Spybot doesnt run/cant get to spybot websit

**chadillac** · 2009-05-12, 17:07

Hello,

I was told to put a new post here to replace the post I did last night under software.

I ran Spybot the other day and when I closed it, it went through a LONG process of unloading from the registry in which it found 3 problems. Something like "AskSbar" or something similar and a couple problems in the Mozilla directory. (I had the AskSbar directory in my program files, and it had one file which I cant remember what it was, not an executable. I deleted the directory and also uninstalled Mozilla.)

I ran Spybot again and got a clean scan. I downloaded a movie which required me to install a license. I was thinking I shouldn't but I did anyway, hoping it was a sincere bit torrent. I have since uninstalled the Movieplay license and erase ALL permissions in my zonealarm firewall.

Now when I start spybot I get the hourglass, but no loading of spybot. It is in the taskbar by the clock, I right click and select Run Spybot and the same thing happens (BASICALLY NOTHING).

I try to go to www.safer-networking.com and NONE of my browsers will go there. I try to ping www.safer-networking.com and get "Ping request could not find host... please check the name and try again"

I went to another computer on my network/satellite internet connection, everything worked GREAT!!!!! I got safer-networking IP address and entered that in MY browser and was able to get to the http://89.238.64.39/en/support/index.html website. I pinged the IP address and was SUCCESSFUL. Tried to ping the host name www.safer-networking.org and got the same error.

I CANT GET TO THE WEBSITE IN ORDER TO RE-INSTALL. The install wants to be online in order to download the files needed.

I can get to every other website I have tried.

Spybot has ALWAYS worked great for me in the past.

I apologize for such a long post but to understand you need details.

So... I'm running windows XP sp2.

I have had the problem of: spybot not loading, not being able to get to the www.safer-networking.org website, and not being able to ping the same website for over 2 days now.

It was just recently I went to the other computer and got the IP address via pinging the host name and used the IP on my web browser to get to this forum. Also, my dns cache has some strange websites I have not went to.

Now, I open the cmd window and ping the website name and get a response. OK, so I reinstall spybot and was successful and restart the computer.

- Spybot still will not run
- I am able to ping the safer networking website and get there via browser.
- my dns cache looks funny.. see below:

These should be the IPs of my satellite assigned DNS servers.
DNS 1: 148.78.249.200
DNS 2: 148.78.249.201

What I have is as follows:

OK... OK.... I just checked my TCP/IP properties on my Local Area Connection and somehow there is manual entries in the DNS. SOMETHING CHANGED IT!!!!

STILL DOESN'T EXPLAIN WHY SPYBOT WILL NOT RUN????
--------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:54 AM, on 5/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Chad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Chad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Chad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Chads Documents\Downloads\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celartem.com/en/downloa...trol_en_US.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189053778536
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.174,85.255.112.71
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.112.174,85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.174,85.255.112.71
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9ce34bbb4d010) (gupdate1c9ce34bbb4d010) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9299 bytes

**Shaba** · 2009-05-13, 16:31

Hi chadillac

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

Post:

- mbam log
- rsit logs (taken after mbam run)

**chadillac** · 2009-05-14, 07:29

I did as you said and when I got to the finished window I made sure both were checked:
- Update Malwarebyte.....
- Run Malwarebyte.......

I clicked finish, I saw a little bit of activity in my TSR icons by the clock for zonealarm and the network connection. A LITTLE is key word.

Then nothing happened. I waited and Malwarebytes Anti-Malware never opened. I tried to install again and SAME THING. I tried the desktop icon and nothing other than a quick hourglass.

This is exactly what my Spybot is doing. IT DOES NOT OPEN.

I click on the Malwarebytes icon and I BRIEFLY get the hourglass icon and NOTHING else. This is what happens when I right click on the Spybot TSR icon and select run spybot or try to run spybot from the desktop icon.

THANK YOU FOR YOUR HELP,
CHAD

**Shaba** · 2009-05-14, 08:06

Yes that is due to infection. It blocks both Spybot and Malwarebytes as they can be able to remove infection if you are able to run them.

Please rename malwarebytes executable and try again.

**chadillac** · 2009-05-14, 19:03

Thank you, mbam2.exe ran just fine. Here are the logs.
The message text was too long so the info file is in next post.

Malwarebytes' Anti-Malware 1.36
Database version: 2131
Windows 5.1.2600 Service Pack 2

5/14/2009 9:45:13 AM
mbam-log-2009-05-14 (09-45-13).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 308315
Time elapsed: 36 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.174,85.255.112.71 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.174,85.255.112.71 -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Chad\Start Menu\Programs\MoviesPlay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Chad\Local Settings\Temp\tmp179E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chad\Local Settings\Temporary Internet Files\Content.IE5\YKSCI8QX\License.v.3[1].exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\WinRAR\Default.SFX (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\autorun.inf (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\RECYCLER\S-4-5-24-100005604-100023947-100028361-8605.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8220595-C3A7-48F6-834E-DA44340E6B1C}\RP214\A0070892.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8220595-C3A7-48F6-834E-DA44340E6B1C}\RP214\A0070894.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8220595-C3A7-48F6-834E-DA44340E6B1C}\RP214\A0070895.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8220595-C3A7-48F6-834E-DA44340E6B1C}\RP214\A0070896.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8220595-C3A7-48F6-834E-DA44340E6B1C}\RP214\A0070900.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\RECYCLER\S-4-5-24-100005604-100023947-100028361-8605.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
G:\RECYCLER\S-4-5-24-100005604-100023947-100028361-8605.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.

---------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Chad at 2009-05-14 09:54:38
Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (43%) free of 36 GB
Total RAM: 511 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:47 AM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Chad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Chad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chad\Desktop\RSIT.exe
D:\Chads Documents\Downloads\HiJackThis\Chad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celartem.com/en/downloa...trol_en_US.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189053778536
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9ce34bbb4d010) (gupdate1c9ce34bbb4d010) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8987 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-854245398-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-06 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-12 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-19 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-06 2554944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe [2009-04-14 86016]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-19 148888]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-06 68856]
"Google Update"=C:\Documents and Settings\Chad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 133104]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2004-05-06 221696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-06-28 622592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-06-29 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-09-06 1836544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-02-01 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe [2005-01-26 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-06 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-17 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"Viewpoint Manager Service"=2
"usnjsvc"=3
"StarWindServiceAE"=2
"Sophos Message Router"=2
"Sophos AutoUpdate Service"=2
"Sophos Agent"=2
"SAVService"=2
"SAVAdminService"=2
"iPod Service"=3
"IDriverT"=3
"gusvc"=2
"GoogleDesktopManager"=3
"Apple Mobile Device"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=223
"_NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d52d640-1d87-11dd-8db7-000ae66bfb4c}]
shell\AutoRun\command - H:\install\setup\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d52d641-1d87-11dd-8db7-000ae66bfb4c}]
shell\AutoRun\command - I:\Setup.exe

======List of files/folders created in the last 1 months======

2009-05-14 09:54:38 ----D---- C:\rsit
2009-05-14 08:47:39 ----D---- C:\Documents and Settings\Chad\Application Data\Malwarebytes
2009-05-13 22:18:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-13 22:18:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-12 07:53:59 ----D---- C:\WINDOWS\ERDNT
2009-05-12 07:52:53 ----D---- C:\Program Files\ERUNT
2009-05-11 08:37:54 ----D---- C:\Stanislaus
2009-05-11 08:35:52 ----D---- C:\Chads Accident
2009-05-08 07:17:30 ----A---- C:\WINDOWS\wininit.ini
2009-05-05 02:30:44 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D0D0BE61-F9F3-4330-BF43-3FC63530C4E6}
2009-05-05 02:26:56 ----D---- C:\Program Files\WebEx
2009-05-05 02:25:39 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-05-05 02:25:17 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-05-05 02:21:39 ----A---- C:\t.txt
2009-05-05 02:19:14 ----A---- C:\Program Files\version.txt
2009-04-28 17:05:07 ----D---- C:\Program Files\LizardTech
2009-04-19 13:56:04 ----A---- C:\WINDOWS\system32\tsccvid.dll
2009-04-19 13:45:10 ----D---- C:\Documents and Settings\Chad\Application Data\DivX
2009-04-19 13:39:58 ----D---- C:\Program Files\InteractivePhysics2005
2009-04-19 11:17:53 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-19 11:17:53 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-19 11:17:53 ----A---- C:\WINDOWS\system32\java.exe
2009-04-19 11:17:53 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-19 08:58:50 ----D---- C:\WINDOWS\system32\appmgmt
2009-04-19 06:11:55 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-04-19 06:11:52 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-04-19 06:11:52 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-04-19 06:11:43 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-04-19 06:11:41 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-04-19 06:11:41 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-04-19 06:11:41 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-04-19 06:11:40 ----D---- C:\Program Files\Zone Labs
2009-04-19 06:11:40 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-04-19 06:11:40 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-04-19 06:10:34 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-04-19 06:10:33 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-04-19 06:10:33 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-04-19 06:10:22 ----D---- C:\WINDOWS\Internet Logs
2009-04-18 20:03:43 ----D---- C:\Program Files\Apple Software Update
2009-04-17 01:12:28 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 01:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 01:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 01:07:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 01:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 01:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 04:39:47 ----D---- C:\Program Files\Common Files\DivX Shared
2009-04-16 04:39:43 ----D---- C:\Program Files\DivX

======List of files/folders modified in the last 1 months======

2009-05-14 09:55:51 ----D---- C:\WINDOWS\Temp
2009-05-14 09:55:25 ----D---- C:\WINDOWS\Prefetch
2009-05-14 09:53:06 ----D---- C:\Documents and Settings\Chad\Application Data\Skype
2009-05-14 09:51:09 ----D---- C:\WINDOWS\system32
2009-05-14 09:48:37 ----SD---- C:\WINDOWS\Tasks
2009-05-14 09:47:48 ----D---- C:\WINDOWS\system32\drivers
2009-05-14 09:46:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-14 09:45:12 ----SHD---- C:\RECYCLER
2009-05-14 09:45:12 ----D---- C:\Program Files\WinRAR
2009-05-13 22:18:38 ----RD---- C:\Program Files
2009-05-13 17:19:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-05-13 09:06:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-12 07:53:59 ----D---- C:\WINDOWS
2009-05-11 23:44:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-11 23:43:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-11 05:30:33 ----SHD---- C:\WINDOWS\CSC
2009-05-10 22:47:38 ----D---- C:\Documents and Settings\Chad\Application Data\uTorrent
2009-05-10 09:19:01 ----D---- C:\WINDOWS\Help
2009-05-10 09:17:13 ----A---- C:\WINDOWS\win.ini
2009-05-10 07:44:12 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-09 15:01:04 ----D---- C:\Documents and Settings\Chad\Application Data\Mozilla
2009-05-08 02:43:45 ----D---- C:\Program Files\ICQ6
2009-05-07 00:16:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-06 03:24:20 ----SHD---- C:\WINDOWS\Installer
2009-05-05 02:32:39 ----SHD---- C:\Config.Msi
2009-05-05 02:27:32 ----D---- C:\Program Files\Linksys
2009-05-05 02:27:05 ----A---- C:\WINDOWS\brwmark.ini
2009-05-05 02:27:05 ----A---- C:\WINDOWS\BRPP2KA.INI
2009-05-05 02:25:52 ----HD---- C:\WINDOWS\inf
2009-05-05 02:25:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-05 02:25:39 ----D---- C:\Program Files\Common Files
2009-05-05 02:21:42 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-02 00:56:41 ----D---- C:\Documents and Settings\Chad\Application Data\Move Networks
2009-04-29 17:11:22 ----SD---- C:\Documents and Settings\Chad\Application Data\Microsoft
2009-04-28 17:05:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-27 20:53:25 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-27 08:18:23 ----D---- C:\WINDOWS\system32\Macromed
2009-04-26 20:09:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-26 14:54:30 ----RD---- C:\Program Files\Skype
2009-04-26 14:54:30 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-04-23 10:27:27 ----D---- C:\WINDOWS\security
2009-04-19 19:02:46 ----D---- C:\WINDOWS\system32\wbem
2009-04-19 19:02:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-19 11:17:12 ----D---- C:\Program Files\Java
2009-04-19 09:18:21 ----D---- C:\WINDOWS\WinSxS
2009-04-19 09:18:20 ----D---- C:\Documents and Settings\All Users\Application Data\Sophos
2009-04-19 09:17:45 ----D---- C:\Program Files\Sophos
2009-04-17 01:29:25 ----D---- C:\Program Files\Internet Explorer
2009-04-17 01:29:24 ----D---- C:\WINDOWS\AppPatch
2009-04-17 01:12:21 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 01:11:13 ----D---- C:\WINDOWS\system32\en-US
2009-04-17 01:10:44 ----D---- C:\WINDOWS\ie7updates
2009-04-17 01:08:31 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 04:04:42 ----D---- C:\WINDOWS\network diagnostic
2009-04-16 01:13:37 ----D---- C:\temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-29 47360]
R3 PD1030VID;Creative WebCam Pro; C:\WINDOWS\system32\DRIVERS\p1030vid.sys [2002-05-20 167673]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\System32\DRIVERS\sisnicxp.sys [2005-12-19 32768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 axjgaxy2;axjgaxy2; C:\WINDOWS\system32\drivers\axjgaxy2.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 53248]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-19 11904]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\System32\DRIVERS\HidBatt.sys [2001-08-17 19200]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-23 9600]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys []
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-19 152984]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-12-31 322120]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
S2 gupdate1c9ce34bbb4d010;Google Update Service (gupdate1c9ce34bbb4d010); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-11 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-12 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-09-06 1836544]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2002-12-31 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

**chadillac** · 2009-05-14, 19:04

info.txt logfile of random's system information tool 1.06 2009-05-14 09:56:04

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
-->C:\WINDOWS\WEBDELC.EXE -[PC-CAM Center
-->C:\WINDOWS\WEBDELC.EXE -[WebCam Monitor
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
Chinese Simplified Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003}
ClamWin Free Antivirus 0.95.1-->"C:\Program Files\ClamWin\unins000.exe"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Combined Community Codec Pack 2006-12-15-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Creative PC-CAM Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\PC-CAM Center\DeIsL1.isu"
Creative WebCam Monitor-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\WebCam Monitor\DeIsL1.isu"
Creative WebCam Pro Driver-->C:\WINDOWS\ctdrvins.exe -uninstall usb\vid_05a9&pid_a511 -plugin p1030pin.dll -pluginres p1030pin.crl
Creative WebCam Pro Manual (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Pro Manual\English\CTManual.isu"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FOX Video Studio 8.0.8.24-->"C:\Program Files\FOX Video Studio\unins000.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
FrostWire 4.13.4-->C:\Program Files\FrostWire\Uninstall.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Photos Screensaver-->MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"D:\Chads Documents\Downloads\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ6-->C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Linksys EasyLink Advisor-->"C:\Documents and Settings\All Users\Application Data\{D0D0BE61-F9F3-4330-BF43-3FC63530C4E6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Linksys EasyLink Advisor-->"C:\Program Files\InstallShield Installation Information\{7FE3214C-283E-40C6-A8D5-CB773110090C}\setup.exe" -runfromtemp -l0x0409 -removeonly
Linksys EasyLink Advisor-->C:\Documents and Settings\All Users\Application Data\{D0D0BE61-F9F3-4330-BF43-3FC63530C4E6}\setup.exe
Lizardtech DjVu Control (autoinstall)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DjVuLite.us.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft XML Parser and SDK-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
NHL 2005-->C:\Program Files\EA SPORTS\NHL 2005\EAUninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sound Blaster Live! Web 2K/XP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StarOffice 8-->MsiExec.exe /I{86E2FE20-6679-4F30-B8E0-36D5BF6018BE}
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.7-->"C:\Program Files\WinSCP\unins000.exe"
XChat 2 (remove only)-->"C:\Program Files\xchat\uninstall.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

======Security center information======

FW: ZoneAlarm Firewall

======System event log======

Computer Name: CHADSDESKTOP
Event Code: 4
Message: Driver detected an internal error in its data structures for .

Record Number: 1488
Source Name: sptd
Time Written: 20090412000627.000000-420
Event Type: error
User:

Computer Name: CHADSDESKTOP
Event Code: 4
Message: Driver detected an internal error in its data structures for .

Record Number: 1487
Source Name: sptd
Time Written: 20090412000627.000000-420
Event Type: error
User:

Computer Name: CHADSDESKTOP
Event Code: 4
Message: Driver detected an internal error in its data structures for .

Record Number: 1486
Source Name: sptd
Time Written: 20090412000627.000000-420
Event Type: error
User:

Computer Name: CHADSDESKTOP
Event Code: 4
Message: Driver detected an internal error in its data structures for .

Record Number: 1485
Source Name: sptd
Time Written: 20090412000627.000000-420
Event Type: error
User:

Computer Name: CHADSDESKTOP
Event Code: 4
Message: Driver detected an internal error in its data structures for .

Record Number: 1484
Source Name: sptd
Time Written: 20090412000627.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: CHADSDESKTOP
Event Code: 8006
Message:
Record Number: 4651
Source Name: Sophos Message Router
Time Written: 20080602220749.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: CHADSDESKTOP
Event Code: 1000
Message: Faulting application QuickTimePlayer.exe, version 7.4.1.14, faulting module QuickTimePlayer.exe, version 7.4.1.14, fault address 0x0000130d.

Record Number: 4647
Source Name: Application Error
Time Written: 20330824031008.000000-420
Event Type: error
User:

Computer Name: CHADSDESKTOP
Event Code: 1000
Message: Faulting application itunes.exe, version 7.6.1.9, faulting module quicktime.qts, version 7.4.1.14, fault address 0x0028234d.

Record Number: 4646
Source Name: Application Error
Time Written: 19700331224628.000000-420
Event Type: error
User:

Computer Name: CHADSDESKTOP
Event Code: 1000
Message: Faulting application itunes.exe, version 7.6.1.9, faulting module quicktime.qts, version 7.4.1.14, fault address 0x0028234d.

Record Number: 4644
Source Name: Application Error
Time Written: 19700517051444.000000-420
Event Type: error
User:

Computer Name: CHADSDESKTOP
Event Code: 8006
Message:
Record Number: 4641
Source Name: Sophos Message Router
Time Written: 19691231160000.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0800
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

**Shaba** · 2009-05-14, 19:08

Download gmer.zip and save to your desktop.
alternate download site

Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE"

Important! Please do not select the "Show all" checkbox during the scan..

**chadillac** · 2009-05-15, 18:20

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-15 09:04:42
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF8566028]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF6AFBFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF6AF8C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF6B13170]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF8559B00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF6AFC580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF6B10900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF6B10B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF6B14B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF6AFC670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF6AF9210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF6B139F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF6B137A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF6B10280]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF855A5DC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF8566120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF6B13F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF6B13F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF6AF9070]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF8565FA4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF6B12180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF6B11F40]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF855A5FC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF8566076]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF6B146F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF6B14150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF6AFBBE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF6B14540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF6AFC190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF6AF9440]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF8565550]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF6B134E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF6B11200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF6B11080]

INT 0x35 ? 833DDBF8
INT 0x3A ? 833DDBF8
INT 0x3A ? 833DDBF8
INT 0x3A ? 833DDBF8
INT 0x3B ? 833DDBF8
INT 0x3B ? 833DDBF8
INT 0x3E ? 83371BF8
INT 0x3F ? 83371BF8

Code 830E5B78 ZwFlushInstructionCache
Code 831B7196 IofCallDriver
Code 831B877E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + B0 804E270C 2 Bytes [28, 60]
.text ntoskrnl.exe!_abnormal_termination + B3 804E270F 1 Byte [F8]
.text ntoskrnl.exe!_abnormal_termination + 100 804E275C 16 Bytes [00, 9B, 55, F8, 80, C5, AF, ...] {ADD [EBX-0x3a7f07ab], BL; SCASD ; TEST BYTE [EAX], 0x9; MOV CL, 0xf6; ADC [EBX], CL; MOV CL, 0xf6}
.text ntoskrnl.exe!_abnormal_termination + 1D5 804E2831 7 Bytes [3F, B1, F6, 90, 3F, B1, F6] {AAS ; MOV CL, 0xf6; NOP ; AAS ; MOV CL, 0xf6}
.text ntoskrnl.exe!_abnormal_termination + 228 804E2884 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text ...
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 831B719B
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 831B8783
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80576A6A 5 Bytes JMP 830E5B7C
? opcr.sys The system cannot find the file specified. !
? spwo.sys The system cannot find the file specified. !
? srescan.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7F2B62C 5 Bytes JMP 833DD1D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833E02D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F85C993C] spwo.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F85C9990] spwo.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F85A9D92] spwo.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833DD2D8
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F6B00B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F6B00930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F6B01260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F6AFEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F6AFEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F6B00B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F6B00930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F6B01260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F6B00B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F6B01260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F6B00930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F6AFEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F6B01260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6B00930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F6B00B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F6AFEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F6B00B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F6B00930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F6B01260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F6B19B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F6B00B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F6AFEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F6B01260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F6B00930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F6AF9980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F6AF98D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F6AF9A80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F6AF95E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 833DC1F8
Device \FileSystem\Fastfat \FatCdrom 830BD500
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbehci \Device\USBPDO-0 83046500
Device \Driver\NetBT \Device\NetBT_Tcpip_{D20DAF4F-B7F7-410D-8F60-4D44936A6B42} 82F181F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 833DE1F8
Device \Driver\dmio \Device\DmControl\DmConfig 833DE1F8
Device \Driver\dmio \Device\DmControl\DmPnP 833DE1F8
Device \Driver\dmio \Device\DmControl\DmInfo 833DE1F8
Device \Driver\usbuhci \Device\USBPDO-1 83034500
Device \Driver\usbohci \Device\USBPDO-2 830F01F8
Device \Driver\usbuhci \Device\USBPDO-3 83034500
Device \Driver\usbohci \Device\USBPDO-4 830F01F8
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Ftdisk \Device\HarddiskVolume1 833721F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 833721F8
Device \FileSystem\Rdbss \Device\FsWrap 8307D248
Device \Driver\Ftdisk \Device\HarddiskVolume3 833721F8
Device \Driver\Cdrom \Device\CdRom1 8303BCB8
Device \Driver\atapi \Device\Ide\IdePort0 831A14E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 831A14E8
Device \Driver\atapi \Device\Ide\IdePort1 831A14E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 831A14E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 831A14E8
Device \Driver\USBSTOR \Device\00000067 83185500
Device \Driver\USBSTOR \Device\00000068 83185500
Device \Driver\NetBT \Device\NetBt_Wins_Export 82F181F8
Device \Driver\NetBT \Device\NetbiosSmb 82F181F8
Device \FileSystem\Srv \Device\LanmanServer 830833D0
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbohci \Device\USBFDO-0 830F01F8
Device \Driver\usbohci \Device\USBFDO-1 830F01F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82E4A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83100188
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-2 83034500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82E4A1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 83100188
Device \Driver\usbuhci \Device\USBFDO-3 83034500
Device \FileSystem\Npfs \Device\NamedPipe 830E0AD8
Device \Driver\usbehci \Device\USBFDO-4 83046500
Device \Driver\Ftdisk \Device\FtControl 833721F8
Device \FileSystem\Msfs \Device\Mailslot 830DF8D0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 FE818BA8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 FE818BA8
Device \FileSystem\Fastfat \Fat 830BD500
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 831A5AA0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 831A5AA0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 831A5AA0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 831A5AA0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 831A5AA0
Device \FileSystem\Cdfs \Cdfs 83192500

---- Modules - GMER 1.0.15 ----

Module _________ F84BC000-F84D4000 (98304 bytes)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gxvxckwuygmwbqijheahgfvxrsvaoadwetnie.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej40 0xE1 0x7B 0x6E 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41@ljej40 0xD2 0xEB 0xEF 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41@ljej41 0xC9 0xEB 0xEF 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41@ljej42 0xCE 0xEB 0xEF 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41@ljej43 0xC8 0xEB 0xEF 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxckwuygmwbqijheahgfvxrsvaoadwetnie.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxckwuygmwbqijheahgfvxrsvaoadwetnie.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcixcijyuyanxuwlofijywfifsttyofpjk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x98 0xC4 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDE 0x6B 0x51 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x60 0xD5 0x31 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x98 0xC4 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDE 0x6B 0x51 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x60 0xD5 0x31 0x40 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x98 0xC4 0x4C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDE 0x6B 0x51 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x60 0xD5 0x31 0x40 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x98 0xC4 0x4C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDE 0x6B 0x51 0x4F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x60 0xD5 0x31 0x40 ...
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxckwuygmwbqijheahgfvxrsvaoadwetnie.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxckwuygmwbqijheahgfvxrsvaoadwetnie.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcixcijyuyanxuwlofijywfifsttyofpjk.dll
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF8 0x98 0xC4 0x4C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDE 0x6B 0x51 0x4F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x60 0xD5 0x31 0x40 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\gxvxckwuygmwbqijheahgfvxrsvaoadwetnie.sys 66944 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\gxvxcixcijyuyanxuwlofijywfifsttyofpjk.dll 26625 bytes executable

---- EOF - GMER 1.0.15 ----

**Shaba** · 2009-05-15, 18:36

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

**chadillac** · 2009-05-15, 20:00

ComboFix 09-05-15.01 - Chad 05/15/2009 10:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.248 [GMT -7:00]
Running from: c:\documents and settings\Chad\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\version.txt
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\drivers\gxvxckwuygmwbqijheahgfvxrsvaoadwetnie.sys
c:\windows\system32\gxvxcixcijyuyanxuwlofijywfifsttyofpjk.dll
D:\Autorun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS

((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-14 16:54 . 2009-05-14 16:56 -------- d-----w C:\rsit
2009-05-14 15:47 . 2009-05-14 15:47 -------- d-----w c:\documents and settings\Chad\Application Data\Malwarebytes
2009-05-14 05:18 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-14 05:18 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-14 05:18 . 2009-05-14 05:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-14 05:18 . 2009-05-14 15:47 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-12 14:52 . 2009-05-12 14:53 -------- d-----w c:\program files\ERUNT
2009-05-11 15:37 . 2009-05-11 15:40 -------- d-----w C:\Stanislaus
2009-05-11 15:35 . 2009-05-11 15:36 -------- d-----w C:\Chads Accident
2009-05-05 09:30 . 2009-05-05 09:30 -------- dc-h--w c:\documents and settings\All Users\Application Data\{D0D0BE61-F9F3-4330-BF43-3FC63530C4E6}
2009-05-05 09:26 . 2009-05-05 09:26 -------- d-----w c:\program files\WebEx
2009-05-05 09:25 . 2008-12-13 01:05 23984 ----a-w c:\windows\system32\drivers\pnarp.sys
2009-05-05 09:25 . 2008-12-13 01:05 25264 ----a-w c:\windows\system32\drivers\purendis.sys
2009-05-05 09:25 . 2009-05-05 09:25 -------- d-----w c:\program files\Common Files\Pure Networks Shared
2009-05-05 09:25 . 2009-05-05 09:25 -------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks
2009-04-29 00:05 . 2009-04-29 00:05 -------- d-----w c:\program files\LizardTech
2009-04-19 20:56 . 2002-05-08 10:02 110592 ----a-w c:\windows\system32\tsccvid.dll
2009-04-19 20:45 . 2009-04-19 20:45 -------- d-----w c:\documents and settings\Chad\Application Data\DivX
2009-04-19 20:39 . 2009-04-19 20:41 -------- d-----w c:\program files\InteractivePhysics2005
2009-04-19 18:17 . 2009-04-19 18:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 16:29 . 2009-04-19 16:29 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-04-19 13:12 . 2009-04-19 13:12 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-19 13:11 . 2009-02-16 07:10 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-04-19 13:11 . 2009-04-19 13:12 -------- d-----w c:\windows\system32\ZoneLabs
2009-04-19 13:11 . 2009-04-19 13:11 -------- d-----w c:\program files\Zone Labs
2009-04-19 13:10 . 2009-05-15 17:44 -------- d-----w c:\windows\Internet Logs
2009-04-19 03:03 . 2009-04-19 03:03 -------- d-----w c:\program files\Apple Software Update
2009-04-17 19:35 . 2009-04-17 19:37 -------- d-----w c:\documents and settings\Chad\Local Settings\Application Data\Deployment
2009-04-16 13:21 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 13:21 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-16 13:21 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 13:21 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 13:21 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 13:21 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 13:21 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 13:21 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 13:21 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 13:19 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 11:39 . 2009-04-16 11:40 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-16 11:39 . 2009-04-16 11:41 -------- d-----w c:\program files\DivX
2009-04-16 08:13 . 2009-04-16 08:13 -------- d-----w c:\temp\google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 06:43 . 2007-09-06 07:19 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 09:43 . 2007-09-20 16:26 -------- d-----w c:\program files\ICQ6
2009-05-05 09:27 . 2007-10-15 19:40 -------- d-----w c:\program files\Linksys
2009-05-05 09:21 . 2007-09-06 01:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-05 07:50 . 2009-01-24 03:03 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-05 07:48 . 2007-10-15 19:53 237640 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-26 21:54 . 2007-09-06 21:44 -------- d-----r c:\program files\Skype
2009-04-19 18:17 . 2007-09-06 21:55 -------- d-----w c:\program files\Java
2009-04-19 16:17 . 2007-09-06 04:36 -------- d-----w c:\program files\Sophos
2009-04-12 03:19 . 2009-04-12 03:19 -------- d-----w c:\program files\MSXML 6.0
2009-04-12 00:08 . 2007-09-06 21:40 -------- d-----w c:\program files\Google
2009-04-11 23:20 . 2009-04-11 23:20 -------- d-----w c:\program files\ClamWin
2009-04-11 20:42 . 2007-09-06 05:52 71832 ----a-w c:\documents and settings\Chad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 20:15 . 2009-03-31 20:15 -------- d-----w c:\program files\Common Files\L&H
2009-03-31 20:15 . 2009-03-31 20:15 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-31 20:14 . 2009-03-31 20:14 -------- d-----w c:\program files\Microsoft Works
2009-03-31 20:13 . 2009-03-31 20:13 -------- d-----w c:\program files\Microsoft.NET
2009-03-06 14:44 . 2001-08-23 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2001-08-23 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 19:35 . 2007-11-14 07:21 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:35 . 2007-09-20 15:16 120056 ------w c:\windows\system32\PxCpyI64.exe
2009-02-24 19:35 . 2007-09-20 15:16 118520 ------w c:\windows\system32\PxInsI64.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 68856]
"Google Update"="c:\documents and settings\Chad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-17 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-04-14 86016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"Sophos Message Router"=2 (0x2)
"Sophos AutoUpdate Service"=2 (0x2)
"Sophos Agent"=2 (0x2)
"SAVService"=2 (0x2)
"SAVAdminService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Disc Detector"=c:\program files\Creative\ShareDLL\CtNotify.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"UpdReg"=c:\windows\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 12:43 PM 204800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/3/2008 10:15 PM 24652]
R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [9/9/2007 11:21 PM 167673]
S2 gupdate1c9ce34bbb4d010;Google Update Service (gupdate1c9ce34bbb4d010);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2009 5:05 PM 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d52d641-1d87-11dd-8db7-000ae66bfb4c}]
\Shell\AutoRun\command - I:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-06 07:19]

2009-05-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 00:05]

2009-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-854245398-1003.job
- c:\documents and settings\Chad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 19:37]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: facebook.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 10:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3636)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\java.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2009-05-15 10:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-15 17:53

Pre-Run: 17,387,085,824 bytes free
Post-Run: 17,488,003,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
246 --- E O F --- 2009-05-14 08:00

Thread: Spybot doesnt run/cant get to spybot websit

Thread Tools

Display

Spybot doesnt run/cant get to spybot websit

I TRIED to do as you said

RSIT info log

Gmer.txt

Combofix log

Posting Permissions