Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Another person with Nebular BHO troubles

  1. #1
    Junior Member
    Join Date
    Jun 2009
    Posts
    11

    Question Another person with Nebular BHO troubles

    The computer was running slow and I'd occasionally get IE windows popping up trying to connect to an XMLDataWebInfo.net (I thing that was the name that popped up on the title bar) site. I have IE blocked by ZoneAlarm firewall, but it was nonetheless disturbing. Running SpyBot told me that I had an infection from Nebular BHO but the cleaning never stuck. Searching for Nebular BHO brought me here where it looks like people have been helped. I would much appreciate any help that can be rendered. The following is my HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:07:53 AM, on 6/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    H:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Prime95\prime95.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    H:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    N:\Steam\Steam.exe
    H:\Program Files\Pidgin\pidgin.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\GetRight\GetRight.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    H:\Program Files\Vuze\Azureus.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: D - {0961ADBB-521D-33EE-93A1-3C735377F6C0} - C:\WINDOWS\system32\xwr47045.dll
    O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Steam] "N:\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Pidgin] h:\Program Files\Pidgin\pidgin.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Azureus.lnk = H:\Program Files\Azureus\Azureus.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Hardware Monitor.lnk = C:\Program Files\SoltekHM\soltekHM.exe
    O4 - Startup: MagicDisc.lnk = F:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
    O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - G:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 13153 bytes

  2. #2
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hello and welcome to Safer Networking

    My name is peku006 and I will be helping you to remove any infection(s) that you may have.
    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    Please observe these rules while we work:

    • I f you don't know or understand something please don't hesitate to ask
    • Please DO NOT run any other tools or scans whilst I am helping you.
    • It is important that you reply to this thread. Do not start a new topic.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • Absence of symptoms does not mean that everything is clear.


    1 - Download and Run Malwarebytes' Anti-Malware

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    2 - download and run RSIT

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)


    3 - Status Check
    Please reply with

    1.the logs from RSIT (log.txt ,info.txt)
    2. the Malwarebytes' Anti-Malware Log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #3
    Junior Member
    Join Date
    Jun 2009
    Posts
    11

    Default

    Here is the MaM report. I need to reboot before running and posting the other one.

    Malwarebytes' Anti-Malware 1.37
    Database version: 2265
    Windows 5.1.2600 Service Pack 3

    6/12/2009 11:01:06 AM
    mbam-log-2009-06-12 (11-01-06).txt

    Scan type: Full Scan (C:\|F:\|G:\|H:\|I:\|M:\|N:\|)
    Objects scanned: 772765
    Time elapsed: 11 hour(s), 29 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 9
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0961adbb-521d-33ee-93a1-3c735377f6c0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0961adbb-521d-33ee-93a1-3c735377f6c0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{60a6cd6b-fef6-3e03-9d02-b8d74a48b871} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cc9eebbf-1141-3597-99a3-2b3e7395dd1d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0961adbb-521d-33ee-93a1-3c735377f6c0} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\xwr47045.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    c:\program files\k-lite codec pack\tools\fixcodecs.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\wr47045.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.

  4. #4
    Junior Member
    Join Date
    Jun 2009
    Posts
    11

    Default RSIT Logs

    Again, I must thank you for your assistance thus far.

    Info.txt:
    info.txt logfile of random's system information tool 1.06 2009-06-12 11:52:00

    ======Uninstall list======

    -->"C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE" /U /S /R
    -->"H:\Program Files\Einstein\uninstall.exe"
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
    ABC Amber LIT Converter-->H:\PROGRA~1\ABCAMB~1\UNWISE.EXE H:\PROGRA~1\ABCAMB~1\INSTALL.LOG
    Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    AFPL Ghostscript 8.53-->H:\Program Files\gs\uninstgs.exe "H:\Program Files\gs\gs8.53\uninstal.txt"
    AFPL Ghostscript Fonts-->H:\Program Files\gs\uninstgs.exe "H:\Program Files\gs\fonts\uninstal.txt"
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    And Yet It Moves Demo-->"N:\Steam\steam.exe" steam://uninstall/18710
    Apache Tomcat 5.5 (remove only)-->"C:\Program Files\Apache Software Foundation\Tomcat 5.5\Uninstall.exe"
    Apple Mobile Device Support-->MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
    Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
    Audacity 1.3.4 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
    Autodesk 3ds Max 9 32-bit-->MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
    Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
    Autodesk MotionBuilder 7.5-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{22FAFE5D-A94C-4B5A-A628-DFF2FAB32885}
    Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
    Beyond Good and Evil-->"N:\Steam\steam.exe" steam://uninstall/15130
    Bink and Smacker-->H:\PROGRA~1\RADVideo\UNWISE.EXE H:\PROGRA~1\RADVideo\INSTALL.LOG
    Blender (remove only)-->"H:\Program Files\Blender Foundation\Blender\uninstall.exe"
    Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
    Bullzip PDF Printer 6.0.0.766-->"C:\Program Files\Bullzip\PDF Printer\unins000.exe"
    Call Of Cthulhu DCoTE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4406ED3-B04C-44F1-ABB4-08775B74934F}\Setup.exe" -l0x9
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Circus Rmpire-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C58DEE92-BFF3-4037-9E37-E4C672FDDF7B}\setup.exe" -l0x9 -uninst -removeonly
    Condemned - Criminal Origins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}\setup.exe" -l0x9 -removeonly
    Creative Driver-->C:\WINDOWS\system32\ctdrvins /s /u /g
    DANCE v4-->"H:\Program Files\dance_v4\unins000.exe"
    Dark Messiah Might and Magic Single Player-->"N:\Steam\steam.exe" steam://uninstall/2100
    Debugging Tools for Windows-->MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Driver Sweeper 1.5.5-->"C:\Program Files\Driver Sweeper\unins000.exe"
    DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
    EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    E-Tools-->H:\Program Files\Wizards of the Coast\eTools\uninstall.exe
    Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
    Far Cry-->"N:\Steam\steam.exe" steam://uninstall/13520
    FBX Plugin 2006.08 for Max 9.0-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
    FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
    FLOCK! Demo-->"N:\Steam\steam.exe" steam://uninstall/21650
    Foxit Reader-->H:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
    GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)-->C:\WINDOWS\SQL9_KB960089_ENU\Hotfix.exe /Uninstall
    GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)-->C:\WINDOWS\SQLTools9_KB960089_ENU\Hotfix.exe /Uninstall
    GetRight-->"C:\Program Files\GetRight\unins000.exe"
    GLOBEtrotter FLEXid Drivers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu"
    GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    GSview 4.8-->H:\Program Files\Ghostgum\gsview\uninstgs.exe "H:\Program Files\Ghostgum\gsview\uninstal.txt"
    GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
    Half-Life 2-->"N:\Steam\steam.exe" steam://uninstall/220
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
    HP Photo and Imaging 2.1 - Scanjet 2400 Series-->MsiExec.exe /I{6F7ECD56-E224-4263-9B7E-158E5CECC43B}
    IEEE 802.11g Wireless Cardbus/PCI Adapter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{29F15D3F-5B37-44DB-BB89-390B3AD1404E}
    ImageMagick 6.4.7-7 Q8 (2008-12-15)-->"H:\Program Files\ImageMagick-6.4.7-Q8\unins000.exe"
    ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
    iTunes-->MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
    J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    Jagged Alliance 2 v1.13 (EN) [1.0.0.2085]-->"M:\HDrive_New_Volume\Program Files\TalonSoft\Ja2\unins000.exe"
    Jagged Alliance 2-->C:\WINDOWS\IsUninst.exe -f"m:\hdrive_new_volume\Program Files\TalonSoft\Ja2\Uninst.isu"
    Java 2 Runtime Environment, SE v1.4.2_13-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142130}
    Java 2 SDK, SE v1.4.2_13-->MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142130}
    Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
    Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
    Licensing Service Install-->MsiExec.exe /I{343DBCC6-511C-46C7-B0B7-DD86F60843E5}
    LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Mafia-->I:\program files\Mafia\MafiaSetup.exe
    Magic ISO Maker v5.4 (build 0251)-->G:\PROGRA~1\MAGICISO\UNWISE.EXE G:\PROGRA~1\MAGICISO\INSTALL.LOG
    MagicDisc 2.5.79-->G:\PROGRA~1\MAGICD~1\UNWISE.EXE G:\PROGRA~1\MAGICD~1\INSTALL.LOG
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Metal Gear Solid-->H:\Program Files\Metal Gear Solid\Uninstal.exe
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
    Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
    Microsoft Dictation-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\MSDApp.inf, Uninstall
    Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
    Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
    Microsoft FxCop 1.35-->MsiExec.exe /I{846D9AAD-EA7D-4126-9177-F874FD389BE4}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Speech Recognition Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsr.inf, Uninstall.NT
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
    Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
    Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
    Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
    Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
    Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
    Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
    Microsoft Visual Studio 2005 Professional Edition - ENU-->I:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
    Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
    Microsoft Windows Software Development Kit (6000.0.0)-->"H:\Program Files\Microsoft SDKs\Windows\v6.0\Setup\SDKSetup.exe" -x "-source:H:\Program Files\Microsoft SDKs\Windows\v6.0\Setup\1033\;C:\Documents and Settings\Duggan\Local Settings\Temp\SDKSetup\WinSDK\;http://download.microsoft.com/download/a/7/7/a7767f09-0136-4a96-a1f8-276bf0ee31fa"
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
    Music MasterWorks v3.94-->"j:\Program Files\MusicMasterWorks\unins001.exe"
    MySQL Server 5.0-->MsiExec.exe /I{984FFBAD-C445-442F-BC71-E2034F9A395B}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    Oblivion - Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23D683DD-93C6-48E6-B84E-78B57778F126}\setup.exe" -l0x9 -removeonly
    Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
    Oblivion - Knights of the Nine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
    Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
    Oblivion - Orrery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
    Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
    Oblivion - The Fighter's Stronghold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0A20753-92DF-4631-82B4-9CACE2FCED6A}\setup.exe" -l0x9 -removeonly
    Oblivion - Thieves Den-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
    Oblivion - Vile Lair-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
    Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
    Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
    OGRE Demos 1.4.9-->MsiExec.exe /I{B3483083-1A14-4250-B196-AB82DE686742}
    OGRE SDK 1.6.1 for Visual C++ 2005-->N:\OgreSDK\uninst.exe
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    OpenOffice.org 3.0-->MsiExec.exe /I{92B79901-C57D-409F-8D2F-4E5337383569}
    Operation Optimization v1.1.1-->"I:\Program Files\Bethesda Softworks\Oblivion\Operation Optimization\unins000.exe"
    Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
    Pidgin-->h:\Program Files\Pidgin\pidgin-uninst.exe
    PowerDVD-->C:\WINDOWS\IsUninst.exe -f"c:\Program Files\CyberLink\PowerDVD\Uninst.isu"
    Prime95-->"C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"
    Psychonauts-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}\setup.exe" -l0x9 -removeonly
    Python 2.5 numpy-1.2.1-->"H:\Python25\Removenumpy.exe" -u "H:\Python25\numpy-wininst.log"
    Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
    Python 3.0.1-->MsiExec.exe /I{DE2F2D9C-53E2-40EE-8209-74DA63CB060E}
    QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
    Rag Doll Kung Fu-->"N:\Steam\steam.exe" steam://uninstall/1002
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Return to Castle Wolfenstein - Platinum Edition-->M:\HDRIVE~1\PROGRA~1\RETURN~1\Uninstall\Unwise.exe /u M:\HDRIVE~1\PROGRA~1\RETURN~1\Uninstall\Install.log
    Saints Row 2-->"N:\Steam\steam.exe" steam://uninstall/9480
    SAPI 5.1 TTS-->MsiExec.exe /I{7F5DB67B-7F19-4D61-8EF1-AF1CDC0B673F}
    Second Sight-->"C:\WINDOWS\Via Mala IE\Second Sight\uninstall.exe" "/U:C:\WINDOWS\Via Mala IE\Second Sight\Uninstall\uninstall.xml"
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
    Shader Designer 1.5.9.4-->"I:\Program Files\TyphoonLabs\Shader Designer\unins000.exe"
    Sin-->C:\WINDOWS\IsUninst.exe -f"H:\Program Files\Sin\SinUninst.isu"
    Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\Setup.exe" -l0x9
    SPORE™ Creature Creator Trial Edition-->"C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Sqirlz Morph-->C:\WINDOWS\Sqirlz Morph Uninstaller.exe
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Swiff Player 1.5-->"C:\Program Files\GlobFX\Swiff Player\unins000.exe"
    Symantec AntiVirus-->MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    sŽEIƒXƒsƒŠƒbƒcR1-->C:\WINDOWS\eiunin2.exe "H:\Program Files\gspririts_r1\install.DAT"
    The Sims 2 Open For Business-->H:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
    The Sims 2 University-->H:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
    The Sims™ 2 Deluxe-->H:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
    The Sims™ 2 Seasons-->H:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
    The Wonderful End of the World Trial v1.0-->"H:\Program Files\The Wonderful End of the World Trial\unins000.exe"
    TortoiseSVN 1.4.4.9706 (32 bit)-->MsiExec.exe /X{182A59A6-1AAB-44AC-9C37-59A2A88F2D70}
    TreeSize Free V2.1-->"C:\Program Files\JAM Software\TreeSize Free\unins000.exe"
    Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
    Unofficial Oblivion Patch v1.6.1-->"I:\Program Files\Bethesda Softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe"
    Unofficial Official Mods Patch v11-->"I:\Program Files\Bethesda Softworks\Oblivion\Unofficial Official Mods Patch\unins000.exe"
    Unofficial Shivering Isles Patch v1.2.0-->"I:\Program Files\Bethesda Softworks\Oblivion\Unofficial Shivering Isles Patch\unins000.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
    VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
    VIA Networking Velocity-Family Giga-bit Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Velocity $VNT
    VideoLAN VLC media player 0.8.6d-->g:\Program Files\VideoLAN\VLC\uninstall.exe
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
    Virtual Hypnotist 5.7-->H:\Program Files\Virtual Hypnotist\uninst.exe
    Virtual Hypnotist Expansion Pack 2.0-->H:\Program Files\Virtual Hypnotist\uninstexp.exe
    WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
    Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
    Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
    Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Windows Support Tools-->MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    XviD MPEG-4 Codec-->"H:\Program Files\XviD\UninstXviD.exe"
    Ycopy 1.0d-->"C:\Program Files\Ycopy\unins000.exe"
    Zombie Shooter v 1.0-->"H:\Program Files\Sigma Team\Zombie Shooter\unins000.exe"
    ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
    ?????????-->C:\WINDOWS\IsUn0411.exe -f"H:\Program Files\??????\?????????\maebari.isu"

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: Symantec AntiVirus Corporate Edition
    FW: ZoneAlarm Firewall

    ======System event log======

    Computer Name: SEAN-E76C5D3727
    Event Code: 11
    Message: The driver detected a controller error on \Device\Harddisk1\D.

    Record Number: 62954
    Source Name: Disk
    Time Written: 20090612112006.000000-240
    Event Type: error
    User:

    Computer Name: SEAN-E76C5D3727
    Event Code: 36
    Message: The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.

    Record Number: 62950
    Source Name: W32Time
    Time Written: 20090612095044.000000-240
    Event Type: warning
    User:

    Computer Name: SEAN-E76C5D3727
    Event Code: 11
    Message: The driver detected a controller error on \Device\Harddisk0\D.

    Record Number: 62944
    Source Name: Disk
    Time Written: 20090611200718.000000-240
    Event Type: error
    User:

    Computer Name: SEAN-E76C5D3727
    Event Code: 36
    Message: The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.

    Record Number: 60340
    Source Name: W32Time
    Time Written: 20090610113635.000000-240
    Event Type: warning
    User:

    Computer Name: SEAN-E76C5D3727
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Record Number: 60328
    Source Name: Tcpip
    Time Written: 20090609071428.000000-240
    Event Type: warning
    User:

    =====Application event log=====

    Computer Name: SEAN-E76C5D3727
    Event Code: 3
    Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

    Record Number: 2862
    Source Name: SQLBrowser
    Time Written: 20090515001920.000000-240
    Event Type: warning
    User:

    Computer Name: SEAN-E76C5D3727
    Event Code: 12001
    Message:
    Record Number: 2825
    Source Name: usnjsvc
    Time Written: 20090514201333.000000-240
    Event Type:
    User:

    Computer Name: SEAN-E76C5D3727
    Event Code: 3
    Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

    Record Number: 2793
    Source Name: SQLBrowser
    Time Written: 20090514200749.000000-240
    Event Type: warning
    User:

    Computer Name: SEAN-E76C5D3727
    Event Code: 12001
    Message:
    Record Number: 2587
    Source Name: usnjsvc
    Time Written: 20090510102949.000000-240
    Event Type:
    User:

    Computer Name: SEAN-E76C5D3727
    Event Code: 3
    Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

    Record Number: 2553
    Source Name: SQLBrowser
    Time Written: 20090510102331.000000-240
    Event Type: warning
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=h:\program files\imagemagick-6.4.7-q8;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;G:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Support Tools\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0207
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "VS80COMNTOOLS"=I:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    "tvdumpflags"=8

    -----------------EOF-----------------

  5. #5
    Junior Member
    Join Date
    Jun 2009
    Posts
    11

    Smile

    The logs were just a skitch too long to include both in one post.

    Log.txt:
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Duggan at 2009-06-12 11:48:34
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 1 GB (4%) free of 33 GB
    Total RAM: 1023 MB (25% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:50:47 AM, on 6/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    H:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    H:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    H:\Program Files\Pidgin\pidgin.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\GetRight\GetRight.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    H:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SoltekHM\soltekHM.exe
    F:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Prime95\prime95.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    N:\Downloads\RSIT.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\Duggan.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Steam] "N:\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Pidgin] h:\Program Files\Pidgin\pidgin.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Azureus.lnk = H:\Program Files\Azureus\Azureus.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Hardware Monitor.lnk = C:\Program Files\SoltekHM\soltekHM.exe
    O4 - Startup: MagicDisc.lnk = F:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
    O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - G:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 13592 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-746137067-725345543-1003.job
    C:\WINDOWS\tasks\ParetoLogic Registration.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
    IE to GetRight Helper - C:\Program Files\GetRight\xx2gr.dll [2007-07-18 246848]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-21 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-21 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
    "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-05-27 124656]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-25 148888]
    "Share-to-Web Namespace Daemon"=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
    "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-18 29744]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2006-02-28 208952]
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2006-02-28 59392]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-05 185632]
    "iTunesHelper"=H:\Program Files\iTunes\iTunesHelper.exe [2008-02-04 267048]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-02-01 385024]
    "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
    "Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe [2001-10-04 28672]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []
    "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2007-04-09 19456]
    "CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2007-04-09 19968]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-18 86016]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "Aim6"= []
    "DAEMON Tools Lite"=H:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
    "Steam"=N:\Steam\Steam.exe [2009-06-10 1217784]
    "Pidgin"=h:\Program Files\Pidgin\pidgin.exe [2009-05-19 45603]
    "Google Update"=C:\Documents and Settings\Duggan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-03 133104]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    GetRight.lnk - C:\Program Files\GetRight\GetRight.exe
    Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

    C:\Documents and Settings\Duggan\Start Menu\Programs\Startup
    Azureus.lnk - H:\Program Files\Azureus\Azureus.exe
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
    Hardware Monitor.lnk - C:\Program Files\SoltekHM\soltekHM.exe
    MagicDisc.lnk - F:\Program Files\MagicDisc\MagicDisc.exe
    OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    C:\WINDOWS\system32\NavLogon.dll [2006-05-27 43760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "DisableTaskMgr"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoActiveDesktop"=00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "H:\Program Files\Azureus\Azureus.exe"="H:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "H:\Program Files\Curious Labs\Poser 6\Poser.exe"="H:\Program Files\Curious Labs\Poser 6\Poser.exe:*:Disabled:Poser executable file"
    "H:\Program Files\Curious Labs\Poser 5\poser.exe"="H:\Program Files\Curious Labs\Poser 5\poser.exe:*:Disabled:Poser executable file"
    "H:\Program Files\RolePlayingMaster\dnd3e.exe"="H:\Program Files\RolePlayingMaster\dnd3e.exe:*:Enabled:dnd3e"
    "I:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="I:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
    "I:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="I:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
    "I:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="I:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
    "I:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="I:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
    "H:\Program Files\Gaim\gaim.exe"="H:\Program Files\Gaim\gaim.exe:*:Enabled:Gaim"
    "G:\Program Files\Sierra\FEAR\FEAR.exe"="G:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
    "G:\Program Files\Autodesk\3ds Max 9\3dsmax.exe"="G:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
    "G:\Program Files\Autodesk\Backburner\monitor.exe"="G:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
    "G:\Program Files\Autodesk\Backburner\manager.exe"="G:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
    "G:\Program Files\Autodesk\Backburner\server.exe"="G:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "H:\Program Files\iTunes\iTunes.exe"="H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "N:\Steam\steamapps\common\beyond good and evil\CheckApplication.exe"="N:\Steam\steamapps\common\beyond good and evil\CheckApplication.exe:*:Enabled:Beyond Good and Evil"
    "N:\Steam\steamapps\common\saints row 2\SR2_pc.exe"="N:\Steam\steamapps\common\saints row 2\SR2_pc.exe:*:Enabled:Saints Row 2"
    "N:\Steam\steamapps\common\farcry\Bin32\FarCry.exe"="N:\Steam\steamapps\common\farcry\Bin32\FarCry.exe:*:Enabled:Far Cry"
    "N:\Steam\steamapps\common\farcry\Bin32\FarCryConfigurator.exe"="N:\Steam\steamapps\common\farcry\Bin32\FarCryConfigurator.exe:*:Enabled:Far Cry"
    "N:\Steam\steamapps\common\flock demo\Flock.exe"="N:\Steam\steamapps\common\flock demo\Flock.exe:*:Enabled:FLOCK! Demo"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2886fb0b-18b5-11dd-9cee-0069008c0094}]
    shell\AutoRun\command - L:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6087f540-5ee8-11dc-accd-0069008c0094}]
    shell\Auto\command - RavMon.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60f004c6-96c7-11db-93b3-0069008c0094}]
    shell\AutoRun\command - F:\Autorun.exe


    ======List of files/folders created in the last 1 months======

    2009-06-12 11:48:34 ----D---- C:\rsit
    2009-06-11 20:31:51 ----D---- C:\Documents and Settings\Duggan\Application Data\Malwarebytes
    2009-06-11 20:31:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-06-11 20:31:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-06-10 00:08:06 ----SHD---- C:\Config.Msi
    2009-06-10 00:07:22 ----D---- C:\Program Files\Trend Micro
    2009-06-09 23:57:36 ----D---- C:\WINDOWS\ERDNT
    2009-06-09 23:53:44 ----D---- C:\Program Files\ERUNT
    2009-06-09 22:42:21 ----A---- C:\rollback.ini
    2009-06-09 22:24:36 ----D---- C:\Program Files\Common Files\ParetoLogic
    2009-06-09 22:24:36 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    2009-06-06 03:40:19 ----D---- C:\Documents and Settings\Duggan\Application Data\GetRight
    2009-06-06 03:39:38 ----D---- C:\Program Files\GetRight
    2009-06-01 23:43:28 ----A---- C:\WINDOWS\Rtcwplat.INI
    2009-05-30 02:21:24 ----A---- C:\WINDOWS\ModemLog_BCM V.90 56K Modem.txt
    2009-05-29 01:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
    2009-05-27 20:59:13 ----D---- C:\Documents and Settings\Duggan\Application Data\Foxit
    2009-05-27 00:53:45 ----D---- C:\Program Files\Microsoft
    2009-05-27 00:53:01 ----D---- C:\Program Files\Windows Live SkyDrive
    2009-05-27 00:45:43 ----D---- C:\Program Files\Common Files\Windows Live
    2009-05-16 00:04:57 ----D---- C:\cygwin
    2009-05-15 22:31:26 ----A---- C:\smart.exe

    ======List of files/folders modified in the last 1 months======

    2009-06-12 11:50:59 ----D---- C:\Documents and Settings\Duggan\Application Data\Azureus
    2009-06-12 11:49:00 ----D---- C:\WINDOWS\Prefetch
    2009-06-12 11:48:21 ----D---- C:\Documents and Settings\Duggan\Application Data\.purple
    2009-06-12 11:31:40 ----D---- C:\Program Files\Symantec AntiVirus
    2009-06-12 11:30:49 ----D---- C:\WINDOWS\Internet Logs
    2009-06-12 11:24:21 ----D---- C:\WINDOWS\Temp
    2009-06-12 11:21:52 ----SD---- C:\WINDOWS\Tasks
    2009-06-12 11:21:29 ----D---- C:\WINDOWS\system32\drivers
    2009-06-12 11:06:33 ----D---- C:\WINDOWS\system32
    2009-06-12 11:05:22 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-06-12 11:05:14 ----D---- C:\Program Files\Prime95
    2009-06-12 11:03:47 ----A---- C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000004-00581102}.BAK
    2009-06-11 23:21:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-06-11 20:31:22 ----RD---- C:\Program Files
    2009-06-11 20:07:17 ----SHD---- C:\WINDOWS\CSC
    2009-06-10 22:49:56 ----D---- C:\WINDOWS
    2009-06-10 02:39:24 ----HD---- C:\WINDOWS\inf
    2009-06-10 02:37:55 ----HD---- C:\WINDOWS\$hf_mig$
    2009-06-10 02:36:11 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-06-10 01:36:36 ----D---- C:\WINDOWS\AppPatch
    2009-06-10 01:26:34 ----SHD---- C:\WINDOWS\Installer
    2009-06-09 22:24:36 ----D---- C:\Program Files\Common Files
    2009-06-09 21:14:51 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-06-09 07:04:56 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-06-08 02:09:10 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-29 01:28:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-05-27 01:13:28 ----D---- C:\WINDOWS\WinSxS
    2009-05-27 00:52:21 ----RSD---- C:\WINDOWS\Fonts
    2009-05-27 00:52:02 ----D---- C:\Program Files\Windows Live
    2009-05-27 00:45:36 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2009-02-18 186128]
    R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
    R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-22 23936]
    R2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
    R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
    R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
    R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
    R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys []
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMDM.sys [2001-08-17 871388]
    R3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2007-04-18 98600]
    R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2007-04-10 511272]
    R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-04-10 520488]
    R3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2007-04-12 546048]
    R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2007-04-10 14632]
    R3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2007-04-12 560384]
    R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2007-04-10 157480]
    R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2007-04-10 92968]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
    R3 GETND5BV;VIA Networking Velocity-Family Giga-bit Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\getnd5bv.sys [2006-12-12 49152]
    R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2007-04-10 797992]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090608.007\naveng.sys []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090608.007\navex15.sys []
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224]
    R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-04-10 126760]
    R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    S3 aef572pj;aef572pj; C:\WINDOWS\system32\drivers\aef572pj.sys []
    S3 aef572pj;aef572pj; C:\WINDOWS\system32\drivers\aef572pj.sys []
    S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
    S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2007-04-10 347128]
    S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
    S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
    S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
    S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
    S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
    S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
    S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
    S3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2003-09-02 44032]
    S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2007-04-10 163112]
    S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736]
    S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
    S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
    S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WINIO;WINIO; \??\C:\Program Files\SoltekHM\winio.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
    R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-01-28 72704]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
    R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-05-27 31472]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-21 152984]
    R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
    R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908]
    R2 Prime95 Service;Prime95 Service; C:\Program Files\Prime95\prime95.exe [2005-08-09 4333568]
    R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-09-11 185632]
    R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
    R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
    R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-05-27 1805040]
    R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-04 504104]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
    S2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); G:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-18 29744]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
    S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-05-27 115952]
    S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
    S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
    S3 Tomcat5;Apache Tomcat; C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [2007-03-05 53248]
    S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger; I:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe /service msvsmon80 []

    -----------------EOF-----------------

  6. #6
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi DugganSC

    1 - Download and Run ComboFix

    We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    http://www.bleepingcomputer.com/comb...o-use-combofix

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    If you need help to disable your protection programs see here.

    When finished, it will produce a log for you
    Please include the C:\ComboFix.txt in your next reply for further review.

    2 - Status Check
    Please reply with


    1. the ComboFix log(C:\ComboFix.txt)


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  7. #7
    Junior Member
    Join Date
    Jun 2009
    Posts
    11

    Smile

    ComboFix 09-06-13.03 - Duggan 06/13/2009 19:25.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.423 [GMT -4:00]
    Running from: n:\downloads\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Duggan\Application Data\.#
    c:\windows\system32\drivers\str.sys
    c:\documents and settings\Duggan\Application Data\.#\MBX@10AC@B241B8.###
    c:\documents and settings\Duggan\Application Data\.#\MBX@10AC@B241E8.###
    c:\documents and settings\Duggan\Application Data\.#\MBX@10AC@B24218.###
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\system32\drivers\lzchgyxclz.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DWXLQUTDBY


    ((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
    .

    2009-06-12 15:48 . 2009-06-12 15:52 -------- d-----w- C:\rsit
    2009-06-12 00:31 . 2009-06-12 00:31 -------- d-----w- c:\documents and settings\Duggan\Application Data\Malwarebytes
    2009-06-12 00:31 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-12 00:31 . 2009-06-12 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-12 00:31 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-12 00:31 . 2009-06-12 00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-10 04:07 . 2009-06-10 04:07 -------- d-----w- c:\program files\Trend Micro
    2009-06-10 03:53 . 2009-06-10 03:56 -------- d-----w- c:\program files\ERUNT
    2009-06-10 02:43 . 2009-06-14 00:07 5564448 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2009-06-10 02:43 . 2009-06-13 23:54 3691552 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-06-10 02:24 . 2009-06-10 04:10 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2009-06-10 02:24 . 2009-06-10 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2009-06-06 07:40 . 2009-06-13 22:41 -------- d-----w- c:\documents and settings\Duggan\Application Data\GetRight
    2009-06-06 07:39 . 2009-06-07 03:58 -------- d-----w- c:\program files\GetRight
    2009-05-28 00:59 . 2009-05-28 00:59 -------- d-----w- c:\documents and settings\Duggan\Application Data\Foxit
    2009-05-27 05:17 . 2009-06-13 23:59 -------- d-----w- c:\documents and settings\Duggan\Tracing
    2009-05-27 04:53 . 2009-05-27 04:53 -------- d-----w- c:\program files\Microsoft
    2009-05-27 04:53 . 2009-05-27 04:53 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-05-27 04:45 . 2009-05-27 04:45 -------- d-----w- c:\program files\Common Files\Windows Live
    2009-05-16 04:04 . 2009-05-16 04:04 -------- d-----w- C:\cygwin
    2009-05-16 02:31 . 2003-12-22 02:44 32768 ----a-w- C:\smart.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-14 00:12 . 2006-12-16 09:39 -------- d-----w- c:\documents and settings\Duggan\Application Data\Azureus
    2009-06-14 00:10 . 2008-02-05 02:17 -------- d-----w- c:\documents and settings\Duggan\Application Data\.purple
    2009-06-14 00:08 . 2006-12-24 16:50 -------- d-----w- c:\program files\Symantec AntiVirus
    2009-06-13 23:55 . 2009-06-10 02:43 532808 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2009-06-13 23:54 . 2009-06-10 02:43 54140 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-06-13 23:54 . 2007-01-30 02:53 -------- d-----w- c:\program files\Prime95
    2009-06-13 23:13 . 2008-04-09 02:03 2514154 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
    2009-06-13 04:22 . 2007-03-17 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-06-11 12:56 . 2009-06-12 00:07 2873856 ----a-w- c:\windows\Internet Logs\xDB16.tmp
    2009-06-11 02:45 . 2009-06-11 02:47 2863104 ----a-w- c:\windows\Internet Logs\xDB15.tmp
    2009-06-10 01:14 . 2006-12-24 16:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-06-09 11:04 . 2006-12-24 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-06-06 06:42 . 2009-01-09 19:43 1 ----a-w- c:\documents and settings\Duggan\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-05-28 01:21 . 2009-05-28 01:34 2815488 ----a-w- c:\windows\Internet Logs\xDB14.tmp
    2009-05-27 05:14 . 2006-12-16 19:48 30624 ----a-w- c:\documents and settings\Duggan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-27 04:52 . 2008-02-26 21:22 -------- d-----w- c:\program files\Windows Live
    2009-05-10 14:28 . 2009-05-10 14:28 8 ----a-w- c:\windows\system32\nvModes.dat
    2009-05-10 14:25 . 2009-05-10 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
    2009-05-10 05:17 . 2009-05-10 05:19 2764288 ----a-w- c:\windows\Internet Logs\xDB13.tmp
    2009-05-09 19:28 . 2009-05-09 19:31 2767872 ----a-w- c:\windows\Internet Logs\xDB12.tmp
    2009-05-06 09:17 . 2009-05-06 09:28 2786304 ----a-w- c:\windows\Internet Logs\xDB11.tmp
    2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
    2009-04-29 03:47 . 2009-04-29 03:47 -------- d-----w- c:\documents and settings\Duggan\Application Data\Blender Foundation
    2009-04-23 02:41 . 2009-04-23 02:44 2764800 ----a-w- c:\windows\Internet Logs\xDB10.tmp
    2009-04-22 23:23 . 2009-04-28 11:49 2797468 ----a-w- c:\documents and settings\Duggan\Application Data\Mozilla\Firefox\Profiles\gespsfw2.Sean Duggan\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
    2009-04-15 10:32 . 2009-04-20 19:10 1365504 ----a-w- c:\windows\Internet Logs\xDBE.tmp
    2009-04-15 10:32 . 2009-04-20 19:10 2749440 ----a-w- c:\windows\Internet Logs\xDBF.tmp
    2009-04-10 03:14 . 2009-04-10 03:21 2750976 ----a-w- c:\windows\Internet Logs\xDBD.tmp
    2009-04-09 12:25 . 2009-04-09 12:25 294912 ----a-w- c:\windows\system32\xa374571421.exe
    2009-04-09 12:25 . 2009-04-09 12:25 294912 ----a-w- c:\windows\system32\xa374570781.exe
    2009-04-05 04:05 . 2009-04-05 04:07 2748416 ----a-w- c:\windows\Internet Logs\xDBC.tmp
    2009-04-04 14:47 . 2009-04-04 14:50 2735616 ----a-w- c:\windows\Internet Logs\xDBB.tmp
    2009-04-03 19:21 . 2008-01-19 00:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat
    2009-03-30 04:24 . 2009-03-30 04:24 4096 ----a-w- c:\windows\d3dx.dat
    2009-03-28 19:30 . 2009-03-28 19:34 2621440 ----a-w- c:\windows\Internet Logs\xDBA.tmp
    2005-10-09 04:30 . 2006-12-16 09:54 96 ----a-w- c:\program files\Warnings.txt
    2005-10-09 04:30 . 2006-12-16 09:54 239 ----a-w- c:\program files\Morrowind.ini
    2005-10-09 04:30 . 2006-12-16 09:54 112 ----a-w- c:\program files\ProgramFlow.txt
    2008-08-18 04:17 . 2007-03-17 23:39 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2005-09-15 22:26 . 2006-12-16 09:56 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
    2008-04-12 19:09 . 2008-04-06 17:38 80 --sh--r- c:\windows\system32\2F0D90E023.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
    @="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
    [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-06-09 17:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
    @="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
    [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-06-09 17:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
    @="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
    [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-06-09 17:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
    @="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
    [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-06-09 17:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
    @="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
    [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-06-09 17:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
    @="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
    [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-06-09 17:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
    @="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
    [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
    2007-06-09 17:42 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
    "Steam"="n:\steam\Steam.exe" [2009-06-11 1217784]
    "Pidgin"="h:\program files\Pidgin\pidgin.exe" [2009-05-19 45603]
    "Google Update"="c:\documents and settings\Duggan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-03 133104]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-25 53408]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-27 124656]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-26 148888]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-18 29744]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-06 185632]
    "iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
    "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]
    "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2007-04-09 19968]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]

    c:\documents and settings\Duggan\Start Menu\Programs\Startup\
    Azureus.lnk - h:\program files\Azureus\Azureus.exe [2006-12-16 254976]
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Hardware Monitor.lnk - c:\program files\SoltekHM\soltekHM.exe [2006-12-16 2096640]
    MagicDisc.lnk - f:\program files\MagicDisc\MagicDisc.exe [2008-1-27 557568]
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    GetRight.lnk - c:\program files\GetRight\GetRight.exe [2009-6-6 4628752]
    Wireless Configuration Utility HW.51.lnk - c:\program files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-15 454656]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "h:\\Program Files\\Azureus\\Azureus.exe"=
    "h:\\Program Files\\Curious Labs\\Poser 6\\Poser.exe"=
    "h:\\Program Files\\Curious Labs\\Poser 5\\poser.exe"=
    "h:\\Program Files\\RolePlayingMaster\\dnd3e.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "h:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "n:\\Steam\\steamapps\\common\\beyond good and evil\\CheckApplication.exe"=
    "n:\\Steam\\steamapps\\common\\saints row 2\\SR2_pc.exe"=
    "n:\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCry.exe"=
    "n:\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCryConfigurator.exe"=
    "n:\\Steam\\steamapps\\common\\flock demo\\Flock.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "49152:TCP"= 49152:TCP:Azureus Port Number
    "49152:UDP"= 49152:UDP:Azureus Port

    R2 dwxlqutdby;dwxlqutdby;c:\windows\system32\drivers\lzchgyxclz.sys [x]
    R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\getnd5b.sys [2003-09-02 44032]
    R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-18 29744]
    R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-05-27 115952]
    R3 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [2007-03-05 53248]
    R4 msvsmon80;Visual Studio 2005 Remote Debugger;i:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [x]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-12 101936]
    S3 GETND5BV;VIA Networking Velocity-Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\getnd5bv.sys [2006-12-12 49152]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - WINIO
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-13 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-17 20:02]

    2009-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-746137067-725345543-1003.job
    - c:\documents and settings\Duggan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-03 11:58]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Aim6 - (no file)
    HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
    IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-13 20:03
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WINIO]
    "ImagePath"="\??\c:\program files\SoltekHM\winio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(6120)
    c:\program files\TortoiseSVN\bin\tortoisesvn.dll
    c:\program files\TortoiseSVN\bin\intl3_svn.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ZoneLabs\vsmon.exe
    c:\windows\system32\CF751.exe
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\TortoiseSVN\bin\TSVNCache.exe
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Prime95\Prime95.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-14 20:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-14 00:25

    Pre-Run: 1,325,699,072 bytes free
    Post-Run: 2,064,416,768 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    278 --- E O F --- 2009-05-29 05:28

  8. #8
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi DugganSC

    1 - Update Java Runtime:

    You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason it's extremely important that you keep the program up to date and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 14.
    • Go to HERE
    • Click on the link named Java Runtime Environment (JRE) 6 Update 14
    • Click on the radio button to Accept License Agreement
    • Click on Windows Offline Installation Multi-language and save the downloaded file to your hard disk
    • Go to Start => Control Panel => Add or Remove Programs
    • Uninstall all old versions of Java (Java 2 Runtime Environment JRE or JSE)
    • Reboot your computer
    • Delete the folder C:\Program Files\Java if present
    • Install the new version by running the newly-downloaded file and follow the on-screen instructions.
    • Reboot your computer


    2 - Clean temp files

    • Download and Run ATF Cleaner
      Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

      Under Main choose:
      • Windows Temp
        Current User Temp
        All Users Temp
        Temporary Internet Files
        Prefetch
        Java Cache

        *The other boxes are optional*
        Then click the Empty Selected button.

      if you use Firefox:
      • Click Firefox at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

      if you use Opera:
      • Click Opera at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


      Click Exit on the Main menu to close the program


    3 - Kaspersky Online Scan

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.


    4 - Run Hijackthis
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

    5 - Status Check
    Please reply with

    1. the Kaspersky online scanner report
    2. a fresh HijackThis log
    How's the computer running now? Any problems?

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  9. #9
    Junior Member
    Join Date
    Jun 2009
    Posts
    11

    Question

    The JRE download instructions varied somewhat from the actual webpage. I couldn't find "Java Runtime Environment (JRE) 6 Update 14" but there was "Java SE Runtime Environment 6u14". And the agreement button was a checkbox, not a radio button. I'm fairly certain that it's what you intended, but I thought I would mention it given the instructions are very explicit that we should follow your every step.

  10. #10
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi DugganSC

    let´s try this........

    Download the latest version of JDK 6 Update 14.

    • Scroll down to where it says "JDK 6 Update 14".
    • Click the "Download" button to the right.
    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
    • Click on Continue.
    • Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Then from your desktop double-click on the download to install the newest version.


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •