Becka
Members-
Posts
12 -
Joined
-
Last visited
Reputation
0 Neutral-
MalwareBytes and HiJackThis both will run then dissappear.
Becka replied to Becka's topic in Resolved Malware Removal Logs
info log info.txt logfile of random's system information tool 1.06 2009-11-10 12:23:24 ======Uninstall list====== -->"C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W -->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA} -->MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044} -->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD} -->MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF} -->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} -->MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE} -->MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001} Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Allstate Home Inventory 3.08-->C:\Program Files\Allstate\HomeInventory\uninst.exe Andrea VoiceCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}\Setup.exe" -Remove AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} AutoCAD 2006 - English-->MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA} Autodesk 3ds Max 9 32-bit-->MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4} Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} Autodesk Revit Building 8.1-->MsiExec.exe /X{7EBC0489-5E47-498D-BE31-B094484612E9} Autodesk VIZ 2008-->MsiExec.exe /I{F507369D-9E7B-4980-A0B6-4270E49EB1C8} Azureus-->C:\Program Files\Azureus\Uninstall.exe Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379} Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5} Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5662C158-CA24-4228-BF6C-596FADA08682} /l1033 Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7B847C9D-6758-45E6-B598-3BD8F43EAE9E} Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A70D14C6-FF2C-4B8E-A643-7E74EC607614} Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E73534D5-CC93-4C63-9072-5A9734255C74} Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEB416DB-4FA9-42B6-84D3-1E0081300C9E} Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED} Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA} Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2} ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118} CEP - Color Enable Package-->"C:\WINDOWS\unins000.exe" Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09} Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\Setup.exe" -l0x9 /remove Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC} DellConnect-->MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF} Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD to Zune Converter 4-->C:\Program Files\ImTOO\DVD to Zune Converter 4\Uninstall.exe ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7} ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe FBX Plugin 2006.08 for Max 9.0-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe FBX Plugin 2006.11.1 for Viz 2008-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.11.1\Viz2008\Uninstall.exe Free Audio Converter 3.1.0.0-->"C:\Program Files\SoftwarePile\Free Audio Converter\unins000.exe" Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5} Google SketchUp Pro 7-->MsiExec.exe /I{48E15C9C-E25C-40AD-A46B-AB270729B9B9} High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate" LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206} LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe" Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft User-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWudf01009$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe" Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9} Microsoft Works Suite 2006 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP E:\ Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel Norton AntiVirus (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_0_0_58\Setup.exe" /X Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2} Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC} Paint Shop Pro 7 ESD-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A} Podium-->"C:\Program Files\Google\Google SketchUp 7\Plugins\Podium\unins000.exe" PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA} QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4 QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA} Roxio Media Manager-->MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1} Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC} Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly SketchUp 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B357C4B4-9024-4B64-9B3F-A6729031C3DD}\setup.exe" -l0x9 Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Sound Blaster ADVANCED MB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove Sound Blaster Audigy ADVANCED MB Product Registration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9 /remove Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} SU Animate version 2.0.2-->"C:\Program Files\Google\Google SketchUp 7\Plugins\SU Animate\uninst\unins000.exe" Superman Returns Screen Saver-->C:\WINDOWS\system32\Superman Returns.scr /u Symantec Technical Support Web Controls-->MsiExec.exe /X{A0E27BA8-353A-4288-AB60-5DE8EDA18E16} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall The Sims 2 HomeCrafter Plus-->C:\Program Files\EA GAMES\The Sims 2 HomeCrafter Plus\EAUninstall.exe The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe" Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Vault 2008 Plug-In for Autodesk VIZ 2008-->MsiExec.exe /I{DD320C31-E277-4920-AD5C-B767A6D4EF1F} Vault 5 Plug-In for Autodesk VIZ 2008-->MsiExec.exe /I{1722ED36-4F55-417b-825D-02B0159230DC} WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4" Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89} Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe" Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF} Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3} Zune Video Converter 3-->C:\Program Files\ImTOO\Zune Video Converter 3\Uninstall.exe Zune-->c:\Program Files\Zune\ZuneSetup.exe /x Zune-->MsiExec.exe /X{888FFC82-688D-46AB-A776-B417885432B6} ======System event log====== Computer Name: LAPTOP Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 100627 Source Name: Tcpip Time Written: 20091013105606.000000-300 Event Type: warning User: Computer Name: LAPTOP Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 100626 Source Name: Tcpip Time Written: 20091013100115.000000-300 Event Type: warning User: Computer Name: LAPTOP Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 100625 Source Name: Tcpip Time Written: 20091013093356.000000-300 Event Type: warning User: Computer Name: LAPTOP Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 100619 Source Name: Tcpip Time Written: 20091013092014.000000-300 Event Type: warning User: Computer Name: LAPTOP Event Code: 7000 Message: The Application Layer Gateway Service service failed to start due to the following error: The system cannot find the file specified. Record Number: 100614 Source Name: Service Control Manager Time Written: 20091013091745.000000-300 Event Type: error User: =====Application event log===== Computer Name: LAPTOP Event Code: 14001 Message: brownie was not updated successfully from 03.20.00035.00-00435 to (null) ((null)). Record Number: 22003 Source Name: Zune Time Written: 20091012153127.000000-300 Event Type: error User: Computer Name: LAPTOP Event Code: 2 Message: Record Number: 21981 Source Name: RaySat_3dsmax9_32 Server Time Written: 20091012112408.000000-300 Event Type: error User: Computer Name: LAPTOP Event Code: 2 Message: Record Number: 21951 Source Name: RaySat_3dsmax9_32 Server Time Written: 20091012103629.000000-300 Event Type: error User: Computer Name: LAPTOP Event Code: 1002 Message: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 21915 Source Name: Application Hang Time Written: 20091011202730.000000-300 Event Type: error User: Computer Name: LAPTOP Event Code: 1002 Message: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 21913 Source Name: Application Hang Time Written: 20091011201829.000000-300 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Autodesk\Backburner;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0e08 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ -----------------EOF----------------- log log Logfile of random's system information tool 1.06 (written by random/random) Run by Laptop User at 2009-11-10 12:22:45 Microsoft Windows XP Professional Service Pack 3 System drive C: has 10 GB (21%) free of 50 GB Total RAM: 1022 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:23:19 PM, on 11/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\DOCUME~1\LAPTOP~1\LOCALS~1\Temp\clclean.0001 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Laptop User\Desktop\RSIT.exe C:\Program Files\trend micro\Laptop User.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: mental ray 3.5 Satellite for Autodesk VIZ 2008 (mi-raysat_VIZ2008_32) - Unknown owner - C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8912 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Laptop User.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-01-31 116088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NVHotkey"=nvHotkey.dll,Start [] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182] "MBMon"=Rundll32 CTMBHA.DLL,MBMon [] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048] "osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2007-08-24 714608] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-28 8429568] "nwiz"=nwiz.exe /installquiet [] "Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2009-09-04 158448] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] c:\dell\E-Center\gtb.exe [2006-02-22 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-11 218032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-07-12 1117184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2007-04-28 8429568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2007-04-28 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Antispyware 2010] C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe /hide [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pp] C:\windows\pp10.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI] C:\WINDOWS\MIDIDef.exe [2004-12-22 24576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe [2006-01-02 1126400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xpprotect] C:\Documents and Settings\Laptop User\XP Deluxe Protector\xpdeluxe.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe [2009-09-04 158448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2005-03-05 10872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] C:\PROGRA~1\Toshiba\BLUETO~1\TOSBTM~1.EXE [2005-06-16 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MI1933~1\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Laptop User^Start Menu^Programs^Startup^BitTorrent.lnk] C:\PROGRA~1\BITTOR~1\BITTOR~1.EXE [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-05-23 402736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor" "C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager" "C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server" "C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9681ff58-caf5-11de-b3de-00188bc6e843}] shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a35dfa21-bd97-11de-b3b9-00188bc6e843}] shell\AutoRun\command - D:\LaunchU3.exe -a ======File associations====== .scr - open - "C:\WINDOWS\system32\notepad.exe" "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-11-10 12:22:45 ----D---- C:\rsit 2009-11-10 12:22:45 ----D---- C:\Program Files\trend micro 2009-11-05 16:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$ 2009-11-04 16:15:23 ----D---- C:\Program Files\ESET 2009-11-04 15:12:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-04 15:10:38 ----D---- C:\WINDOWS\temp 2009-11-04 15:10:36 ----A---- C:\ComboFix.txt 2009-11-04 14:55:51 ----D---- C:\Combo-Fix25840C 2009-11-04 14:33:17 ----A---- C:\WINDOWS\system32\proquota.exe 2009-11-04 14:26:50 ----A---- C:\Boot.bak 2009-11-04 14:26:45 ----RASHD---- C:\cmdcons 2009-11-04 14:22:44 ----A---- C:\WINDOWS\zip.exe 2009-11-04 14:22:44 ----A---- C:\WINDOWS\SWREG.exe 2009-11-04 14:22:44 ----A---- C:\WINDOWS\PEV.exe 2009-11-04 14:22:44 ----A---- C:\WINDOWS\MBR.exe 2009-11-04 14:22:43 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-11-04 14:22:43 ----A---- C:\WINDOWS\SWSC.exe 2009-11-04 14:22:43 ----A---- C:\WINDOWS\sed.exe 2009-11-04 14:22:43 ----A---- C:\WINDOWS\grep.exe 2009-11-04 14:20:50 ----D---- C:\Combo-Fix 2009-10-28 14:53:32 ----D---- C:\Avenger 2009-10-28 14:53:31 ----A---- C:\avenger.txt 2009-10-27 12:34:26 ----D---- C:\Documents and Settings\Laptop User\Application Data\InstallShield 2009-10-22 16:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$ 2009-10-15 10:50:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2009-10-15 10:49:52 ----A---- C:\WINDOWS\system32\MRT.INI 2009-10-15 10:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2009-10-15 10:46:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2009-10-15 10:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2009-10-15 10:45:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2009-10-15 10:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2009-10-15 10:42:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ 2009-10-15 10:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$ 2009-10-15 10:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$ 2009-10-15 10:41:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ ======List of files/folders modified in the last 1 months====== 2009-11-10 12:23:15 ----D---- C:\Documents and Settings\Laptop User\Application Data\Azureus 2009-11-10 12:22:51 ----D---- C:\WINDOWS\Prefetch 2009-11-10 12:22:45 ----D---- C:\Program Files 2009-11-10 12:21:16 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-10 12:01:16 ----D---- C:\WINDOWS\system32 2009-11-10 12:01:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-11-09 23:16:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-06 19:01:01 ----HD---- C:\WINDOWS\inf 2009-11-05 18:12:19 ----D---- C:\WINDOWS 2009-11-05 16:50:30 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-11-05 16:50:21 ----D---- C:\WINDOWS\system32\CatRoot 2009-11-05 11:34:53 ----HD---- C:\WINDOWS\$hf_mig$ 2009-11-04 16:15:26 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-11-04 15:12:50 ----D---- C:\WINDOWS\system32\drivers 2009-11-04 15:10:01 ----D---- C:\qoobox 2009-11-04 15:04:43 ----A---- C:\WINDOWS\system.ini 2009-11-04 15:01:33 ----D---- C:\WINDOWS\system32\config 2009-11-04 15:01:13 ----D---- C:\WINDOWS\erdnt 2009-11-04 15:00:40 ----D---- C:\Program Files\Common Files 2009-11-04 14:59:21 ----D---- C:\WINDOWS\AppPatch 2009-11-04 14:33:41 ----HD---- C:\WINDOWS\PIF 2009-11-04 14:33:41 ----D---- C:\WINDOWS\SxsCaPendDel 2009-11-04 14:33:40 ----SHD---- C:\WINDOWS\ftpcache 2009-11-04 14:33:40 ----HD---- C:\WINDOWS\msdownld.tmp 2009-11-04 14:33:40 ----D---- C:\WINDOWS\occache 2009-11-04 14:33:40 ----D---- C:\WINDOWS\Connection Wizard 2009-11-04 14:33:40 ----D---- C:\WINDOWS\Config 2009-11-04 14:33:40 ----D---- C:\WINDOWS\APW_DATA 2009-11-04 14:33:40 ----D---- C:\WINDOWS\addins 2009-11-04 14:26:50 ----RASH---- C:\boot.ini 2009-11-04 14:18:16 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-10-28 23:11:05 ----SHD---- C:\WINDOWS\CSC 2009-10-28 23:05:54 ----A---- C:\WINDOWS\ntbtlog.txt 2009-10-27 13:25:08 ----A---- C:\WINDOWS\win.ini 2009-10-27 12:22:14 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec 2009-10-26 12:48:59 ----SHD---- C:\System Volume Information 2009-10-26 12:48:59 ----D---- C:\WINDOWS\system32\Restore 2009-10-22 16:01:21 ----A---- C:\WINDOWS\imsins.BAK 2009-10-19 17:53:44 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-10-19 10:11:54 ----D---- C:\Program Files\Azureus 2009-10-15 14:54:31 ----D---- C:\Config.Msi 2009-10-15 11:18:50 ----D---- C:\WINDOWS\Microsoft.NET 2009-10-15 11:18:43 ----RSD---- C:\WINDOWS\assembly 2009-10-15 10:53:43 ----SHD---- C:\WINDOWS\Installer 2009-10-15 10:52:28 ----D---- C:\WINDOWS\WinSxS 2009-10-15 10:49:52 ----D---- C:\WINDOWS\system32\wbem 2009-10-12 11:18:01 ----HD---- C:\Documents and Settings\Laptop User\Application Data\Move Networks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153] R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088] R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-02-19 184496] R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-08-03 21275] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603] R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2009-09-01 40832] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752] R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-11-30 936960] R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-11-30 192512] R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-03 1389056] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080929.037\NAVENG.SYS [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080929.037\NAVEX15.SYS [] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-28 6727136] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496] R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544] R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328] R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648] R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2009-02-19 13616] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2009-02-19 96560] R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2009-02-19 38576] R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20080926.001\SymIDSCo.sys [] R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280] R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2009-02-19 37424] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872] R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-21 47104] R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-01-20 108928] R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480] R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-01-11 62848] R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-09 39936] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-11-30 669696] S3 catchme;catchme; \??\C:\Combo-Fix25840C\catchme.sys [] S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys [] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-02-26 51056] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-02-26 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-02-26 21488] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [] S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888] S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616] S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280] S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712] S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-05 18612] S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-05 50048] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-05-10 79360] R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-23 243064] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-05-24 69632] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753] R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008; C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe [2007-03-07 65536] R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-28 163908] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745] R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2009-09-04 58592] R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-01-31 1251720] S2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536] S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744] S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2009-09-04 5893360] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2009-09-04 447216] S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Thats it...thanks for the help...anything else i need to do? -
MalwareBytes and HiJackThis both will run then dissappear.
Becka replied to Becka's topic in Resolved Malware Removal Logs
here is what the latest scan found C:\qoobox\Quarantine\[4]-Submit_2009-11-04_14.56.46.zip multiple threats deleted - quarantined C:\qoobox\Quarantine\C\chhite.exe.vir a variant of Win32/Kryptik.AXM trojan cleaned by deleting - quarantined C:\qoobox\Quarantine\C\dsiqvib.exe.vir a variant of Win32/Kryptik.AWP trojan cleaned by deleting - quarantined C:\qoobox\Quarantine\C\ldvx.exe.vir a variant of Win32/Kryptik.AMH trojan cleaned by deleting - quarantined C:\qoobox\Quarantine\C\rhjdpc.exe.vir probably a variant of Win32/TrojanDownloader.Small trojan cleaned by deleting - quarantined C:\qoobox\Quarantine\C\Documents and Settings\Laptop User\Application Data\lizkavd.exe.vir a variant of Win32/Kryptik.AYI trojan cleaned by deleting - quarantined C:\qoobox\Quarantine\C\Documents and Settings\Laptop User\Application Data\seres.exe.vir a variant of Win32/Kryptik.AYI trojan cleaned by deleting - quarantined C:\qoobox\Quarantine\C\Documents and Settings\Laptop User\Application Data\svcst.exe.vir a variant of Win32/Kryptik.AYI trojan cleaned by deleting - quarantined C:\qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Win32/Agent.QFO trojan cleaned by deleting - quarantined C:\qoobox\Quarantine\C\WINDOWS\system32\rcvwuwoc.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\qoobox\Quarantine\C\WINDOWS\system32\ststv.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\qoobox\Quarantine\C\WINDOWS\system32\ststv.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\qoobox\Quarantine\C\WINDOWS\system32\ststv.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\qoobox\Quarantine\C\WINDOWS\system32\ststv.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\qoobox\Quarantine\C\WINDOWS\system32\ststv.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir a variant of Win32/Kryptik.AYI trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0005214.exe a variant of Win32/Kryptik.AXM trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0005216.exe a variant of Win32/Kryptik.AYI trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0005217.exe a variant of Win32/Kryptik.AYI trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0005218.exe a variant of Win32/Kryptik.AYI trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0005220.exe a variant of Win32/Kryptik.AWP trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0005222.exe a variant of Win32/Kryptik.AMH trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0005225.exe probably a variant of Win32/TrojanDownloader.Small trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0005227.exe a variant of Win32/Kryptik.AYI trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0005236.dll Win32/Agent.QFO trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0005359.exe a variant of Win32/Kryptik.AYI trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0005366.exe a variant of Win32/Kryptik.AVJ trojan cleaned by deleting - quarantined -
MalwareBytes and HiJackThis both will run then dissappear.
Becka replied to Becka's topic in Resolved Malware Removal Logs
Malwarebytes' Anti-Malware 1.41 Database version: 3101 Windows 5.1.2600 Service Pack 3 11/4/2009 3:21:27 PM mbam-log-2009-11-04 (15-21-27).txt Scan type: Quick Scan Objects scanned: 118439 Time elapsed: 6 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\ileede.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\0535251103110107106.uio (Worm.KoobFace) -> Quarantined and deleted successfully. -
MalwareBytes and HiJackThis both will run then dissappear.
Becka replied to Becka's topic in Resolved Malware Removal Logs
Combo fix log ComboFix 09-11-04.02 - Laptop User 11/04/2009 14:56.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.613 [GMT -6:00] Running from: c:\documents and settings\Laptop User\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Laptop User\Desktop\CFScript.txt FILE :: "C:\buxuhto.exe" "c:\documents and settings\Laptop User\Application Data\fevicy.pif" "C:\jyacth.exe" "c:\program files\Common Files\dyqavebaw.com" "c:\program files\Common Files\hucihe.pif" "C:\vyiy.exe" "C:\wggam.exe" "c:\windows\ifajesygel.com" "c:\windows\mili.com" "c:\windows\system32\E38DA271F9.sys" "c:\windows\system32\strmdll.dll" "c:\windows\win32k.sys" "c:\windows\wobu.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\buxuhto.exe c:\docume~1\LAPTOP~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp c:\documents and settings\Laptop User\Application Data\fevicy.pif c:\documents and settings\Laptop User\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp C:\jyacth.exe c:\program files\ACW c:\program files\ACW\ActiveContentWizard.dll c:\program files\ACW\ACW.exe c:\program files\ACW\ACWExt.xml c:\program files\ACW\AcwPSSExtn.dll c:\program files\ACW\ACWRuntimesCab c:\program files\Common Files\dyqavebaw.com c:\program files\Common Files\hucihe.pif C:\vyiy.exe C:\wggam.exe c:\windows\ifajesygel.com c:\windows\mili.com c:\windows\system32\E38DA271F9.sys c:\windows\win32k.sys c:\windows\wobu.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SFX -------\Legacy_SFXDRV -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 ))))))))))))))))))))))))))))))) . 2009-11-04 20:33 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-11-04 20:20 . 2009-11-04 20:43 -------- d-----w- C:\Combo-Fix 2009-10-29 05:05 . 2009-10-29 05:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Creative 2009-10-29 05:03 . 2009-10-29 05:07 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-27 18:34 . 2009-10-27 18:34 -------- d-----w- c:\documents and settings\Laptop User\Application Data\InstallShield 2009-10-26 18:22 . 2009-10-26 18:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-12 17:18 . 2009-10-12 17:18 126970 ----a-w- c:\documents and settings\Laptop User\Application Data\Move Networks\uninstall.exe 2009-10-08 18:05 . 2009-10-08 18:06 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2009-10-08 18:05 . 2009-10-09 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2098-01-01 06:00 . 2007-12-21 02:03 9096 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll 2098-01-01 06:00 . 2007-08-22 21:45 9048 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll 2009-11-04 20:55 . 2007-01-04 22:58 -------- d-----w- c:\documents and settings\Laptop User\Application Data\Azureus 2009-11-04 20:18 . 2006-05-25 03:30 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-11-03 18:33 . 2006-06-02 14:48 32194 ----a-w- c:\documents and settings\Laptop User\Application Data\wklnhst.dat 2009-10-27 18:22 . 2006-05-25 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-19 16:11 . 2007-01-04 22:55 -------- d-----w- c:\program files\Azureus 2009-10-12 17:18 . 2007-03-25 22:42 -------- d--h--w- c:\documents and settings\Laptop User\Application Data\Move Networks 2009-10-12 17:18 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Laptop User\Application Data\Move Networks\plugins\npqmp071505000010.dll 2009-09-30 19:58 . 2007-08-25 05:07 9576 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL 2009-09-30 03:14 . 2009-09-30 03:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf 2009-09-30 03:14 . 2009-09-30 03:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf 2009-09-30 03:14 . 2009-09-30 03:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf 2009-09-25 05:37 . 2005-08-16 09:18 667136 ------w- c:\windows\system32\wininet.dll 2009-09-25 05:37 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-21 15:31 . 2009-09-21 15:31 59392 ----a-w- C:\ileede.exe 2009-09-20 17:56 . 2009-09-20 17:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf 2009-09-20 17:56 . 2009-09-20 17:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2009-09-20 17:55 . 2007-11-20 03:04 -------- d-----w- c:\program files\Zune 2009-09-11 14:18 . 2005-08-16 09:18 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 18:17 . 2009-09-04 18:17 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe 2009-09-04 18:16 . 2009-09-04 18:16 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe 2009-09-02 05:29 . 2009-09-02 05:29 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll 2009-09-02 05:29 . 2009-09-02 05:29 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll 2009-09-02 05:29 . 2009-09-02 05:29 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll 2009-09-02 05:29 . 2009-09-02 05:29 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll 2009-09-02 05:29 . 2009-09-02 05:29 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll 2009-09-02 05:29 . 2009-09-02 05:29 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll 2009-09-02 05:28 . 2009-09-02 05:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys 2009-08-26 08:00 . 2005-08-16 09:19 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-23 23:23 . 2006-05-31 23:51 112584 ----a-w- c:\documents and settings\Laptop User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-18 05:39 . 2006-05-25 03:01 13307 ----a-w- c:\windows\system32\nvModes.dat 2009-08-17 17:37 . 2009-08-17 17:37 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll 2009-08-17 17:37 . 2009-08-17 17:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2009-08-07 00:24 . 2005-08-16 09:40 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2005-08-16 09:40 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2005-08-16 09:40 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2005-08-16 09:40 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2005-08-16 09:18 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2005-08-16 09:40 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2005-08-16 09:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2006-06-02 02:15 . 2006-06-02 02:12 4182 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-11-04_20.37.14 ))))))))))))))))))))))))))))))))))))))))) . + 2005-08-16 09:18 . 2009-11-04 20:40 72134 c:\windows\system32\perfc009.dat - 2005-08-16 09:18 . 2009-11-04 20:26 72134 c:\windows\system32\perfc009.dat + 2005-08-16 09:18 . 2009-11-04 20:40 443034 c:\windows\system32\perfh009.dat - 2005-08-16 09:18 . 2009-11-04 20:26 443034 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-04-29 67584] "MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-03-03 1355938] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-29 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Laptop User^Start Menu^Programs^Startup^BitTorrent.lnk] path=c:\documents and settings\Laptop User\Start Menu\Programs\Startup\BitTorrent.lnk backup=c:\windows\pss\BitTorrent.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/24/2007 11:07 PM 149352] R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;c:\program files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe [3/7/2007 2:32 PM 65536] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [9/30/2008 6:46 AM 99376] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 2:55 PM 23888] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Laptop User.job - c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ mStart Page = hxxp://www.google.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-04 15:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(924) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\ZuneBusEnum.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\Rundll32.exe c:\docume~1\LAPTOP~1\LOCALS~1\Temp\clclean.0001 c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2009-11-04 15:10 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-04 21:10 ComboFix2.txt 2009-11-04 20:43 ComboFix3.txt 2007-09-29 03:13 Pre-Run: 11,418,529,792 bytes free Post-Run: 11,373,281,280 bytes free -
MalwareBytes and HiJackThis both will run then dissappear.
Becka replied to Becka's topic in Resolved Malware Removal Logs
finally i got something to run. here is the log: ComboFix 09-11-04.02 - Laptop User 11/04/2009 14:28.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.704 [GMT -6:00] Running from: c:\documents and settings\Laptop User\Desktop\Combo-Fix.exe . /wow section - STAGE 32A '\)' is not recognized as an internal or external command ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\chhite.exe c:\documents and settings\All Users\Application Data\pudohuvumi.vbs c:\documents and settings\Laptop User\Application Data\lizkavd.exe c:\documents and settings\Laptop User\Application Data\seres.exe c:\documents and settings\Laptop User\Application Data\svcst.exe c:\documents and settings\Laptop User\Application Data\xiragi.vbs c:\documents and settings\Laptop User\Local Settings\Temporary Internet Files\jelosa.db C:\dsiqvib.exe C:\dtacmawh.exe C:\ldvx.exe C:\mdnsq.exe c:\program files\Common Files\ixaxifo.vbs c:\program files\sFX C:\rhjdpc.exe c:\windows\kb913800.exe c:\windows\system32\~.exe c:\windows\system32\Data c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\mulipiza.dll c:\windows\system32\ogokuqisym.vbs c:\windows\system32\pafytu.bat c:\windows\system32\rokewezi.dll c:\windows\system32\sdra64.exe c:\windows\system32\zoyageze.dll c:\windows\th823567.dat Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SFX -------\Legacy_SFXDRV -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 ))))))))))))))))))))))))))))))) . 2009-11-04 20:33 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-10-29 05:05 . 2009-10-29 05:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Creative 2009-10-29 05:03 . 2009-10-29 05:07 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-28 20:59 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-28 20:59 . 2009-10-28 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-28 20:59 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-27 18:34 . 2009-10-27 18:34 -------- d-----w- c:\documents and settings\Laptop User\Application Data\InstallShield 2009-10-27 18:19 . 2009-10-27 18:22 -------- d-----w- c:\program files\Mal Anti 2009-10-26 18:22 . 2009-10-26 18:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-26 17:01 . 2009-11-04 18:24 0 ----a-r- c:\windows\win32k.sys 2009-10-26 16:59 . 2009-10-26 16:59 96256 ----a-w- C:\buxuhto.exe 2009-10-23 16:32 . 2009-10-26 16:59 79360 ----a-w- C:\vyiy.exe 2009-10-23 16:32 . 2009-10-26 16:59 7168 ----a-w- C:\jyacth.exe 2009-10-23 16:31 . 2009-10-23 16:31 22016 ----a-w- C:\wggam.exe 2009-10-12 18:00 . 2009-10-12 18:01 -------- d-----w- c:\program files\ACW 2009-10-12 17:18 . 2009-10-12 17:18 126970 ----a-w- c:\documents and settings\Laptop User\Application Data\Move Networks\uninstall.exe 2009-10-08 18:05 . 2009-10-08 18:06 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2009-10-08 18:05 . 2009-10-09 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2098-01-01 06:00 . 2007-12-21 02:03 9096 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll 2098-01-01 06:00 . 2007-08-22 21:45 9048 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll 2009-11-04 20:20 . 2007-01-04 22:58 -------- d-----w- c:\documents and settings\Laptop User\Application Data\Azureus 2009-11-04 20:18 . 2006-05-25 03:30 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-11-03 18:33 . 2006-06-02 14:48 32194 ----a-w- c:\documents and settings\Laptop User\Application Data\wklnhst.dat 2009-10-27 18:22 . 2006-05-25 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-19 16:11 . 2007-01-04 22:55 -------- d-----w- c:\program files\Azureus 2009-10-12 17:18 . 2007-03-25 22:42 -------- d--h--w- c:\documents and settings\Laptop User\Application Data\Move Networks 2009-10-12 17:18 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Laptop User\Application Data\Move Networks\plugins\npqmp071505000010.dll 2009-09-30 19:58 . 2007-08-25 05:07 9576 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL 2009-09-30 03:14 . 2009-09-30 03:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf 2009-09-30 03:14 . 2009-09-30 03:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf 2009-09-30 03:14 . 2009-09-30 03:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf 2009-09-25 05:37 . 2005-08-16 09:18 667136 ----a-w- c:\windows\system32\wininet.dll 2009-09-25 05:37 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-21 15:31 . 2009-09-21 15:31 59392 ----a-w- C:\ileede.exe 2009-09-20 17:56 . 2009-09-20 17:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf 2009-09-20 17:56 . 2009-09-20 17:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2009-09-20 17:55 . 2007-11-20 03:04 -------- d-----w- c:\program files\Zune 2009-09-11 14:18 . 2005-08-16 09:18 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 18:17 . 2009-09-04 18:17 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe 2009-09-04 18:16 . 2009-09-04 18:16 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe 2009-09-02 05:29 . 2009-09-02 05:29 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll 2009-09-02 05:29 . 2009-09-02 05:29 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll 2009-09-02 05:29 . 2009-09-02 05:29 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll 2009-09-02 05:29 . 2009-09-02 05:29 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll 2009-09-02 05:29 . 2009-09-02 05:29 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll 2009-09-02 05:29 . 2009-09-02 05:29 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll 2009-09-02 05:28 . 2009-09-02 05:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys 2009-08-26 08:00 . 2005-08-16 09:19 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-23 23:23 . 2006-05-31 23:51 112584 ----a-w- c:\documents and settings\Laptop User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-21 18:58 . 2009-08-21 18:58 19144 ----a-w- c:\windows\mili.com 2009-08-21 18:58 . 2009-08-21 18:58 18741 ----a-w- c:\documents and settings\Laptop User\Application Data\fevicy.pif 2009-08-21 18:58 . 2009-08-21 18:58 18741 ----a-w- c:\documents and settings\Laptop User\Application Data\fevicy.pif 2009-08-21 18:58 . 2009-08-21 18:58 16002 ----a-w- c:\windows\ifajesygel.com 2009-08-21 18:58 . 2009-08-21 18:58 15016 ----a-w- c:\program files\Common Files\hucihe.pif 2009-08-21 18:58 . 2009-08-21 18:58 14636 ----a-w- c:\windows\wobu.dat 2009-08-21 18:58 . 2009-08-21 18:58 11090 ----a-w- c:\program files\Common Files\dyqavebaw.com 2009-08-18 05:39 . 2006-05-25 03:01 13307 ----a-w- c:\windows\system32\nvModes.dat 2009-08-17 17:37 . 2009-08-17 17:37 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll 2009-08-17 17:37 . 2009-08-17 17:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2009-08-07 00:24 . 2005-08-16 09:40 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2005-08-16 09:40 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2005-08-16 09:40 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2005-08-16 09:40 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2005-08-16 09:18 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2005-08-16 09:40 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2005-08-16 09:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2006-06-02 02:15 . 2006-06-02 02:15 56 --sh--r- c:\windows\system32\E38DA271F9.sys 2006-06-02 02:15 . 2006-06-02 02:12 4182 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448] "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-04-29 67584] "MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-03-03 1355938] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-29 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Laptop User^Start Menu^Programs^Startup^BitTorrent.lnk] path=c:\documents and settings\Laptop User\Start Menu\Programs\Startup\BitTorrent.lnk backup=c:\windows\pss\BitTorrent.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/24/2007 11:07 PM 149352] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [9/30/2008 6:46 AM 99376] S2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;c:\program files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe [3/7/2007 2:32 PM 65536] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 2:55 PM 23888] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Laptop User.job - c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ mStart Page = hxxp://www.google.com . - - - - ORPHANS REMOVED - - - - SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-HijackThis - c:\documents and settings\Laptop User\My Documents\Scans\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-04 14:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2644) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\ZuneBusEnum.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\Rundll32.exe c:\docume~1\LAPTOP~1\LOCALS~1\Temp\clclean.0001 c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2009-11-04 14:43 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-04 20:43 ComboFix2.txt 2007-09-29 03:13 Pre-Run: 4,802,682,880 bytes free Post-Run: 11,400,556,544 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect -
MalwareBytes and HiJackThis both will run then dissappear.
Becka replied to Becka's topic in Resolved Malware Removal Logs
It does not let me get past the accept terms page. It loads with errors on the page which is what my internet does often since ive gotten this virus. -
MalwareBytes and HiJackThis both will run then dissappear.
Becka replied to Becka's topic in Resolved Malware Removal Logs
It did not work! Please help me out here... -
MalwareBytes and HiJackThis both will run then dissappear.
Becka replied to Becka's topic in Resolved Malware Removal Logs
Now when I try to run malwarebytes i get Error Code 732 (0, 0) and it runs for 3 seconds then disappears! -
MalwareBytes and HiJackThis both will run then dissappear.
Becka replied to Becka's topic in Resolved Malware Removal Logs
Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "c:\scecli.dll" not found! File move operation "c:\scecli.dll|C:\WINDOWS\system32\scecli.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. -
MalwareBytes and HiJackThis both will run then dissappear.
Becka replied to Becka's topic in Resolved Malware Removal Logs
When i clicked okay, i got an error The NTVDM CPU has encountered an illegal construction