3a32-44af-bdee-3ec63436c7d6} - c:\windows\system32\wayerode.dll (file missing)
O21 - SSODL: judemimeg - {77a53e0e-6872-4f5a-a54c-3deb8ab25d4e} - c:\windows\system32\nifayoga.dll (file missing)
O21 - SSODL: tanikohir - {6c4be00a-d8c9-4988-83ce-d45dc6d8a7bf} - c:\windows\system32\wayerode.dll (file missing)
O21 - SSODL: wehayotog - {b89d5657-3fbc-4173-a39a-8ec58ff02a51} - c:\windows\system32\bidifetu.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {e666e78d-3a32-44af-bdee-3ec63436c7d6} - c:\windows\system32\wayerode.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {77a53e0e-6872-4f5a-a54c-3deb8ab25d4e} - c:\windows\system32\nifayoga.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {6c4be00a-d8c9-4988-83ce-d45dc6d8a7bf} - c:\windows\system32\wayerode.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {b89d5657-3fbc-4173-a39a-8ec58ff02a51} - c:\windows\system32\bidifetu.dll (file missing)
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 10532 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8afb78ff-4c8c-408e-a173-063eae953c42}]
beromavu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-22 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-11 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"Corel Reminder"= []
"QuickPassword"=C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe [2002-08-29 131072]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2006-06-15 124656]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-06 77824]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-03-25 98304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-21 149280]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-21 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmhcu.exe]
C:\WINDOWS\system32\dmhcu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-06-06 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-06-06 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IKL]
C:\Documents and Settings\All Users\Application Data\IKL\IKL.dll IKL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-14 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-03-25 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Push Client.LNK]
C:\INTERW~1\Student\pull.exe [2005-02-16 811008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SavRoam"=3
"ose"=3
"ISSVC"=2
"iPodService"=3
"gusvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-06 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-06-15 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
jaziniyaz - {e666e78d-3a32-44af-bdee-3ec63436c7d6} - c:\windows\system32\wayerode.dll []
judemimeg - {77a53e0e-6872-4f5a-a54c-3deb8ab25d4e} - c:\windows\system32\nifayoga.dll []
tanikohir - {6c4be00a-d8c9-4988-83ce-d45dc6d8a7bf} - c:\windows\system32\wayerode.dll []
wehayotog - {b89d5657-3fbc-4173-a39a-8ec58ff02a51} - c:\windows\system32\bidifetu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
tokatiluy - {e666e78d-3a32-44af-bdee-3ec63436c7d6} - c:\windows\system32\wayerode.dll []
kupuhivus - {77a53e0e-6872-4f5a-a54c-3deb8ab25d4e} - c:\windows\system32\nifayoga.dll []
tokatiluy - {6c4be00a-d8c9-4988-83ce-d45dc6d8a7bf} - c:\windows\system32\wayerode.dll []
mujuzedij - {b89d5657-3fbc-4173-a39a-8ec58ff02a51} - c:\windows\system32\bidifetu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"system"=cskim.exe []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoBandCustomize"=1
"NoDriveAutoRun"=55924053

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\TESTOUT\CMI\NAVIGATOR.EXE"="C:\Program Files\TESTOUT\cmi\Navigator.exe:*:Disabled:TestOut Navigator"
"C:\PROGRA~1\TESTOUT\cmi\Navigator.exe"="C:\PROGRA~1\TESTOUT\cmi\Navigator.exe:*:Disabled:TestOut Navigator"
"C:\WINDOWS\system32\per.exe"="C:\WINDOWS\system32\per.exe:*:Disabled:enable"
"C:\boot.inx"="C:\boot.inx:*:Disabled:enable"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Documents and Settings\Administrator\Desktop\utorrent.exe"="C:\Documents and Settings\Administrator\Desktop\utorrent.exe:*:Disabled:µTorrent"
"C:\Program Files\Cerberus\Cerberus.exe"="C:\Program Files\Cerberus\Cerberus.exe:*:Disabled:Cerberus FTP Server"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\ComboFix\NirCmd.cfxxe"="C:\ComboFix\NirCmd.cfxxe:*:Enabled:NirCmd"
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe:*:Enabled:DVDLauncher"
"C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe"="C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe:*:Enabled:VPTray"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\TESTOUT\cmi\Navigator.exe"="C:\Program Files\TESTOUT\cmi\Navigator.exe:*:Disabled:TestOut Navigator"
"C:\PROGRA~1\TESTOUT\cmi\Navigator.exe"="C:\PROGRA~1\TESTOUT\cmi\Navigator.exe:*:Disabled:TestOut Navigator"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2009-11-09 17:30:07 ----D---- C:\Program Files\trend micro
2009-11-09 17:30:04 ----D---- C:\rsit
2009-11-08 19:32:16 ----SD---- C:\ComFix
2009-11-06 16:39:15 ----A---- C:\WINDOWS\system32\proquota.exe
2009-11-06 15:10:42 ----A---- C:\Boot.bak
2009-11-06 15:10:26 ----RASHD---- C:\cmdcons
2009-11-06 15:04:50 ----A---- C:\WINDOWS\zip.exe
2009-11-06 15:04:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-06 15:04:50 ----A---- C:\WINDOWS\SWSC.exe
2009-11-06 15:04:50 ----A---- C:\WINDOWS\SWREG.exe
2009-11-06 15:04:50 ----A---- C:\WINDOWS\sed.exe
2009-11-06 15:04:50 ----A---- C:\WINDOWS\PEV.exe
2009-11-06 15:04:50 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-06 15:04:50 ----A---- C:\WINDOWS\MBR.exe
2009-11-06 15:04:50 ----A---- C:\WINDOWS\grep.exe
2009-11-06 15:04:16 ----D---- C:\WINDOWS\ERDNT
2009-11-06 15:02:58 ----D---- C:\Qoobox
2009-10-19 19:00:52 ----D---- C:\Stuff
2009-10-17 23:52:23 ----A---- C:\RootRepeal report 10-18-09 (00-52-23).txt
2009-10-12 21:27:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-12 14:39:58 ----A---- C:\WINDOWS\system32\swsc.exe
2009-10-12 00:14:21 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-10-12 00:13:46 ----A---- C:\WINDOWS\system32\CNMLM97.DLL
2009-10-11 23:52:26 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2009-10-11 23:50:22 ----HD---- C:\Program Files\CanonBJ
2009-10-11 23:47:29 ----D---- C:\Program Files\Canon
2009-10-11 23:39:06 ----A---- C:\rapport2.txt
2009-10-11 23:26:30 ----A---- C:\WINDOWS\system32\tmp.txt
2009-10-11 23:23:27 ----A---- C:\rapport.txt
2009-10-11 20:13:57 ----D---- C:\SAIC
2009-10-11 18:31:08 ----D---- C:\Program Files\Common Files\Adobe
2009-10-11 18:02:06 ----D---- C:\Program Files\NOS
2009-10-11 18:02:06 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-10-10 17:55:43 ----D---- C:\found.001
2009-10-06 18:54:10 ----D---- C:\found.000
2009-10-04 11:35:52 ----D---- C:\Documents and Settings\Administrator\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-10-04 11:35:00 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-10-04 11:34:55 ----D---- C:\Program Files\DIRECTV
2009-10-02 21:32:20 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-09-12 10:36:52 ----D---- C:\Documents and Settings\Administrator\Application Data\Wireshark
2009-09-12 10:36:25 ----D---- C:\Program Files\WinPcap
2009-09-12 10:34:56 ----D---- C:\Program Files\Wireshark

======List of files/folders modified in the last 2 months======

2009-11-09 17:30:07 ----RD---- C:\Program Files
2009-11-09 17:29:27 ----D---- C:\WINDOWS\Prefetch
2009-11-09 17:24:50 ----D---- C:\Program Files\Mozilla Firefox
2009-11-09 09:06:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-09 06:17:25 ----D---- C:\WINDOWS\Temp
2009-11-09 06:12:46 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2009-11-09 06:12:20 ----SHD---- C:\WINDOWS\CSC
2009-11-09 02:48:01 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-08 19:59:45 ----D---- C:\WINDOWS\system32\drivers
2009-11-08 19:41:57 ----D---- C:\WINDOWS\system32
2009-11-08 19:41:57 ----D---- C:\WINDOWS\AppPatch
2009-11-08 19:41:57 ----D---- C:\WINDOWS
2009-11-08 19:41:45 ----D---- C:\Program Files\Common Files
2009-11-08 19:33:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-08 15:08:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-06 20:00:30 ----A---- C:\WINDOWS\system.ini
2009-11-06 16:40:58 ----D---- C:\WINDOWS\system32\config
2009-11-06 16:39:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-06 16:38:23 ----SHD---- C:\RECYCLER
2009-11-06 15:10:43 ----RASH---- C:\boot.ini
2009-10-13 18:40:30 ----SHD---- C:\WINDOWS\Installer
2009-10-13 18:40:28 ----D---- C:\Config.Msi
2009-10-13 18:40:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-13 02:32:51 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-10-12 00:13:03 ----HD---- C:\WINDOWS\inf
2009-10-11 18:34:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-11 18:31:08 ----D---- C:\Program Files\Adobe
2009-10-11 18:02:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-10 17:30:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-10 17:30:39 ----D---- C:\Program Files\RDS
2009-10-08 00:41:35 ----SD---- C:\WINDOWS\Tasks
2009-10-05 20:56:10 ----D---- C:\WINDOWS\Help
2009-10-05 20:47:22 ----D---- C:\WINDOWS\Minidump
2009-10-04 11:34:19 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-09-20 21:34:41 ----D---- C:\jump
2009-09-17 16:42:13 ----D---- C:\WINDOWS\network diagnostic
2009-09-12 10:27:16 ----D---- C:\Downloaded programs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-04-04 143834]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2005-04-04 206464]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-04-04 17801]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2005-12-15 23424]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R3 Actrpcsc;Actrpcsc; C:\WINDOWS\system32\DRIVERS\actrpcsc.sys [2003-09-16 14784]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-06 369024]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-03-17 1033600]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2005-03-17 208000]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2006-06-06 1168860]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-04-04 30630]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091002.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091002.003\navex15.sys []
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-01-24 12992]
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-01-24 110784]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-01-24 31936]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20090925.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-01-24 28352]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
R4 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S2 ACTR;Smart Card Reader; C:\WINDOWS\system32\drivers\ACTR.sys [2003-02-06 16408]
S3 actccid;ActivCard USB Reader V2; C:\WINDOWS\system32\DRIVERS\actccid.sys [2002-08-02 47660]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-04-04 25898]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2006-08-02 114560]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-12-23 50704]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2005-12-15 9600]
S3 vmusb;VMware USB Client Driver; C:\WINDOWS\System32\Drivers\vmusb.sys [2005-12-15 21888]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acautoreg;ActivCard Gold Autoregister; C:\Program Files\Common Files\ActivCard\acautoreg.exe [2002-09-12 53248]
R2 Accoca;ActivCard Gold service; C:\Program Files\Common Files\ActivCard\accoca.exe [2004-08-11 143360]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-03-24 202400]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-06-15 31472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-21 153376]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2004-11-11 356352]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-06-15 1805552]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-06-07 173744]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2005-12-15 217088]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2005-12-15 106496]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2005-12-15 245760]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2005-12-15 135168]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-12-23 117264]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
S4 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-06-07 87728]
S4 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]

-----------------EOF-----------------


Info.txt

info.txt logfile of random's system information tool 1.06 2009-11-09 17:30:50

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivCard Gold-->MsiExec.exe /I{6E82345B-C2F5-4BDC-9692-4CBF5E531C9B}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Attune 2.3.2-->MsiExec.exe /I{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}
AxCrypt (Remove Only)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
Canon iP2600 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series /L0x0009
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
CorelDRAW 10-->C:\WINDOWS\Corel\uninst32.exe
CorelDRAW 10-->MsiExec.exe /I{9E50DEC9-081B-441F-B647-98DBEA8B01DD}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Card-->C:\WINDOWS\system32\BCMWLU00.exe verbose
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Ethereal 0.99.0-->"C:\Program Files\Ethereal\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Interwise Participant-->C:\Interwise\Student\iwuninst.exe
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Studio 6.0 Professional Edition-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NavFit98A-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\NavFit98A\ST6UNST.LOG"
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
PCI 7510 CardBus Controller with SmartCard and Software-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{252F9FB9-FC12-4B08-ADEB-F402BA3A8D28} /l1033
Photo Viewer-->MsiExec.exe /I{67183F00-3DDC-497B-A090-4E2B79EAF1CD}
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
SC Audio Converter 7.1.0.0-->"C:\Program Files\SoftwareClub.WS\SC Audio Converter\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SopCore 1.1.2-->C:\Program Files\SopCast\uninst.exe
Supercast-->msiexec /qb /x {FEA0CE81-7FC7-AAAE-FC8C-241A5F8684F0}
Supercast-->MsiExec.exe /I{FEA0CE81-7FC7-AAAE-FC8C-241A5F8684F0}
Symantec Client Security-->MsiExec.exe /I{C20729A4-C8C2-4DE3-94BE-5E3A2E9EFB63}
TestOut LabSim-->C:\Program Files\TESTOUT\UNWISE32.EXE
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VMware Workstation-->MsiExec.exe /I{98D1A713-438C-4A23-8AB6-41B37C4A2D47}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - (mr7910) Image 08/08/2006 1.4.0.0-->C:\WINDOWS\system32\DRVSTORE\f1490bc41e7d27129cb157cba768cf63b89e7752\DPInst.exe /u mr7910_1ffef370f39864f3aaa62219d434ae06b02b70ab
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB887797-->C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinPcap 4.1 beta5-->C:\Program Files\WinPcap\uninstall.exe
Wireshark 1.2.1-->"C:\Program Files\Wireshark\uninstall.exe"
Wisdom-soft AutoScreenRecorder 2.0 Free-->C:\PROGRA~1\WISDOM~2\UNWISE.EXE C:\PROGRA~1\WISDOM~2\INSTALL.LOG
Wisdom-soft ScreenHunter 4.0 Free-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG

======Security center information======

AV: Symantec AntiVirus Corporate Edition (disabled) (outdated)
FW: Symantec Client Firewall (disabled)

======System event log======

Computer Name: MOE
Event Code: 602
Message: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified.

Record Number: 27376
Source Name: SCardSvr
Time Written: 20091004124121.000000-240
Event Type: error
User:

Computer Name: MOE
Event Code: 10005
Message: DCOM got error "%1053" attempting to start the service gusvc with arguments ""
in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Record Number: 27365
Source Name: DCOM
Time Written: 20091004114233.000000-240
Event Type: error
User: MOE\Administrator

Computer Name: MOE
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.

Record Number: 27364
Source Name: Service Control Manager
Time Written: 20091004114232.000000-240
Event Type: error
User:

Computer Name: MOE
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Record Number: 27363
Source Name: Service Control Manager
Time Written: 20091004114227.000000-240
Event Type: error
User:

Computer Name: MOE
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {B3D4216A-20AB-49E8-A04F-B7FCB2156315}

User: MOE\Administrator

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: regkey:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tdlserv;file:C:\WINDOWS\TEMP\39.tmp

Alert Type: Unclassified software

Detection Type:

Record Number: 27357
Source Name: WinDefend
Time Written: 20091003215233.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: MOE
Event Code: 51
Message:


Security Risk Found!Risk: Packed.Generic.233 in File: Unavailable by: Invalid : (15) scan. Action: Reboot Required. Action Description:



Record Number: 10723
Source Name: Symantec AntiVirus
Time Written: 20090818132544.000000-240
Event Type: error
User:

Computer Name: MOE
Event Code: 46
Message:


Security Risk Found!Risk: Packed.Generic.233 in File: Unavailable by: Invalid : (15) scan. Action: Delete failed. Action Description: The file was left unchanged.



Record Number: 10722
Source Name: Symantec AntiVirus
Time Written: 20090818132543.000000-240
Event Type: error
User:

Computer Name: MOE
Event Code: 51
Message:


Security Risk Found!Risk: Packed.Generic.233 in File: Unavailable by: Invalid : (15) scan. Action: Reboot Required. Action Description:



Record Number: 10721
Source Name: Symantec AntiVirus
Time Written: 20090818132440.000000-240
Event Type: error
User:

Computer Name: MOE
Event Code: 46
Message:


Security Risk Found!Risk: Packed.Generic.233 in File: Unavailable by: Invalid : (15) scan. Action: Delete failed. Action Description: The file was left unchanged.



Record Number: 10720
Source Name: Symantec AntiVirus
Time Written: 20090818132438.000000-240
Event Type: error
User:

Computer Name: MOE
Event Code: 51
Message:


Security Risk Found!Risk: Packed.Generic.233 in File: Unavailable by: Invalid : (15) scan. Action: Reboot Required. Action Description:



Record Number: 10719
Source Name: Symantec AntiVirus
Time Written: 20090818132335.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ActivCard\ActivCard Gold\resources;C:\Program Files\Common Files\Adaptec Shared\System
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users