SpyBot detects Virtumonde

D

Datzilla

New member
Hello, I can't seem to get rid of Virtumode. McAfee keeps deleting related files (some .ini file) over and over, and sometimes spybot does not detect an Virtumonde until preform a scan sometime later.

Here is a log from hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:48 PM, on 4/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - e:\Projects\Shareaza\plugins\RazaWebHook\Win32\Debug\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2684BDD9-01D3-408B-AAAB-1AF6F8437BBF} - C:\Windows\system32\nnnmlKbx.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ShareazaPlus Web Download Hook - {57E8CB3A-36CE-4a0c-BE27-95E1196372CC} - C:\Program Files\ShareazaPlus\Plugins\RazaWebHook.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {921D5634-238E-4FA0-A46B-50FC8341BA57} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with &Shareaza - res://e:\Projects\Shareaza\plugins\RazaWebHook\Win32\Debug\RazaWebHook32.dll/3000
O8 - Extra context menu item: Download with &ShareazaPlus - res://C:\Program Files\ShareazaPlus\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7ACFBA-06D3-487F-8C55-81E71EF37FF2}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A7ACFBA-06D3-487F-8C55-81E71EF37FF2}: NameServer = 192.168.0.1
O23 - Service: Google Update Service (gupdate1c98dfd6c16b6c0) (gupdate1c98dfd6c16b6c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxba_device - - C:\Windows\system32\lxbacoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 6839 bytes

Thanks for taking a look. :)

Update:
McAfee On-Access Scan detected:
Name: xbKlmnnn.ini
In Folder: C:\Windows\system32
Detected As: Vundo!grb
Detection Type: Trojan
Status: Deleted
Application: C:/Windows/Explorer.EXE
 
Hi Datzilla

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Post:

- mbam log
- rsit logs (taken after mbam run)
 
Hello, ran the tools requested. Here is the output.

mbam-log

Malwarebytes' Anti-Malware 1.36
Database version: 1970
Windows 6.0.6001 Service Pack 1

4/12/2009 2:53:06 PM
mbam-log-2009-04-12 (14-53-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 281105
Time elapsed: 1 hour(s), 11 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Datz at 2009-04-12 15:07:09
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 55 GB (38%) free of 143 GB
Total RAM: 3582 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:13 PM, on 4/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Datz\Desktop\putty.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Datz\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Datz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - e:\Projects\Shareaza\plugins\RazaWebHook\Win32\Debug\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ShareazaPlus Web Download Hook - {57E8CB3A-36CE-4a0c-BE27-95E1196372CC} - C:\Program Files\ShareazaPlus\Plugins\RazaWebHook.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {921D5634-238E-4FA0-A46B-50FC8341BA57} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with &Shareaza - res://e:\Projects\Shareaza\plugins\RazaWebHook\Win32\Debug\RazaWebHook32.dll/3000
O8 - Extra context menu item: Download with &ShareazaPlus - res://C:\Program Files\ShareazaPlus\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7ACFBA-06D3-487F-8C55-81E71EF37FF2}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A7ACFBA-06D3-487F-8C55-81E71EF37FF2}: NameServer = 192.168.0.1
O23 - Service: Google Update Service (gupdate1c98dfd6c16b6c0) (gupdate1c98dfd6c16b6c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxba_device - - C:\Windows\system32\lxbacoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 7034 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{42F3C383-5FFE-4A33-AD3A-E231058A6DB4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
Shareaza Web Download Hook - e:\Projects\Shareaza\plugins\RazaWebHook\Win32\Debug\RazaWebHook32.dll [2009-04-06 638976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57E8CB3A-36CE-4a0c-BE27-95E1196372CC}]
ShareazaPlus Web Download Hook - C:\Program Files\ShareazaPlus\Plugins\RazaWebHook.dll [2008-08-21 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-30 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{921D5634-238E-4FA0-A46B-50FC8341BA57}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-19 4702208]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-30 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-03 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-03 92704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-10-28 96816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-22 167368]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-02-01 306088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DynDNS Updater.lnk.disabled]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DynDNS Updater.lnk.disabled []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae4c09c1-f276-11dd-a5ee-005056c00008}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0b86a82-bbf8-11dd-a922-001d7da9025c}]
shell\AutoRun\command - G:\autorun.exe


======List of files/folders created in the last 1 months======

2009-04-12 15:07:09 ----D---- C:\rsit
2009-04-12 11:39:22 ----D---- C:\Users\Datz\AppData\Roaming\Malwarebytes
2009-04-12 11:39:18 ----D---- C:\ProgramData\Malwarebytes
2009-04-12 11:39:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-12 05:15:13 ----D---- C:\Windows\pss
2009-04-12 02:14:08 ----A---- C:\Windows\AviSplitter.INI
2009-04-12 00:42:59 ----D---- C:\Users\Datz\AppData\Roaming\DivX
2009-04-12 00:41:24 ----D---- C:\Program Files\Common Files\DivX Shared
2009-04-12 00:34:30 ----D---- C:\Users\Datz\AppData\Roaming\Dr. DivX 2.0 OSS
2009-04-12 00:34:30 ----D---- C:\Program Files\DivX
2009-04-11 22:36:19 ----D---- C:\Users\Datz\AppData\Roaming\Ahead
2009-04-11 22:34:12 ----D---- C:\Program Files\Nero
2009-04-11 22:34:12 ----D---- C:\Program Files\Common Files\Ahead
2009-04-11 21:30:53 ----D---- C:\ProgramData\DVD Shrink
2009-04-11 21:30:52 ----D---- C:\Program Files\DVD Shrink
2009-04-11 18:31:22 ----D---- C:\Program Files\Trend Micro
2009-04-11 16:25:41 ----D---- C:\Program Files\CCleaner
2009-04-10 21:36:43 ----D---- C:\VundoFix Backups
2009-04-10 21:36:43 ----A---- C:\VundoFix.txt
2009-04-09 13:40:00 ----A---- C:\Windows\wininit.ini
2009-04-09 13:03:15 ----A---- C:\Windows\system32\1d320ffd-.txt
2009-04-09 12:57:14 ----D---- C:\ProgramData\LightScribe
2009-04-09 12:56:57 ----D---- C:\Users\Datz\AppData\Roaming\Nero
2009-04-09 12:20:17 ----D---- C:\Program Files\Common Files\LightScribe
2009-04-07 23:24:58 ----D---- C:\Program Files\AviSynth 2.5
2009-04-07 23:24:46 ----D---- C:\Program Files\Avi2Dvd
2009-04-03 23:46:50 ----D---- C:\Windows\UltraDefrag
2009-04-03 15:11:06 ----D---- C:\Program Files\PeerProject
2009-03-25 20:20:25 ----D---- C:\Program Files\OFFSystem
2009-03-24 21:21:48 ----A---- C:\Windows\system32\wrap_oal.dll
2009-03-24 21:21:48 ----A---- C:\Windows\system32\OpenAL32.dll
2009-03-24 21:12:09 ----D---- C:\Windows\system32\Futuremark
2009-03-24 21:11:11 ----D---- C:\Program Files\Futuremark
2009-03-23 20:52:55 ----A---- C:\Windows\system32\vnetinst.dll
2009-03-23 20:52:49 ----A---- C:\Windows\system32\vmnetdhcp.exe
2009-03-23 20:52:45 ----A---- C:\Windows\system32\vmnat.exe
2009-03-23 20:52:41 ----RA---- C:\Windows\system32\vmnetbridge.dll
2009-03-23 20:52:36 ----A---- C:\Windows\system32\vnetlib.dll
2009-03-23 20:50:23 ----D---- C:\Program Files\VMware
2009-03-18 18:22:39 ----D---- C:\Program Files\WinMerge
2009-03-15 05:46:26 ----A---- C:\Windows\system32\udefrag-gui.exe
2009-03-15 05:46:26 ----A---- C:\Windows\system32\defrag_native.exe
2009-03-15 05:46:26 ----A---- C:\Windows\system32\bootexctrl.exe
2009-03-15 05:46:24 ----A---- C:\Windows\system32\ultradefrag.exe
2009-03-15 05:46:22 ----A---- C:\Windows\system32\udefrag.exe
2009-03-15 05:46:22 ----A---- C:\Windows\system32\lua5.1a_gui.exe
2009-03-15 05:46:22 ----A---- C:\Windows\system32\lua5.1a.exe
2009-03-15 05:46:20 ----A---- C:\Windows\system32\lua5.1a.dll
2009-03-15 05:46:18 ----A---- C:\Windows\system32\udefrag.dll
2009-03-15 05:46:16 ----A---- C:\Windows\system32\zenwinx.dll
2009-03-13 23:57:55 ----D---- C:\Users\Datz\AppData\Roaming\Nokia
2009-03-13 23:57:33 ----D---- C:\Qt
2009-03-13 18:14:34 ----A---- C:\Windows\system32\udctxhandler.cmd

======List of files/folders modified in the last 1 months======

2009-04-12 15:07:13 ----D---- C:\Windows\Prefetch
2009-04-12 15:06:52 ----D---- C:\Windows\Temp
2009-04-12 14:43:10 ----D---- C:\Windows\Tasks
2009-04-12 14:19:10 ----D---- C:\Program Files\Mozilla Firefox
2009-04-12 14:06:29 ----D---- C:\Users\Datz\AppData\Roaming\VMware
2009-04-12 13:46:58 ----D---- C:\Windows\System32
2009-04-12 13:46:58 ----D---- C:\Windows\inf
2009-04-12 13:46:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-12 13:39:48 ----D---- C:\ProgramData\VMware
2009-04-12 13:38:41 ----RD---- C:\Program Files
2009-04-12 13:38:41 ----D---- C:\Windows\system32\drivers
2009-04-12 11:42:13 ----D---- C:\QUARANTINE
2009-04-12 11:42:04 ----SHD---- C:\System Volume Information
2009-04-12 11:39:18 ----HD---- C:\ProgramData
2009-04-12 04:41:15 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-04-12 02:14:08 ----D---- C:\Windows
2009-04-12 00:43:44 ----A---- C:\Windows\NeroDigital.ini
2009-04-12 00:41:26 ----SHD---- C:\Windows\Installer
2009-04-12 00:41:24 ----D---- C:\Program Files\Common Files
2009-04-12 00:28:50 ----D---- C:\Program Files\SpeedFan
2009-04-11 23:56:12 ----D---- C:\ProgramData\Google Updater
2009-04-11 22:35:38 ----D---- C:\Windows\ehome
2009-04-11 22:34:14 ----D---- C:\ProgramData\Nero
2009-04-10 22:59:01 ----D---- C:\Users\Datz\AppData\Roaming\.purple
2009-04-10 16:09:46 ----D---- C:\Users\Datz\AppData\Roaming\gtk-2.0
2009-04-10 11:02:20 ----D---- C:\Windows\system32\catroot2
2009-04-09 14:45:13 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-09 14:01:14 ----D---- C:\Users\Datz\AppData\Roaming\dvdcss
2009-04-09 12:06:35 ----RSD---- C:\Windows\assembly
2009-04-09 12:05:50 ----A---- C:\Windows\system32\MsiExec.exe.log
2009-04-09 11:57:51 ----D---- C:\Program Files\PeerGuardian2
2009-04-07 14:05:19 ----D---- C:\Program Files\Shareaza
2009-04-07 12:22:05 ----D---- C:\Users\Datz\AppData\Roaming\ESRI
2009-04-01 09:28:56 ----A---- C:\Windows\Lexstat.ini
2009-03-24 21:13:07 ----D---- C:\Windows\winsxs
2009-03-24 21:11:11 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-24 11:52:10 ----D---- C:\Program Files\Common Files\ESRI
2009-03-24 11:51:59 ----D---- C:\Program Files\Common Files\AnswerWorks 4.0
2009-03-24 11:51:55 ----D---- C:\Program Files\ArcGIS
2009-03-23 20:52:56 ----D---- C:\Windows\system32\catroot
2009-03-21 12:38:50 ----D---- C:\Windows\Debug
2009-03-18 13:23:41 ----D---- C:\ProgramData\Adobe
2009-03-18 13:23:40 ----D---- C:\Program Files\Common Files\Adobe
2009-03-18 13:23:40 ----D---- C:\Program Files\Adobe
2009-03-14 14:09:27 ----D---- C:\Users\Datz\AppData\Roaming\U3
2009-03-14 12:45:59 ----D---- C:\Users\Datz\AppData\Roaming\vlc
2009-03-14 12:25:19 ----SD---- C:\Users\Datz\AppData\Roaming\Microsoft
2009-03-13 12:56:39 ----D---- C:\Program Files\ShareazaPlus

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [2006-11-30 31944]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2008-10-28 32304]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2008-06-01 34064]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2008-10-28 54960]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2008-10-28 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2008-10-28 26288]
R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2008-10-28 14896]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2008-10-28 857392]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2008-10-02 22448]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
R3 mfeapfk;McAfee Inc.; C:\Windows\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfehidk;McAfee Inc.; C:\Windows\system32\drivers\mfehidk.sys [2006-11-30 168776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-03 7643904]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
R3 vmkbd2;VMware kbd2; \??\C:\Windows\system32\drivers\VMkbd.sys [2008-10-28 23216]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2008-10-28 16560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 amsjckqv;amsjckqv; C:\Windows\system32\drivers\amsjckqv.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-11-26 16376]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [2007-06-02 8192]
S3 ultradfg;ultradfg; C:\Windows\System32\DRIVERS\ultradfg.sys [2009-03-15 32256]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 lxba_device;lxba_device; C:\Windows\system32\lxbacoms.exe [2007-04-24 537520]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2006-11-30 54872]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-03 207392]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-26 66872]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-10-28 326192]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-10-28 399920]
S2 gupdate1c98dfd6c16b6c0;Google Update Service (gupdate1c98dfd6c16b6c0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
S4 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-10-02 191024]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-10-28 113200]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.06 2009-04-12 15:07:15

======Uninstall list======

-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M06-00A0-42HU-P90P-WA5T-K74K-M5XU-2U01"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M09-00A0-6CM4-CE63-ET59-2ZEL-EWK3-2498"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0A-07A0-6TKK-X89P-L42E-9WUE-EPW4-7P7M"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0C-00A0-0CE5-WA9P-MW8Z-HH71-M4X5-AW0L"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0E-00A0-A0UE-KH1E-XM1M-Z54A-PTET-AM29"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M11-00A0-AMZ3-XW40-WK0L-72LP-MCL7-0LAM"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M13-00A0-98KT-MK5M-LX0Z-KC3E-MPZ5-2035"
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Activation (Blu-ray Disc Authoring Plug-in)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5E31-58A3-9812-X4A8-K477-8K1E-63C2"
Activation (Blu-ray Video Plug-in)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5EE0-XCA7-99A1-2MA8-E72K-1355-96M7"
Activation (Gracenote Plug-in)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5EC0-5K89-1827-54M2-M898-7C49-8EKE"
Activation (Nero 9 HD)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5EA0-AMAA-1804-M5K7-E848-2KCK-C8KK"
Activation (Nero BackItUp 4)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5E11-1X6K-19C9-X853-MM96-C5EM-AC3X"
Activation (Nero MediaHome 4)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5E60-4XM8-9912-ME51-4XK9-K238-A9KC"
Activation (Nero Move it)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5E90-AX74-190X-44M1-K337-470X-68E3"
Active@ KillDisk FREE Suite-->"C:\Program Files\LSoft Technologies\Active KillDisk FREE Suite\UNWISE.EXE" "C:\Program Files\LSoft Technologies\Active KillDisk FREE Suite\INSTALL.LOG"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcGIS Desktop-->MsiExec.exe /I{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}
ArcGIS Tutorial Data-->MsiExec.exe /I{1032F58F-D319-42C1-A25F-2D3C9A26705B}
Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avi2Dvd 0.4.5 beta-->C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bandwidth Monitor-->"C:\Program Files\Rokario\Bandwidth Monitor\unins000.exe"
Blu-ray Disc Authoring Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M13-00A0-94WK-X62E-WL1U-A2EX-UUE5-47AU"
Blu-ray Video Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0E-00A0-7AWW-C65U-KUC0-T21X-H7LC-830T"
Blu-ray/HD DVD Video Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M15-00A0-9EX5-K26H-PA50-6HCK-PUX7-269U"
Call of Duty(R) - World at War(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chromatia Tuner v3.4-->"C:\Program Files\Chromatia Tuner\unins000.exe"
Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
Debugging Tools for Windows-->MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DTS Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M14-00A0-3HHP-TW20-P019-55MZ-XCP2-7869"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DynDNS Updater-->C:\Program Files\DynDNS Updater\Uninstall.exe {2E3C421E-BE8C-4C5C-AC77-E03E902D2468}
Exact Audio Copy 0.99pb4-->C:\Program Files\Exact Audio Copy\uninst.exe
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
Getting to Know ArcGIS Desktop Exercise Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C985915-C155-47FF-A8D3-765452371B58}\setup.exe" -l0x9
GIMP 2.6.3-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
GnuWin32: Gzip-1.3.12-1-->"C:\Program Files\GnuWin32\uninstall\unins000.exe"
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Gracenote Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0C-00A0-05K7-HW76-KLC0-HX9P-LEEC-341Z"
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
GTK+ Runtime 2.12.1 rev b (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2-->"C:\Users\Datz\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Karen's Disk Slack Checker-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Karen's Disk Slack Checker\ST6UNST.LOG"
Lexmark X5100 Series-->C:\Program Files\Lexmark X5100 Series\Install\x86\Uninst.exe
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /X{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Device Emulator version 3.0 - ENU-->MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft DirectX SDK (August 2007)-->MsiExec.exe /I{F0A4913F-46A5-48F2-BC73-EE41A6C81EB3}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Document Explorer 2008-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft FxCop 1.35-->MsiExec.exe /I{846D9AAD-EA7D-4126-9177-F874FD389BE4}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU-->MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools-->MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense-->MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools-->MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools-->MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Microsoft Windows Software Development Kit for Windows Vista Update (6000.16384.10)-->"C:\Program Files\Microsoft SDKs\Windows\v6.0\Setup\SDKSetup.exe" -x "-source:C:\Program Files\Microsoft SDKs\Windows\v6.0\Setup\1033\;C:\Users\Datz\AppData\Local\Temp\SDKSetup\WinSDK\;http://download.microsoft.com/download/c/a/1/ca145d10-e254-475c-85f9-1439f4cd2a9e"
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mp3PRO Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M16-00A0-88CM-H39W-U714-7WT6-M9M6-5K6U"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
Nero 9 HD-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0A-07A0-42EZ-KW30-H71Z-WA8A-WPUE-8C66"
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M03-07A0-7XMC-E62Z-K028-L84P-E8H9-5T76"
Nero BackItUp 4-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M11-00A0-38EE-MW24-M2AE-L12T-XAK7-5246"
Nero InCD-Reader-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M17-00A0-AKM9-K66H-LM17-5LWX-H2C7-9298"
Nero MediaHome 4-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M06-00A0-9LCA-W67U-LX37-P378-P1ME-1T2P"
Nero Move it-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M09-00A0-38HZ-UZ0L-C93K-K11T-TUUC-1Z57"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nmap 4.76-->"C:\Program Files\Nmap\uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Opera 9.62-->MsiExec.exe /X{D9226EB1-C528-48AC-B423-BD9240E1F60B}
PC Wizard 2008.1.87-->"C:\Program Files\PC Wizard 2008\unins000.exe"
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PeerProject 1.0.0.0-->"C:\Program Files\PeerProject\Uninstall\unins000.exe"
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Python 2.4.1-->C:\Python24\\Python24\UNWISE.EXE C:\Python24\\Python24\INSTALL.LOG
Qt SDK 2009.01-->c:\Qt\2009.01\uninst.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
SecurDisc Viewer-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M18-00A0-AMXM-KW18-CM35-58L8-CTE7-4E89"
Shareaza 2.4.0.2-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
ShareazaPlus version 2.2.5.6-->"C:\Program Files\ShareazaPlus\Uninstall\unins000.exe"
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Owner Free File System 0.19.34-->C:\Program Files\OFFSystem\uninst.exe
TortoiseSVN 1.5.5.14361 (32 bit)-->MsiExec.exe /X{49389932-51FA-4D26-8B4F-CE86B24302C2}
Ultra Defragmenter-->"C:\Windows\UltraDefrag\uninstall.exe"
UltraVNC 1.0.5-->"C:\Program Files\UltraVNC\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Visual Studio 2005 Tools for Office Second Edition Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
WinMerge 2.12.0-->"C:\Program Files\WinMerge\unins000.exe"
winpcap-nmap 4.02-->"C:\Program Files\WinPcap\uninstall.exe"

=====HijackThis Backups=====

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2009-04-12]

======Security center information======

AV: McAfee VirusScan Enterprise
AS: Windows Defender

======System event log======

Computer Name: Datz-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 42481
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090412183853.960502-000
Event Type: Error
User:

Computer Name: Datz-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 005056C00008. The following error occurred:
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 42482
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090412183920.000000-000
Event Type: Warning
User:

Computer Name: Datz-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 005056C00001. The following error occurred:
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 42483
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090412183922.000000-000
Event Type: Warning
User:

Computer Name: Datz-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
mfetdik
Record Number: 42557
Source Name: Service Control Manager
Time Written: 20090412184036.000000-000
Event Type: Error
User:

Computer Name: Datz-PC
Event Code: 2510
Message: The server service was unable to map error code 1355.
Record Number: 42578
Source Name: Server
Time Written: 20090412184719.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Datz-PC
Event Code: 258
Message: The file C:\Windows\system32\xbKlmnnn.ini contains Vundo!grb Trojan. The file was successfully deleted.
Record Number: 7544
Source Name: McLogEvent
Time Written: 20090411224931.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Datz-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4f13bb7f-f6df-4042-aa59-78fc7c34b922}
Record Number: 7613
Source Name: VSS
Time Written: 20090412001256.000000-000
Event Type: Error
User:

Computer Name: Datz-PC
Event Code: 258
Message: The file C:\Windows\system32\xbKlmnnn.ini contains Vundo!grb Trojan. The file was successfully deleted.
Record Number: 7615
Source Name: McLogEvent
Time Written: 20090412001321.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Datz-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52d32c92-0b67-4f03-be62-4c555e9f07da}
Record Number: 7713
Source Name: VSS
Time Written: 20090412164153.000000-000
Event Type: Error
User:

Computer Name: Datz-PC
Event Code: 258
Message: The file C:\Windows\system32\xbKlmnnn.ini contains Vundo!grb Trojan. The file was successfully deleted.
Record Number: 7715
Source Name: McLogEvent
Time Written: 20090412164220.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Datz-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14618
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412200712.706102-000
Event Type: Audit Failure
User:

Computer Name: Datz-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14619
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412200712.723102-000
Event Type: Audit Failure
User:

Computer Name: Datz-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14620
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412200712.739102-000
Event Type: Audit Failure
User:

Computer Name: Datz-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14621
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412200712.756102-000
Event Type: Audit Failure
User:

Computer Name: Datz-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14622
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412200712.773102-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Microsoft DirectX SDK (August 2007)\Utilities\Bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\TortoiseSVN\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"DXSDK_DIR"=C:\Program Files\Microsoft DirectX SDK (August 2007)\
"VSEDEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection
"DEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"PYTHONPATH"=C:\Program Files\ArcGIS\bin
"ARCGISHOME"=C:\Program Files\ArcGIS\
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Shareaza 2.4.0.2
ShareazaPlus version 2.2.5.6

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete info.txt from c:\rsit folder.

Please run a new RSiT scan when finished and post the log back here.
 
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top