Jump to content

Malwarebytes will not open, unknown virus/reasons still here


Recommended Posts

I had (have?) avcare and antivirus pro 09 really mess up my system. I cannot get Malwarebytes to work. I had it installed but wasn't using it when I got the viruses. I was running Avira. It didn't stop the 2 from downloading. I manually went through and deleted everything having to do with the malware but I could not get my browsers to work. I have someone on the avira forum helping with things to try and get online but between that and online searches, everything points back to running malwarebytes. It wouild not open so I had un-installed it and then installed it again. I have tried renaming the .exe file and tried running in safe mode and using admin but nothing will work to let me run it.

It will show up under task manager when I right click-run as-current user but nothing happens. I have tried using the command prompt mbam.exe/quickscan and it gives an error saying windows cannot find.... If I type mbam.exe it just does nothing.

I still have a problem of every item in the services.msc list is set to disable. Everytime I restart the computer it changes everything back to disable after I had changed them all to automatic.

I tried reading through to see if I had total-security or av360 but I don't see anything like that. I searched my system for the rootkit infection list and found nothing. I have used ccleaner (saved a backup before changing files) lspfix, stinger, spybot search and destroy, and a .exe patch but I still cannot get malwarebytes to work.

I do have a HJT log I will include. I have deleted/fixed these 9 items from the log before the current scan:

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: 91.212.127.220 intsecure.microsoft.com

O1 - Hosts: 91.212.127.220 intsecure-2009.com

O1 - Hosts: 91.212.127.220 www.intsecure-2009.com

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: BHO - {F64619FF-E19F-4016-BF9C-147CFF821B46} - C:\WINDOWS\system32\iehelper.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKUS\S-1-5-20\..\Run: [momowuhewu] Rundll32.exe "C:\WINDOWS\system32\puluduso.dll",s (User '?')

O4 - HKUS\S-1-5-19\..\Run: [momowuhewu] Rundll32.exe "C:\WINDOWS\system32\puluduso.dll",s (User '?')

Current log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:08:00 Afternoon, on 8/22/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Documents and Settings\mike lawrence\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-2946633094-119962529-606497535-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {41293422-93FD-443C-B848-E07EDBF866C3} (CMediaPlayerCtrl Object) - http://216.159.150.36/BWT/sources/AXClient.cab

O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161556317663

O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab

O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

--

End of file - 5895 bytes

What else can I do to get malwarebytes to run? I can't us the windows cd to install items because I get the same effect trying to open programs from cd. I can open and run items from the usb drive/jumpstick. (seems odd that one method works and the other doesn't)

I am lost as to what to do next.

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only,

the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Failure to reply within 5 days will result in the topic being closed.
  5. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

Let's see if we can get some more info so we know what we are dealing with.

Download and Run RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.

    [*]Please post the contents of both log.txt and info.txt.

    ( They can also be found in the C:\RSIT folder )

SysProt Antirootkit

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Link to post
Share on other sites

Hello Katana,

Here is the reports in the order you told me to do;

Logfile of random's system information tool 1.06 (written by random/random)

Run by mike lawrence at 2009-08-25 15:53:29

WIN_XP Service Pack 3

System drive C: has 139 GB (79%) free of 176 GB

Total RAM: 2038 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:53:34 Afternoon, on 8/25/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Documents and Settings\mike lawrence\Desktop\RSIT.exe

C:\Documents and Settings\mike lawrence\Desktop\mike lawrence.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-2946633094-119962529-606497535-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {41293422-93FD-443C-B848-E07EDBF866C3} (CMediaPlayerCtrl Object) - http://216.159.150.36/BWT/sources/AXClient.cab

O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161556317663

O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab

O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

--

End of file - 6071 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D5BMBNB1-mike lawrence).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-07-26 94208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-12 249856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-04-29 188728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-12-13 58992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [2006-02-09 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-09-15 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

C:\Program Files\Dell Support\DSAgnt.exe [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX600]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE [2003-09-09 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-08-22 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-12 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-12 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]

Rundll32 CTMBHA.DLL,MBMon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\McAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2006-01-18 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]

C:\Program Files\Norton Ghost\Agent\GhostTray.exe [2005-12-07 1537696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

C:\Program Files\McAfee.com\VSO\oasclnt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poolsv]

C:\WINDOWS\poolsv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]

C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe [2004-11-11 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2006-08-22 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

C:\Program Files\Real\RealPlayer\RealPlay.exe [2007-07-20 214448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

C:\WINDOWS\MIDIDef.exe [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]

C:\Program Files\ddmdin\vmkrsysguard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-07-20 185784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

C:\Program Files\McAfee.com\VSO\mcvsshld.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

C:\Program Files\Creative\VoiceCenter\AndreaVC.exe [2005-09-19 1159168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe /checktask []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-07-30 217195]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2004-09-01 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"RDSessMgr"=2

"MskService"=2

"MpfService"=2

"mcupdmgr.exe"=3

"McTskshd.exe"=2

"McShield"=2

"McDetect.exe"=2

"AOL ACS"=2

"ACDaemon"=2

"xmlprov"=2

"WMPNetworkSvc"=2

"WmiApSrv"=2

"Wmi"=2

"WmdmPmSN"=2

"winmgmt"=2

"w32time"=2

"VSS"=2

"Viewpoint Manager Service"=2

"UPS"=2

"upnphost"=2

"TrkWks"=2

"TermService"=2

"SysmonLog"=2

"Symantec Core LC"=2

"SwPrv"=2

"stisvc"=2

"SSDPSRV"=2

"srservice"=2

"SQLWriter"=2

"SQLBrowser"=2

"SQLAgent$MICROSOFTSMLBIZ"=2

"SharedAccess"=2

"SENS"=2

"seclogon"=2

"SCardSvr"=2

"RSVP"=2

"RemoteRegistry"=2

"ProtectedStorage"=2

"PolicyAgent"=2

"ose"=2

"odserv"=2

"NtmsSvc"=2

"NtLmSsp"=2

"Norton Ghost"=2

"NetSvc"=2

"Netlogon"=2

"napagent"=2

"MSSQLServerADHelper"=2

"MSSQL$MSSMLBIZ"=2

"MSSQL$MICROSOFTSMLBIZ"=2

"MSIServer"=2

"MSDTC"=2

"mnmsrvc"=2

"Microsoft Office Groove Audit Service"=2

"MDM"=2

"lanmanserver"=2

"ImapiService"=2

"IDriverT"=2

"HTTPFilter"=2

"hkmsvc"=2

"HidServ"=2

"helpsvc"=2

"GEARSecurity"=2

"Fax"=2

"FastUserSwitchingCompatibility"=2

"EventSystem"=2

"ERSvc"=2

"EapHost"=2

"Dot3svc"=2

"dmserver"=2

"dmadmin"=2

"Creative Labs Licensing Service"=2

"COMSysApp"=2

"clr_optimization_v2.0.50727_32"=2

"CiSvc"=2

"ccPwdSvc"=2

"Browser"=2

"aspnet_state"=2

"AppMgmt"=2

"CSIScanner"=2

"WZCSVC"=2

"WudfSvc"=2

"WebClient"=2

"Themes"=2

"Spooler"=2

"ShellHWDetection"=2

"Schedule"=2

"SamSs"=2

"LmHosts"=2

"lanmanworkstation"=2

"Eventlog"=2

"Dnscache"=2

"Dhcp"=2

"CryptSvc"=2

"Creative Service for CDROM Access"=2

"ccSetMgr"=2

"ccEvtMgr"=2

"BITS"=2

"BcmSqlStartupSvc"=2

"AudioSrv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"

"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Documents and Settings\mike lawrence\Desktop\superscan4\SuperScan4.exe"="C:\Documents and Settings\mike lawrence\Desktop\superscan4\SuperScan4.exe:*:Enabled:SuperScan 4 Beta 1"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Documents and Settings\mike lawrence\Desktop\Macromedia\Fireworks MX\Fireworks.exe"="C:\Documents and Settings\mike lawrence\Desktop\Macromedia\Fireworks MX\Fireworks.exe:*:Disabled:Fireworks MX"

"C:\Documents and Settings\mike lawrence\Desktop\Macromedia\FreeHand MX\FreeHand MX.exe"="C:\Documents and Settings\mike lawrence\Desktop\Macromedia\FreeHand MX\FreeHand MX.exe:*:Disabled:FreeHand MX"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"

"C:\Program Files\Laplink\PCmover\PCmover.exe"="C:\Program Files\Laplink\PCmover\PCmover.exe:*:Disabled:PCmover"

"C:\Program Files\Curious Labs\Poser 6\Poser.exe"="C:\Program Files\Curious Labs\Poser 6\Poser.exe:*:Disabled:Poser executable file"

"C:\Program Files\Prevx\prevx.exe"="C:\Program Files\Prevx\prevx.exe:*:Disabled:prevx"

"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Disabled:Shareaza"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"

"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d98b837-0c82-11dc-94f5-00038a000015}]

shell\AutoRun\command - K:\LaunchU3.exe

======List of files/folders created in the last 1 months======

2009-08-25 15:53:29 ----D---- C:\rsit

2009-08-23 14:56:02 ----D---- C:\Program Files\PELCO

2009-08-23 14:55:27 ----A---- C:\WINDOWS\system32\DX4X00_MPEG4.dll

2009-08-18 12:32:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-18 11:36:49 ----A---- C:\WINDOWS\system32\MRT.exe

2009-08-18 10:34:52 ----D---- C:\regfixes

2009-08-16 23:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-14 10:05:55 ----D---- C:\Documents and Settings\mike lawrence\Application Data\Opera

2009-08-14 10:05:50 ----D---- C:\Program Files\Opera

2009-08-10 19:49:59 ----D---- C:\Documents and Settings\mike lawrence\Application Data\AVG8

2009-08-09 21:20:04 ----SHD---- C:\WINDOWS\CSC

======List of files/folders modified in the last 1 months======

2009-08-23 17:08:18 ----D---- C:\WINDOWS

2009-08-23 17:07:43 ----D---- C:\Program Files\Mozilla Firefox

2009-08-23 17:06:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-08-23 14:56:02 ----HD---- C:\Program Files\InstallShield Installation Information

2009-08-23 14:56:02 ----D---- C:\Program Files

2009-08-23 14:55:49 ----D---- C:\WINDOWS\system32

2009-08-23 14:55:27 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-08-22 11:00:55 ----D---- C:\WINDOWS\Debug

2009-08-22 11:00:54 ----D---- C:\WINDOWS\Temp

2009-08-21 19:14:09 ----ASH---- C:\boot.ini

2009-08-21 19:14:09 ----A---- C:\WINDOWS\win.ini

2009-08-21 19:14:09 ----A---- C:\WINDOWS\system.ini

2009-08-18 16:29:48 ----SD---- C:\WINDOWS\Tasks

2009-08-18 13:35:07 ----D---- C:\WINDOWS\system32\dllcache

2009-08-18 13:34:18 ----D---- C:\WINDOWS\security

2009-08-18 12:32:24 ----D---- C:\WINDOWS\system32\drivers

2009-08-18 12:23:04 ----D---- C:\WINDOWS\system32\NtmsData

2009-08-18 12:22:50 ----D---- C:\WINDOWS\system32\ias

2009-08-18 12:22:49 ----D---- C:\WINDOWS\system32\CatRoot2

2009-08-18 12:22:36 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt

2009-08-18 12:21:40 ----D---- C:\WINDOWS\Registration

2009-08-18 12:20:51 ----D---- C:\WINDOWS\Prefetch

2009-08-16 23:06:34 ----D---- C:\!KillBox

2009-08-14 10:05:52 ----SHD---- C:\WINDOWS\Installer

2009-08-13 21:21:47 ----D---- C:\WINDOWS\Minidump

2009-08-13 21:18:05 ----D---- C:\Program Files\CCleaner

2009-08-13 09:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com

2009-08-12 12:36:54 ----D---- C:\jaguar

2009-08-09 22:41:45 ----D---- C:\WINDOWS\Help

2009-08-09 22:03:03 ----HD---- C:\WINDOWS\inf

2009-08-09 22:03:03 ----D---- C:\Program Files\MSN

2009-08-09 21:34:01 ----D---- C:\WINDOWS\network diagnostic

2009-08-03 13:19:59 ----D---- C:\Documents and Settings\mike lawrence\Application Data\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]

R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]

R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2005-12-07 14408]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]

R1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-12-07 56240]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]

R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]

R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]

R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]

R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]

R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]

R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]

R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]

R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]

R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []

R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 sigfilt;sigfilt; C:\WINDOWS\system32\drivers\sigfilt.sys [2005-03-25 1350272]

R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-06 180736]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]

S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []

S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 cpuz130;cpuz130; \??\C:\DOCUME~1\MIKELA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []

S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera; C:\WINDOWS\system32\DRIVERS\dvc325.sys []

S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []

S3 LLUSBFLT;LLUSBFLT; C:\WINDOWS\system32\drivers\llusbflt.sys [2005-08-03 4736]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver; C:\WINDOWS\System32\Drivers\usbbc2.sys [2005-08-03 8960]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 VPROEVENTMONITOR;VPROEVENTMONITOR; \??\C:\WINDOWS\system32\drivers\VProEventMonitor.sys []

S3 VtcDrv;Philips SA52xx Recovery Device; C:\WINDOWS\System32\Drivers\vtcdrv.sys [2007-12-13 18560]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]

S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]

S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]

S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]

S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]

S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]

S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]

S4 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]

S4 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]

S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]

S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-12-13 198256]

S4 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-13 79472]

S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-12-13 165488]

S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S4 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-08-22 69632]

S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]

S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

S4 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-12-07 53248]

S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S4 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-12-18 9158656]

S4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

S4 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]

S4 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2005-12-07 2066072]

S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S4 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]

S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]

S4 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]

S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-08-22 822424]

S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-08-25 15:53:37

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}

-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

3D Desktop Recorder V9.1-->MsiExec.exe /I{B256B211-FEFB-4797-AAF5-591DEC7627F2}

3DSS - Free Cyber Fire v1.0 (remove only)-->C:\Program Files\3D-ScreenSaver-Download\Free Cyber Fire\uninstall.exe

ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}

Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}

Adobe Acrobat Elements 6.0-->MsiExec.exe /I{E5E6E687-1033-BA7E-6000-000000000001}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q

Adobe GoLive 5.0 Educational-->MsiExec.exe /I{FBCCF9CE-61EE-425E-BE4D-959D76FA7701}

Adobe Illustrator 9.0.1-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.isu" -c"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.dll"

Adobe LiveMotion-->MsiExec.exe /I{D0FA6DD3-CB9D-41EB-A410-9004192C99EF}

Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"

Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}

Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

Adobe SVG Viewer-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"

AIM 6-->C:\Program Files\AIM6\uninst.exe

Alibre Design-->MsiExec.exe /X{47F21113-0D9A-11D5-8132-00C04FA0998D}

Andrea VoiceCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}\Setup.exe" -Remove

Any Flv Converter 1.3.8-->"C:\Program Files\Any Flv Converter\unins000.exe"

AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe

AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c

AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe

AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}

ArcSoft MediaConverter 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}\Setup.exe" -l0x9

ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Better Homes and Gardens Home Designer Suite 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93FFFB60-DE59-4550-955D-5F12B23ADA1F}\setup.exe" -l0x9

Business Complete Care Services Agreement-->MsiExec.exe /X{64658686-0CD4-4CF6-983D-0A6BE32007DB}

Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}

Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Cisco Video Surveillance Client-->"C:\Program Files\Cisco Video Surveillance\Client\axc_uninstall.exe"

Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf

Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}

Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\Setup.exe" -l0x9 /remove

Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}

Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s

Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}

Digital Content Portal-->MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}

Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText

Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe

EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}

eMachineShop-->C:\PROGRA~1\EMACHI~1\UNWISE.EXE C:\PROGRA~1\EMACHI~1\INSTALL.LOG

EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst

EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG

EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B53B71D-9E2F-42B8-9123-96354872D166}\setup.exe" -l0x9 MyUninstall

EPSON PhotoStarter3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE704636-ECD0-426C-952E-05B8DABD1949}\Setup.exe" -l0x9 uninst

EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r

EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\Setup.exe" -l0x9 UNINSTALL

EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall

EPSON SPRX600 Reference Guide-->C:\Program Files\epson\guide\rx600_e\uninstall.exe

Fire Undead Screensaver 1.0-->"C:\Program Files\Fire Undead Screensaver\unins000.exe"

Free Fire Screensaver-->C:\Program Files\Free Fire Screensaver\uninstall.exe

Free Sound Recorder-->C:\PROGRA~1\FREESO~1\UNWISE.EXE C:\PROGRA~1\FREESO~1\INSTALL.LOG

Free WMV to AVI MPEG Converter v1.2-->"C:\Program Files\Free WMV to AVI MPEG Converter\unins000.exe"

Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly

Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly

Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly

Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly

High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe

HijackThis 2.0.2-->"K:\HijackThis.exe" /uninstall

Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"

Hotfix 2055 for SQL Server 2000 ENU (KB960082)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe"

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

IMM4 VCM Codec 1.0.0.6-->C:\WINDOWS\unins000.exe

Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582

Intel® PRO Network Connections Drivers-->Prounstl.exe

Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}

Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

JTIS-->C:\WINDOWS\IsUninst.exe -fc:\jaguar\Uninst.isu

Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe

LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE

LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U

Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Marine Sharpshooter 3-->c:\Program Files\Groove Games\Marine Sharpshooter 3\System\Setup.exe reallyuninstall Path="c:\Program Files\Groove Games\Marine Sharpshooter 3\\\"

Marine Sharpshooter-->C:\PROGRA~1\GROOVE~1\MARINE~1\UNWISE.EXE C:\PROGRA~1\GROOVE~1\MARINE~1\INSTALL.LOG

MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}

Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Accounting 2008 Equifax Addin-->MsiExec.exe /X{0C2AF762-0565-4C91-9F55-B8B53BB82A38}

Microsoft Office Accounting 2008 Fixed Asset Manager-->MsiExec.exe /X{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}

Microsoft Office Accounting 2008 PayPal Addin-->MsiExec.exe /X{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}

Microsoft Office Accounting 2008-->"C:\Program Files\Microsoft Small Business\Office Accounting 2008\SetupBootstrap\Setup.exe" /remove {270940EA-C235-40D9-B2AE-2D450356DF8E}

Microsoft Office Accounting 2008-->MsiExec.exe /X{270940EA-C235-40D9-B2AE-2D450356DF8E}

Microsoft Office Accounting ADP Payroll Addin-->MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Small Business Accounting 2006-->MsiExec.exe /X{F413D795-B077-4A96-AE75-810BBA673A0E}

Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}

Microsoft Office Ultimate 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL

Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}

Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}

Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}

Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove

Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}

Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}

Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}

Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

MinGW C++ Toolbox 3.4.5 w1-->c:\mingw\uninst.exe

Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel

Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSI v2 to redistribute Rigs of Rods-->MsiExec.exe /I{36592557-65CE-4A4D-9970-764F17E0AFD3}

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove

Musicmatch

Link to post
Share on other sites

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Link to post
Share on other sites

Hello,

I downloaded combofix and transfered it to the computer but it doesn't run. It will show up in the task manager under the process tab, but it doesn't show in the applications tab. I tried to run as-current user (unckecked protect my computer etc etc) and it doesn't start.

Everything in the "services.msc" window is listed as disabled. Is there something in that list that needs to be set to Automatic for it to run?

Each time I change everything to automatic and restart the computer, they all go back to disabled. I don't have any antivirus programs running or anything.

I'm not sure what to do now.

Link to post
Share on other sites

----------------------------------------------------------------------------------------

Step 1

Avenger

Note to users reading this topic! This script was created specificly for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  1. Please download The Avenger2 by SwanDog46.
  2. Unzip avenger.exe to your desktop.
  3. Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    Drivers to disable:
    SKYNETrgbobvpa
    UACd.sys


  4. Now start The Avenger2 by double clicking avenger.exe on your desktop.
  5. Read the prompt that appears, and press OK.
  6. Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  7. Press the "Execute" button.
  8. You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  9. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

----------------------------------------------------------------------------------------

Step 2

Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /stepdel

When finished, it shall produce a log for you. Post that log in your next reply.

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Link to post
Share on other sites

Hello Katana,

When I started the computer (before transferring the file) I got a popup error message titled: iexplorer.exe-application error. The box said: the instruction at "0x00c63973" referenced memory at "0x4d514c0d". the memory could not be "read". Click ok to terminate the program. Click on cancel to debug the program.

I clicked cancel to see if it would show more detailed info but nothing appeared.

I transferred the avenger program and typed in the code you listed (I can't copy/past because I'm on a different computer)

The computer restarted 2 times and there is a different popup titled: windows-no disk. It says "exception processing message c0000013 parameters 75b6bf7c 4 75b6b7c 75b6bf7c" then has 3 buttons: cancel, try again, continue

I moved the popup to the side and saved the avenger log to the desktop. I tried to open the "my computer" to access the jumpstick but the window was blank white. I waited a little bit then closed the window and only the desktop background image was showing and the popup box. No icons or task bar or anything else was there. I clicked to try again in the box and it just moved to the center of the screen. I then tried cancel and it just kept staying there. after 3 times of clicking cancel it want away and then the desktop went back to normal. I saved the log and copied it to the jumpstick.

I typed the command with a space before the "/" symbol and nothing happened.

I looked at the avenger log and it says it failed to disable the drivers. Could those drivers be causing programs not to run, and if so can I do something in the registry to disable them manually?

I searched about "uacd.sys" and saw on a site that "Viewpoint Manager is considered as foistware instead of malware" and that person was told to remove:

# Viewpoint

# Viewpoint Manager

# Viewpoint Media Player

I did have a problem with a "viewpoint mgr" popup crash report window every few minutes when all my "services.msc" list was changed to automatic. Could that have anything to do with these problems?

I haven't changed anything other then what you told me to do. I am just looking around to see what some of these things in the logs are.

Here is the avenger log:

Link to post
Share on other sites

Please download a fresh copy of Combofix, it has been updated.

Save it directly on the C:\ drive of the infected computer.

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"C:\combofix.exe" /stepdel

When finished, it shall produce a log for you. Post that log in your next reply.

See if that works.

Link to post
Share on other sites

I downloaded it again and put it in the C drive and tried the run command again. It still will not start. It just shows up in the task manager under the process tab, but it doesn't show in the applications tab or do anything. I think that is how stuff in the cd drive responds also. I tried running it right from the jumpstick but have the same results.

I was wondering if I should use the reg entries that were saved before CCleaner removed items and put it back to what they were. There are 3 files saved by ccleaner (3 times to remove everything) could something have been removed by that program that is stopping combofix and malwarebytes from running?

A few days ago (before your first post) I had to install a program/viewer for security cameras and the cd drive would show the files and setup but would not do anything. I used another computer to save them to the jumpstick and then I had no problem loading them and running them. I'm confused as to why only some programs will start and others will not. Would changing the name of combofix to something like red.exe help in it starting?

I have a class in a little bit so it will be a few hours before I get back to try another way to make it run.

Link to post
Share on other sites

I suspect that it is the lack of services that is causing most of the problems ...

I notice that MSConfig is running at startup ?

Open MSConfig (Start >> Run .. Type MSConfig and press enter )

Click the services tab, and make sure everything is ticked ... If not, click Select All

Reboot the machine and see if the services are running.

Link to post
Share on other sites

Hello,

Yes the MSConfig is running at startup. I'm not sure why it does. I also get a message from scandisk not able to scan RAW files message right before windows loads each time. Before I posted here, I had tried the scandisk commands but nothing happened from it.

I enabled the services and restarted. I got the viewpoint mgr error message and the Windows Antivirus Pro poped up again. I had deleted everything in the list of known items. I guess there are more spots it's in.

I stopped the process of svghast and windows antivirus pro and it went away. I checked the services tab in the system config utility and about 75% of the items are showing a status of running. The rest say stopped.

I tried the run command for combofix and still the same thing. It shows in the list but nothing happens.

Windows updates wants to install new updates. Should I let it or leave it for now? I checked the Firefox browser and it will connect online to google (home page). I closed it and didn't try going anywhere.

I do notice that the processor light stays steady and the rattling sound the processor makes stays almost constint. The task manager shows System Idle Process with CPU: 99. The light goes out and the sound stops for awhile when the window is open. After a moment or so after closing the window, or not doing anything, the light comes back on and the sound continues.

I viewed the performance tab to see the graph and it jumps around from 5% to 84% at random. I don't know of anything running that would cause it. (Avira is disabled and no other icons except windows update is on the task bar)

The other stuff under performance keep changing without stopping. Physical memory, kernel memory, comment change and totals all jump a few thousand numbers every second. PF usage shows 620 MB but has a flat line. It does increase in MB every few moments.

I tried unplugging the internet cable from the router but it didn't make any differance to the numbers of processor light/sound.

It is showing handles: 14969 , threads 749, processes 62 that slowly change.

Link to post
Share on other sites

Try running the "C:\combofix.exe" /stepdel instructions in safe mode.

Reboot in safe mode

You will now need to reboot in safe mode, you will not have internet access whilst you do the next part

Please copy/paste or print the following instructions.

To reboot in safe mode

You can boot in Safe Mode by restarting your computer, then continually tapping F5 OR F8 until a menu appears.

Use your up arrow key to highlight Safe Mode, then hit enter.

If it still doesn't run, please post a fresh RSIT and Sysprot log

Link to post
Share on other sites

I restarted in safe mode and selected admin. combofix still will not start. RSIT did run and the log is below. sysprot would not seem to run correctly. sysprot said it failed to start when it first started scanning. It said I needed admin privileges. I selected admin insted of myself at the choice screen. I tried right click-run as-current user (not protected). right click-run as-current user. right click-run as- admin. I even switched users and tried these again but each time it said it failed to start but said log was created. I put the log at the bottom but nothing is on it.

Should I restart in normal mode and try it again?

Logfile of random's system information tool 1.06 (written by random/random)

Run by mike lawrence at 2009-08-26 18:11:51

Microsoft Windows XP Professional Service Pack 3

System drive C: has 139 GB (79%) free of 176 GB

Total RAM: 2038 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:53:34 Afternoon, on 8/25/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Documents and Settings\mike lawrence\Desktop\RSIT.exe

C:\Documents and Settings\mike lawrence\Desktop\mike lawrence.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-2946633094-119962529-606497535-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {41293422-93FD-443C-B848-E07EDBF866C3} (CMediaPlayerCtrl Object) - http://216.159.150.36/BWT/sources/AXClient.cab

O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161556317663

O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab

O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

--

End of file - 6071 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D5BMBNB1-mike lawrence).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76DC0B63-1533-4ba9-8BE8-D59EB676FA02}]

ICQSys (IE PlugIn) - C:\WINDOWS\system32\dddesot.dll [2009-08-26 488960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-07-26 94208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-12 249856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-04-29 188728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-12-13 58992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [2006-02-09 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-09-15 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

C:\Program Files\Dell Support\DSAgnt.exe [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX600]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE [2003-09-09 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-08-22 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-12 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-12 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]

Rundll32 CTMBHA.DLL,MBMon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\McAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2006-01-18 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]

C:\Program Files\Norton Ghost\Agent\GhostTray.exe [2005-12-07 1537696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

C:\Program Files\McAfee.com\VSO\oasclnt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poolsv]

C:\WINDOWS\poolsv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]

C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe [2004-11-11 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2006-08-22 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

C:\Program Files\Real\RealPlayer\RealPlay.exe [2007-07-20 214448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

C:\WINDOWS\MIDIDef.exe [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]

C:\Program Files\ddmdin\vmkrsysguard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-07-20 185784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

C:\Program Files\McAfee.com\VSO\mcvsshld.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

C:\Program Files\Creative\VoiceCenter\AndreaVC.exe [2005-09-19 1159168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe /checktask []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-07-30 217195]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2004-09-01 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MskService"=2

"MpfService"=2

"mcupdmgr.exe"=3

"McTskshd.exe"=2

"McShield"=2

"McDetect.exe"=2

"CSIScanner"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"

"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Documents and Settings\mike lawrence\Desktop\superscan4\SuperScan4.exe"="C:\Documents and Settings\mike lawrence\Desktop\superscan4\SuperScan4.exe:*:Enabled:SuperScan 4 Beta 1"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Documents and Settings\mike lawrence\Desktop\Macromedia\Fireworks MX\Fireworks.exe"="C:\Documents and Settings\mike lawrence\Desktop\Macromedia\Fireworks MX\Fireworks.exe:*:Disabled:Fireworks MX"

"C:\Documents and Settings\mike lawrence\Desktop\Macromedia\FreeHand MX\FreeHand MX.exe"="C:\Documents and Settings\mike lawrence\Desktop\Macromedia\FreeHand MX\FreeHand MX.exe:*:Disabled:FreeHand MX"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"

"C:\Program Files\Laplink\PCmover\PCmover.exe"="C:\Program Files\Laplink\PCmover\PCmover.exe:*:Disabled:PCmover"

"C:\Program Files\Curious Labs\Poser 6\Poser.exe"="C:\Program Files\Curious Labs\Poser 6\Poser.exe:*:Disabled:Poser executable file"

"C:\Program Files\Prevx\prevx.exe"="C:\Program Files\Prevx\prevx.exe:*:Disabled:prevx"

"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Disabled:Shareaza"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"

"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d98b837-0c82-11dc-94f5-00038a000015}]

shell\AutoRun\command - K:\LaunchU3.exe

======File associations======

.exe - open - C:\WINDOWS\system32\desot.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-08-26 18:07:02 ----A---- C:\WINDOWS\ntbtlog.txt

2009-08-26 15:41:07 ----A---- C:\WINDOWS\system32\desot.exe

2009-08-26 15:41:07 ----A---- C:\WINDOWS\system32\dddesot.dll

2009-08-26 15:41:07 ----A---- C:\WINDOWS\svchast.exe

2009-08-26 15:40:55 ----D---- C:\Program Files\Windows Antivirus Pro

2009-08-26 15:35:59 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-26 12:02:46 ----A---- C:\ComboFix.exe

2009-08-26 10:42:06 ----D---- C:\Avenger

2009-08-26 10:42:06 ----A---- C:\avenger.txt

2009-08-25 22:44:28 ----A---- C:\WINDOWS\system32\CF11690.exe

2009-08-25 22:44:14 ----D---- C:\Qoobox

2009-08-25 22:44:11 ----A---- C:\Bug.txt

2009-08-25 15:53:29 ----D---- C:\rsit

2009-08-23 14:56:02 ----D---- C:\Program Files\PELCO

2009-08-23 14:55:27 ----A---- C:\WINDOWS\system32\DX4X00_MPEG4.dll

2009-08-18 12:32:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-18 11:36:49 ----A---- C:\WINDOWS\system32\MRT.exe

2009-08-18 10:34:52 ----D---- C:\regfixes

2009-08-16 23:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-14 10:05:55 ----D---- C:\Documents and Settings\mike lawrence\Application Data\Opera

2009-08-14 10:05:50 ----D---- C:\Program Files\Opera

2009-08-10 19:49:59 ----D---- C:\Documents and Settings\mike lawrence\Application Data\AVG8

2009-08-09 21:20:04 ----SHD---- C:\WINDOWS\CSC

======List of files/folders modified in the last 1 months======

2009-08-26 18:07:02 ----D---- C:\WINDOWS

2009-08-26 15:41:08 ----D---- C:\WINDOWS\system32

2009-08-26 15:41:07 ----D---- C:\WINDOWS\Temp

2009-08-26 15:40:55 ----D---- C:\Program Files

2009-08-26 15:39:43 ----D---- C:\Program Files\Mozilla Firefox

2009-08-26 15:38:27 ----D---- C:\WINDOWS\system32\NtmsData

2009-08-26 15:38:15 ----D---- C:\WINDOWS\system32\ias

2009-08-26 15:38:11 ----D---- C:\WINDOWS\system32\CatRoot2

2009-08-26 15:37:56 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt

2009-08-26 15:37:01 ----D---- C:\WINDOWS\Registration

2009-08-26 15:36:23 ----D---- C:\WINDOWS\Debug

2009-08-26 15:34:47 ----ASH---- C:\boot.ini

2009-08-26 15:34:47 ----A---- C:\WINDOWS\win.ini

2009-08-26 15:34:47 ----A---- C:\WINDOWS\system.ini

2009-08-26 10:42:06 ----D---- C:\WINDOWS\system32\drivers

2009-08-23 17:06:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-08-23 14:56:02 ----HD---- C:\Program Files\InstallShield Installation Information

2009-08-23 14:55:27 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-08-18 16:29:48 ----SD---- C:\WINDOWS\Tasks

2009-08-18 13:35:07 ----D---- C:\WINDOWS\system32\dllcache

2009-08-18 13:34:18 ----D---- C:\WINDOWS\security

2009-08-18 12:20:51 ----D---- C:\WINDOWS\Prefetch

2009-08-16 23:06:34 ----D---- C:\!KillBox

2009-08-14 10:05:52 ----SHD---- C:\WINDOWS\Installer

2009-08-13 21:21:47 ----D---- C:\WINDOWS\Minidump

2009-08-13 21:18:05 ----D---- C:\Program Files\CCleaner

2009-08-13 09:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com

2009-08-12 12:36:54 ----D---- C:\jaguar

2009-08-09 22:41:45 ----D---- C:\WINDOWS\Help

2009-08-09 22:03:03 ----HD---- C:\WINDOWS\inf

2009-08-09 22:03:03 ----D---- C:\Program Files\MSN

2009-08-09 21:34:01 ----D---- C:\WINDOWS\network diagnostic

2009-08-03 13:19:59 ----D---- C:\Documents and Settings\mike lawrence\Application Data\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]

R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]

R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2005-12-07 14408]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]

S1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-12-07 56240]

S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]

S2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]

S2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]

S2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]

S2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]

S2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]

S2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]

S2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]

S2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]

S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []

S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]

S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []

S2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []

S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 cpuz130;cpuz130; \??\C:\DOCUME~1\MIKELA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []

S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera; C:\WINDOWS\system32\DRIVERS\dvc325.sys []

S3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]

S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []

S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]

S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]

S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]

S3 LLUSBFLT;LLUSBFLT; C:\WINDOWS\system32\drivers\llusbflt.sys [2005-08-03 4736]

S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver; C:\WINDOWS\System32\Drivers\usbbc2.sys [2005-08-03 8960]

S3 sigfilt;sigfilt; C:\WINDOWS\system32\drivers\sigfilt.sys [2005-03-25 1350272]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]

S3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-06 180736]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 VPROEVENTMONITOR;VPROEVENTMONITOR; \??\C:\WINDOWS\system32\drivers\VProEventMonitor.sys []

S3 VtcDrv;Philips SA52xx Recovery Device; C:\WINDOWS\System32\Drivers\vtcdrv.sys [2007-12-13 18560]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]

S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]

S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]

S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]

S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]

S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]

S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]

S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]

S2 AntipPro2009_100;AntipyProex; C:\WINDOWS\svchast.exe [2009-08-26 163840]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]

S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]

S2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]

S2 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]

S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-12-13 198256]

S2 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-13 79472]

S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-12-13 165488]

S2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-08-22 69632]

S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

S2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-12-07 53248]

S2 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

S2 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-12-18 9158656]

S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]

S2 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

S2 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]

S2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2005-12-07 2066072]

S2 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S2 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]

S2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]

S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]

S2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-08-22 822424]

S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

-----------------EOF-----------------

SysProt AntiRootkit v1.0.1.0

by swatkat

********************************************************************************

**********

********************************************************************************

**********

No Hidden Processes found

********************************************************************************

**********

********************************************************************************

**********

No Hidden Kernel Modules found

********************************************************************************

**********

********************************************************************************

**********

No SSDT Hooks found

********************************************************************************

**********

********************************************************************************

**********

No Kernel Hooks found

********************************************************************************

**********

********************************************************************************

**********

No hidden files/folders found

Link to post
Share on other sites

The windows - no disk message poped up again. There was an error message on the 1st restart that said something about "there was an error..." I didn't see what the rest said because it restarted.

antivirus pro will not go away this time. I stopped the process on svghast.exe and windows antivirus pro but the pop up is still running and blocks the center of the screen.

Here is the new log report:

Link to post
Share on other sites

Reboot in safe mode

You will now need to reboot in safe mode, you will not have internet access whilst you do the next part

Please copy/paste or print the following instructions.

To reboot in safe mode

You can boot in Safe Mode by restarting your computer, then continually tapping F5 OR F8 until a menu appears.

Use your up arrow key to highlight Safe Mode, then hit enter.

Custom CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    KillAll::
    StepDel::
    ADS::


  • Save this as CFScript.txt and place it on your desktop.
    CFScriptb.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

Link to post
Share on other sites

Hello,

I followed the steps and draged the script to the combo fix application icon in the C drive and nothing happened. I waited a few minutes and then checked the manager and it doesn't show in any list. I tried right clicking and "run as" admin but still nothing. It will appear in the process tab but still nothing from it. :)

Link to post
Share on other sites

Something is still blocking us :)

Please try the following in normal mode, and if it doesn't work try it in safe mode.

Please download the Win32kDiag.exe tool from the following location and save it to your desktop:

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

Once downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.

Double-click on this file and post the contents as a reply to this topic.

Link to post
Share on other sites

I was hoping for a different log from that :)

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

Link to post
Share on other sites

Hello,

Sorry for the delay. We had some flooding going on with warnings. I had to use the infected computer to connect to the internet to kcrg.com to get info about the street closings and warnings going on. I don't know if that will make any difference to sorting out the problems or not. I haven't used it for anything else so I hope nothing has changed on the system by using it.

I saved the gmer file and I tried clicking it to run it and it didn't respond or show up on the list so I renamed it to look.exe and it still didn't run. I then tried right click-run as- and unchecked protect computer and it started running. It did find rootkit activity right away and I clicked to scan and it did pop up saying system modification caused by rootkit activity.

Here is the scan:

GMER 1.0.15.15077 [look.exe] - http://www.gmer.net

Rootkit scan 2009-08-27 18:57:20

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code 8A716096 ZwEnumerateKey

Code 8A34B7BE ZwFlushInstructionCache

Code 8A714095 IofCallDriver

Code 8A811665 IofCompleteRequest

Code 8A393825 ZwSaveKey

Code 8A83DDED ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8A71409A

.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A81166A

.text ntkrnlpa.exe!ZwSaveKey 80500D68 5 Bytes JMP 8A39382A

.text ntkrnlpa.exe!ZwSaveKeyEx 80500D7C 5 Bytes JMP 8A83DDF2

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8A34B7C2

PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 4 Bytes JMP 8A71609A

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[260] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00DA000A

.text C:\WINDOWS\system32\ctfmon.exe[260] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00DB000A

.text C:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00DC000A

.text C:\WINDOWS\System32\SCardSvr.exe[500] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B2000A

.text C:\WINDOWS\System32\SCardSvr.exe[500] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B3000A

.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[524] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F2000A

.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[524] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00F3000A

.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[644] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F3000A

.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[644] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00F4000A

.text C:\WINDOWS\system32\winlogon.exe[756] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A3000A

.text C:\WINDOWS\system32\winlogon.exe[756] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A4000A

.text C:\WINDOWS\system32\services.exe[804] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B3000A

.text C:\WINDOWS\system32\services.exe[804] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B4000A

.text C:\WINDOWS\system32\lsass.exe[816] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B5000A

.text C:\WINDOWS\system32\tlntsvr.exe[1244] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B2000A

.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006C000A

.text C:\WINDOWS\System32\svchost.exe[1652] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006C000A

.text C:\WINDOWS\system32\netdde.exe[1704] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B2000A

.text C:\WINDOWS\system32\netdde.exe[1704] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B3000A

.text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00E4000A

.text C:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006C000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 010D000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 011E000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WININET.dll!HttpAddRequestHeadersW 780CCF65 5 Bytes JMP 012D000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D829A0

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D827E0

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D827C0

.text C:\Program Files\Internet Explorer\Iexplore.exe[1864] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D827A0

.text C:\WINDOWS\system32\msdtc.exe[1928] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B6000A

.text C:\WINDOWS\system32\msdtc.exe[1928] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B9000A

.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1980] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C8000A

.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1980] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C9000A

.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[2044] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C8000A

.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[2044] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C9000A

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2100] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C8000A

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2100] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C9000A

.text C:\WINDOWS\System32\alg.exe[2120] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B5000A

.text C:\WINDOWS\System32\alg.exe[2120] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B6000A

.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[2168] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0100000A

.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[2168] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0101000A

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[2220] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D8000A

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[2220] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00D9000A

.text C:\WINDOWS\system32\cisvc.exe[2436] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00DE000A

.text C:\WINDOWS\system32\cisvc.exe[2436] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00DF000A

.text C:\WINDOWS\system32\clipsrv.exe[2456] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B2000A

.text C:\WINDOWS\system32\clipsrv.exe[2456] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B3000A

.text C:\WINDOWS\system32\dllhost.exe[2472] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B4000A

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[2516] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C5000A

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[2516] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C6000A

.text C:\WINDOWS\system32\CTsvcCDA.exe[2564] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C5000A

.text C:\WINDOWS\system32\CTsvcCDA.exe[2564] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C7000A

.text C:\WINDOWS\System32\GEARSec.exe[2600] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C4000A

.text C:\WINDOWS\System32\GEARSec.exe[2600] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C5000A

.text C:\WINDOWS\System32\svchost.exe[2664] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006C000A

.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2696] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C6000A

.text C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe[2696] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C7000A

.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2780] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 08F2000A

.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2780] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 08F3000A

.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[2860] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00CB000A

.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[2860] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00CC000A

.text C:\WINDOWS\system32\msiexec.exe[2904] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B1000A

.text C:\WINDOWS\system32\msiexec.exe[2904] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B2000A

.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[2932] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0141000A

.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[2932] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0142000A

.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2948] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B9000A

.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2948] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00BA000A

.text C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe[3012] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 08EF000A

.text C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe[3012] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 08F0000A

.text C:\WINDOWS\System32\vssvc.exe[3188] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B3000A

.text C:\WINDOWS\System32\vssvc.exe[3188] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B4000A

.text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[3204] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F5000A

.text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[3204] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00F6000A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3360] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C2000A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3360] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C3000A

.text C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[3364] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C4000A

.text C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[3364] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C5000A

.text C:\WINDOWS\system32\sessmgr.exe[3452] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B2000A

.text C:\WINDOWS\system32\sessmgr.exe[3452] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B3000A

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3484] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C3000A

.text C:\WINDOWS\system32\locator.exe[3552] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B3000A

.text C:\WINDOWS\system32\locator.exe[3552] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B4000A

.text C:\Documents and Settings\mike lawrence\Desktop\gmer\look.exe[3632] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 08F9000A

.text C:\Documents and Settings\mike lawrence\Desktop\gmer\look.exe[3632] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 08FA000A

.text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE[3656] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00E4000A

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AF000A

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3824] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B6000A

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3824] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B7000A

.text C:\WINDOWS\system32\svchost.exe[3920] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006C000A

.text C:\WINDOWS\System32\dmadmin.exe[3948] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AC000A

.text C:\WINDOWS\System32\dmadmin.exe[3948] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AD000A

.text C:\WINDOWS\system32\dllhost.exe[4008] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B2000A

.text C:\WINDOWS\system32\dllhost.exe[4008] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B3000A

.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[4052] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 08F9000A

.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[4052] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 08FA000A

.text C:\WINDOWS\system32\wuauclt.exe[5540] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B2000A

.text C:\WINDOWS\system32\wuauclt.exe[5540] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B3000A

.text C:\WINDOWS\system32\wuauclt.exe[5704] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 08DA000A

.text C:\WINDOWS\system32\wuauclt.exe[5704] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 08DB000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \FileSystem\Fastfat \Fat SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACkolflhywsk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1080] 0x02F10000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\SKYNETljrbjawb.sys (*** hidden *** ) [sYSTEM] SKYNETrgbobvpa <-- ROOTKIT !!!

Service C:\WINDOWS\system32\drivers\UACrtaihshcms.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa@imagepath \systemroot\system32\drivers\SKYNETljrbjawb.sys

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\main@aid 10002

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\main@sid 1

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\main\injector@* SKYNETwsp.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETljrbjawb.sys

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\modules@SKYNETcmd.dll \systemroot\system32\SKYNETbmoaxusj.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\modules@SKYNETlog.dat \systemroot\system32\SKYNETmkxirqsq.dat

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\modules@SKYNETwsp.dll \systemroot\system32\SKYNEThsajlmed.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETrgbobvpa\modules@SKYNET.dat \systemroot\system32\SKYNETwvadxqet.dat

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrtaihshcms.sys

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrtaihshcms.sys

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdsydmknanf.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACkolflhywsk.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACkegxkorcyw.dat

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACabynvtgpdd.db

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACendfuiyiiu.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACfprgguymuw.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACivmlyhsatv.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa@imagepath \systemroot\system32\drivers\SKYNETljrbjawb.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\main

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\main@aid 10002

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\main@sid 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\main@cmddelay 14400

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\main\delete

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\main\injector

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\main\injector@* SKYNETwsp.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\main\tasks

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETljrbjawb.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\modules@SKYNETcmd.dll \systemroot\system32\SKYNETbmoaxusj.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\modules@SKYNETlog.dat \systemroot\system32\SKYNETmkxirqsq.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\modules@SKYNETwsp.dll \systemroot\system32\SKYNEThsajlmed.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETrgbobvpa\modules@SKYNET.dat \systemroot\system32\SKYNETwvadxqet.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrtaihshcms.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrtaihshcms.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdsydmknanf.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACkolflhywsk.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACkegxkorcyw.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACabynvtgpdd.db

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACendfuiyiiu.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACfprgguymuw.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACivmlyhsatv.dll

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa@start 1

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa@type 1

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa@group file system

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa@imagepath \systemroot\system32\drivers\SKYNETljrbjawb.sys

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\main@aid 10002

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\main@sid 1

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\main\injector@* SKYNETwsp.dll

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETljrbjawb.sys

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\modules@SKYNETcmd.dll \systemroot\system32\SKYNETbmoaxusj.dll

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\modules@SKYNETlog.dat \systemroot\system32\SKYNETmkxirqsq.dat

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\modules@SKYNETwsp.dll \systemroot\system32\SKYNEThsajlmed.dll

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETrgbobvpa\modules@SKYNET.dat \systemroot\system32\SKYNETwvadxqet.dat

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrtaihshcms.sys

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrtaihshcms.sys

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdsydmknanf.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACkolflhywsk.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACkegxkorcyw.dat

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACabynvtgpdd.db

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACendfuiyiiu.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACfprgguymuw.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACivmlyhsatv.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

Is this a list of infected files? :)

Link to post
Share on other sites

Is this a list of infected files?

Partly, ...... it is a list of hidden files, and what is hiding them

We need to use GMER to delete a service and remove the file:

  • Open the gmer folder and double click gmer.exe to run the program
  • On starting GMER will run a short scan, allow it to complete this, then click No if it asks you to run a full scan.

  • Click on the > > > tab to open the menus

GMER1.jpg

  • Click on the Services tab

GMER_Services_Tab.jpg

  • Scroll down until you find the following Service (Note: This may be highlighted in red)

    SKYNETrgbobvpa

    UACd.sys


  • Click on the Service Name to Highlight it, then right click and choose Delete...

    GMER_Delete_Service.jpg


  • Click OK at the first confirmation dialog to remove the service
  • Click OK to the second confirmation dialog to remove the file
  • Click OK to exit the program

Let me know of any problems you encountered.

Try double clicking Combofix now

Link to post
Share on other sites

Hello,

I had to right click-run as to open gmer. After that it worked fine and I deleted the 2 items and closed the program. The combo fix still will not open. I was thinking about how gmer had to have it's name chenged to look.exe so I changed the name of combo to red.exe and it started. It made the computer beep and poped up a window saying a real time scanner "antivirus: antivir desktop" is running and to disable it. I don't know what that is.

The avira icon is not on the tray so I assumed it is still disabled from before. I looked at the process list in task manager and found a "avguard.exe" and "vprosvc.exe". Could these be the scanner it is finding ? I tried to end the process on avguard.exe but it doesn't go away. I didn't try the other one becuase I am not sure if it is a scanner or not.

I clicked the X in the popup window thinking it would cloce combofix but it beeped again and poped up a new window saying: "antivirus: antivir desktop" "The above real time scanner(s) are still avtive but combofix shall continue to run. Kindly note that this is at your own risk." and only has an OK button. The first message said it could damage your machine if a scanner is running. How can I stop combo so I can find what scanner is running??

I did get the avguard.exe process to end and go away after 5 times of ending it's process. I'm not sure what to do now. I left the warning window open because I don't know if I have something else running that would interfear with combofix.

Link to post
Share on other sites

I wrote down what appeaired when combofix started running;

a popup error report saying: pev.cfxxe needs to close

-=-=-=-=

listed after the 10 min notice: the system cannot find the file temp04

-=-=-=-=

Rootkit!!

combofix has detected the presence of rootkit activity and needs to reboot the machine Kindly note down on paper, the name of each file. We may need it later.

C:\WINDOWS\system32\drivers\UACqekwsrlymt.sys

C:\WINDOWS\system32\UACkdvboyroda.dill

C:\WINDOWS\system32\UACiqumehqpxe.dat

C:\WINDOWS\system32\UACxukfuygujf.dill

=-=-=-=-=-=-

Combofix did restart the computer a couple of times which I assume is normal. Here is the report it made:

ComboFix 09-08-26.02 - mike lawrence 08/28/2009 12:55.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1488 [GMT -5:00]

Running from: C:\red.exe

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Windows Antivirus Pro

c:\program files\Windows Antivirus Pro\msvcm80.dll

c:\program files\Windows Antivirus Pro\msvcp80.dll

c:\program files\Windows Antivirus Pro\msvcr80.dll

c:\program files\Windows Antivirus Pro\Windows Antivirus Pro.exe

c:\windows\Fonts\AlibreSymbols.ttf

c:\windows\Fonts\ZWAdobeF.TTF

c:\windows\Installer\2dafad4.msp

c:\windows\Installer\WMEncoder.msi

c:\windows\ppp3.dat

c:\windows\ppp4.dat

c:\windows\svchast.exe

c:\windows\system32\bennuar.old

c:\windows\system32\bincd32.dat

c:\windows\system32\bszip.dll

c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro

c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk

c:\windows\system32\Data

c:\windows\system32\dddesot.dll

c:\windows\system32\desot.exe

c:\windows\system32\drivers\Sonyhcp.dll

c:\windows\system32\drivers\UACqekwsrlymt.sys

c:\windows\system32\sonhelp.htm

c:\windows\system32\sysnet.dat

c:\windows\system32\uacinit.dll

c:\windows\system32\UACiqumehqpxe.dat

c:\windows\system32\UACkdvboyroda.dll

c:\windows\system32\UACxukfuygujf.dll

c:\windows\system32\proquota.exe was missing

Restored copy from - c:\windows\system32\dllcache\proquota.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

-------\Legacy_UACd.sys

-------\Legacy_AntipPro2009_100

-------\Service_AntipPro2009_100

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))

.

2009-08-26 17:02 . 2009-08-26 16:59 3185359 ----a-r- C:\red.exe

2009-08-25 20:53 . 2009-08-25 20:54 -------- d-----w- C:\rsit

2009-08-23 19:56 . 2009-08-23 19:56 -------- d-----w- c:\program files\PELCO

2009-08-23 19:55 . 2009-08-23 19:55 660 ----a-w- c:\windows\unins000.dat

2009-08-23 19:55 . 2008-01-05 18:11 655360 ----a-w- c:\windows\system32\DX4X00_MPEG4.dll

2009-08-18 18:25 . 2008-04-13 23:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2009-08-18 18:24 . 2008-04-13 23:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2009-08-18 18:24 . 2008-04-13 23:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2009-08-18 18:23 . 2008-04-13 17:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys

2009-08-18 18:23 . 2008-04-13 17:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys

2009-08-18 18:22 . 2008-04-13 17:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys

2009-08-18 18:22 . 2008-04-13 17:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys

2009-08-18 18:20 . 2008-04-13 23:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe

2009-08-18 18:20 . 2008-04-13 17:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys

2009-08-18 18:18 . 2008-04-13 17:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys

2009-08-18 18:18 . 2008-04-13 17:36 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys

2009-08-18 18:18 . 2008-04-13 17:36 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys

2009-08-18 18:17 . 2008-04-13 17:45 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys

2009-08-18 18:16 . 2008-04-13 17:40 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys

2009-08-18 18:16 . 2008-04-13 23:12 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll

2009-08-18 18:16 . 2008-04-13 23:12 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll

2009-08-18 18:15 . 2008-04-13 17:40 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys

2009-08-18 18:15 . 2008-04-13 17:40 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys

2009-08-18 18:15 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll

2009-08-18 18:15 . 2008-04-13 23:12 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll

2009-08-18 18:14 . 2008-04-13 17:41 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys

2009-08-18 18:14 . 2008-04-13 17:40 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys

2009-08-18 18:14 . 2008-04-13 23:10 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll

2009-08-18 18:14 . 2008-04-13 23:10 211584 ----a-w- c:\windows\system32\dllcache\perm2dll.dll

2009-08-18 18:14 . 2008-04-13 17:44 28032 ----a-w- c:\windows\system32\dllcache\perm3.sys

2009-08-18 18:14 . 2008-04-13 17:44 27904 ----a-w- c:\windows\system32\dllcache\perm2.sys

2009-08-18 18:13 . 2008-04-13 17:46 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys

2009-08-18 18:13 . 2008-04-13 17:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys

2009-08-18 18:11 . 2008-04-13 17:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2009-08-18 18:11 . 2008-04-13 17:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2009-08-18 18:11 . 2008-04-13 17:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys

2009-08-18 18:11 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys

2009-08-18 18:11 . 2008-04-13 17:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys

2009-08-18 18:10 . 2008-04-13 17:40 7040 ----a-w- c:\windows\system32\dllcache\ltotape.sys

2009-08-18 18:10 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2009-08-18 18:10 . 2008-04-13 23:11 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll

2009-08-18 18:10 . 2008-04-13 23:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll

2009-08-18 18:09 . 2008-04-13 23:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll

2009-08-18 18:09 . 2008-04-13 23:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2009-08-18 18:09 . 2008-04-13 23:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2009-08-18 18:09 . 2008-04-13 17:54 88192 ----a-w- c:\windows\system32\dllcache\irda.sys

2009-08-18 18:08 . 2008-04-13 23:11 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll

2009-08-18 18:07 . 2008-04-13 17:36 20352 ----a-w- c:\windows\system32\dllcache\hidbatt.sys

2009-08-18 18:07 . 2008-04-13 17:40 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys

2009-08-18 18:07 . 2008-04-13 17:45 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys

2009-08-18 18:07 . 2008-04-13 17:45 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys

2009-08-18 18:05 . 2008-04-13 17:39 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys

2009-08-18 18:05 . 2008-04-13 17:40 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys

2009-08-18 18:04 . 2008-04-13 23:11 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll

2009-08-18 18:03 . 2008-04-13 17:36 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys

2009-08-18 18:03 . 2008-04-13 17:36 13952 ----a-w- c:\windows\system32\dllcache\cmbatt.sys

2009-08-18 18:03 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

2009-08-18 18:03 . 2008-04-13 23:11 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll

2009-08-18 18:02 . 2008-04-13 17:46 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys

2009-08-18 18:02 . 2008-04-13 17:36 14208 ----a-w- c:\windows\system32\dllcache\battc.sys

2009-08-18 18:02 . 2008-04-13 17:46 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys

2009-08-18 18:02 . 2008-04-13 17:46 38912 ----a-w- c:\windows\system32\dllcache\avc.sys

2009-08-18 18:02 . 2008-04-13 17:46 48128 ----a-w- c:\windows\system32\dllcache\61883.sys

2009-08-18 18:02 . 2008-04-13 17:40 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys

2009-08-18 18:02 . 2008-04-13 17:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2009-08-18 17:32 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-18 17:32 . 2009-08-22 14:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-18 17:32 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-18 15:34 . 2009-08-18 15:35 -------- d-----w- C:\regfixes

2009-08-17 04:17 . 2009-08-22 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-14 22:05 . 2009-08-14 22:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera

2009-08-14 15:05 . 2009-08-14 15:05 -------- d-----w- c:\documents and settings\mike lawrence\Local Settings\Application Data\Opera

2009-08-14 15:05 . 2009-08-14 15:05 -------- d-----w- c:\program files\Opera

2009-08-11 00:49 . 2009-08-11 00:49 -------- d-----w- c:\documents and settings\mike lawrence\Application Data\AVG8

2009-08-10 02:32 . 2009-08-10 02:32 86928 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-10 02:22 . 2009-08-10 02:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-08-09 21:55 . 2009-08-09 21:55 20480 ----a-w- c:\windows\system32\UACivmlyhsatv.dll

2009-08-09 21:55 . 2009-08-09 21:55 18432 ----a-w- c:\windows\system32\UACfprgguymuw.dll

2009-08-09 21:55 . 2009-08-09 21:55 30208 ----a-w- c:\windows\system32\UACendfuiyiiu.dll

2009-08-09 21:55 . 2009-08-09 21:55 310 ----a-w- c:\windows\system32\UACkegxkorcyw.dat

2009-08-09 21:55 . 2009-08-27 23:48 74240 ----a-w- c:\windows\system32\UACkolflhywsk.dll

2009-08-09 21:55 . 2009-08-09 21:55 26624 ----a-w- c:\windows\system32\UACdsydmknanf.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-23 22:06 . 2009-03-02 09:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-23 19:56 . 2006-08-22 12:54 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-14 02:18 . 2007-08-31 07:53 -------- d-----w- c:\program files\CCleaner

2009-08-13 14:32 . 2006-08-22 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com

2009-08-10 16:15 . 2009-08-10 16:57 209228 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

2009-08-05 15:56 . 2009-05-30 21:41 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-03 18:19 . 2007-05-28 02:37 -------- d-----w- c:\documents and settings\mike lawrence\Application Data\U3

2009-07-09 09:00 . 2009-07-09 08:11 -------- d-----w- c:\program files\Fire Undead Screensaver

2009-07-09 08:07 . 2009-07-09 08:07 -------- d-----w- c:\program files\3D-ScreenSaver-Download

2009-07-09 08:04 . 2009-07-09 08:04 -------- d-----w- c:\program files\Free Fire Screensaver

2009-07-09 08:03 . 2009-07-09 08:03 -------- d-----w- c:\documents and settings\mike lawrence\Application Data\Laconic Software

2009-07-09 07:43 . 2009-07-09 07:43 -------- d-----w- c:\program files\Advanced Circuits

2009-07-09 07:43 . 2009-07-09 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PCB Artist

2009-07-09 07:04 . 2009-07-09 07:04 -------- d-----w- c:\program files\Solve Elec 2.5

2009-07-07 06:11 . 2009-07-07 06:11 -------- d-----w- c:\program files\Free WMV to AVI MPEG Converter

2009-06-30 04:17 . 2009-06-30 04:10 -------- d-----w- c:\program files\Rigs of Rods 0.36.2

2009-06-30 04:09 . 2008-11-09 20:17 -------- d-----w- c:\program files\Rigs of Rods 0.35

2007-01-23 19:07 . 2007-06-10 02:31 1847296 -c--a-w- c:\program files\mozilla firefox\plugins\Seadragon.dll

2006-08-27 02:36 . 2006-08-27 02:36 8 --sh--r- c:\windows\system32\176A27136A.sys

2009-05-26 20:52 . 2006-08-27 02:36 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MskService"=2 (0x2)

"MpfService"=2 (0x2)

"mcupdmgr.exe"=3 (0x3)

"McTskshd.exe"=2 (0x2)

"McShield"=2 (0x2)

"McDetect.exe"=2 (0x2)

"CSIScanner"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Documents and Settings\\mike lawrence\\Desktop\\Macromedia\\Fireworks MX\\Fireworks.exe"=

"c:\\Documents and Settings\\mike lawrence\\Desktop\\Macromedia\\FreeHand MX\\FreeHand MX.exe"=

"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=

"c:\\Program Files\\Curious Labs\\Poser 6\\Poser.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/30/2009 4:41 Afternoon 108289]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 Afternoon 29263712]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/22/2009 1:23 Afternoon 24652]

S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 5:50 Afternoon 30312]

S3 cpuz130;cpuz130;\??\c:\docume~1\MIKELA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MIKELA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]

S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera;c:\windows\system32\DRIVERS\dvc325.sys --> c:\windows\system32\DRIVERS\dvc325.sys [?]

S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [3/13/2006 2:59 Afternoon 4736]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [3/13/2006 2:59 Afternoon 8960]

S3 VtcDrv;Philips SA52xx Recovery Device;c:\windows\system32\drivers\vtcdrv.sys [2/28/2009 1:24 Morning 18560]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page =

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: musicmatch.com\online

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {41293422-93FD-443C-B848-E07EDBF866C3} - hxxp://216.159.150.36/BWT/sources/AXClient.cab

DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab

DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab

FF - ProfilePath - c:\documents and settings\mike lawrence\Application Data\Mozilla\Firefox\Profiles\8mhlfeb4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - prefs.js: network.proxy.ftp - 173.26.135.28

FF - prefs.js: network.proxy.ftp_port - 81

FF - prefs.js: network.proxy.gopher - 173.26.135.28

FF - prefs.js: network.proxy.gopher_port - 81

FF - prefs.js: network.proxy.http - 173.26.135.28

FF - prefs.js: network.proxy.http_port - 81

FF - prefs.js: network.proxy.socks - 173.26.135.28

FF - prefs.js: network.proxy.socks_port - 81

FF - prefs.js: network.proxy.ssl - 173.26.135.28

FF - prefs.js: network.proxy.ssl_port - 81

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npvbplayer.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npvbwmplayer.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-28 13:09

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNETrgbobvpa]

"imagepath"="\systemroot\system32\drivers\SKYNETljrbjawb.sys"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNETrgbobvpa]

@DACL=(02 0000)

"start"=dword:00000001

"type"=dword:00000001

"group"="file system"

"imagepath"=expand:"\\systemroot\\system32\\drivers\\SKYNETljrbjawb.sys"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(804)

c:\windows\system32\MSVCRT40.dll

- - - - - - - > 'explorer.exe'(444)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\hnetcfg.dll

c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\windows\system32\scardsvr.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\netdde.exe

c:\windows\system32\msdtc.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

c:\windows\system32\dllhost.exe

c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

c:\windows\system32\CTSVCCDA.EXE

c:\windows\system32\gearsec.exe

c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft Office\Office12\GrooveAuditService.exe

c:\windows\system32\msiexec.exe

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

c:\program files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

c:\program files\Norton Ghost\Agent\VProSvc.exe

c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

c:\windows\system32\sessmgr.exe

c:\windows\system32\locator.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\dllhost.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\windows\system32\tlntsvr.exe

c:\windows\system32\vssvc.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2009-08-28 13:17 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-28 18:17

Pre-Run: 145,597,169,664 bytes free

Post-Run: 145,448,468,480 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

399 --- E O F --- 2009-03-24 05:11

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.