Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HELP! Computer infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HELP! Computer infected

Unread postby Axephilic » November 21st, 2008, 9:04 pm

Ok, lets just leave HijackThis for now. Do you still have ComboFix on your desktop? Or is that gone from when you did the System Restore?

RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US
Advertisement
Register to Remove

Re: HELP! Computer infected

Unread postby kiyt13 » November 21st, 2008, 9:19 pm

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jarett at 2008-11-21 20:10:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 36 GB (67%) free of 54 GB
Total RAM: 894 MB (33% free)


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C1AA693-0D8B-0199-BDC4-EF0C72CB10FA}]
adsoftinc browser enhancer - C:\WINDOWS\system32\xqbtwuobfynmqnflm.dll [2008-11-20 325632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-09-22 282624]
"emMON"=C:\WINDOWS\emMON.exe [2006-05-30 61440]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-09-22 761947]
"prunnet"=C:\WINDOWS\system32\prun.exe [2008-11-09 34816]
"iesvcmon"=C:\WINDOWS\system32\iesvcmon.exe [2008-11-19 465920]
"zvvaqgioovjiesmyv"=C:\WINDOWS\System32\regsvr32.exe [2008-04-13 11776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"prunnet"=C:\WINDOWS\system32\prun.exe [2008-11-09 34816]
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe [2008-11-19 35840]
"brastk"=C:\WINDOWS\system32\brastk.exe [2008-11-21 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2006-08-23 1032192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
C:\Dell\DellHelp\DellHelp.exe [2004-04-01 1589248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
c:\dell\E-Center\EULALauncher.exe [2006-11-17 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-02-18 206184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
C:\Program Files\Verizon\McciTrayApp.exe [2007-09-28 936960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
C:\PROGRA~1\CISCOS~1\CLEANA~1\CCAAGE~1.EXE [2007-12-07 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jarett^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE [2006-12-06 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-09-23 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Blubster\Blubster.exe"="C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{147b81c0-c30a-11dc-9394-0015c5c37754}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57221c32-d697-11dc-93a8-0015c5c37754}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abbff808-1efa-11dd-93fb-0015c5c37754}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de9ed79e-eb01-11dc-93c1-0015c5c37754}]
shell\AutoRun\command - E:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2008-11-21 20:10:22 ----D---- C:\rsit
2008-11-21 18:01:52 ----D---- C:\WINDOWS\LastGood
2008-11-19 19:45:40 ----A---- C:\WINDOWS\system32\wini10894.exe
2008-11-19 19:41:18 ----A---- C:\WINDOWS\brastk.exe
2008-11-19 19:38:53 ----A---- C:\WINDOWS\system32\TDSSahvw.dll
2008-11-19 19:38:52 ----A---- C:\WINDOWS\system32\TDSSpuaq.dll
2008-11-19 19:38:51 ----A---- C:\WINDOWS\system32\TDSSurgi.dll
2008-11-19 19:38:51 ----A---- C:\WINDOWS\system32\TDSSckve.dll
2008-11-19 19:38:48 ----A---- C:\WINDOWS\system32\brastk.exe
2008-11-19 19:38:46 ----A---- C:\WINDOWS\system32\TDSSedwv.dll
2008-11-19 19:28:32 ----SHD---- C:\RECYCLER
2008-11-19 19:15:15 ----A---- C:\ComboFix.txt
2008-11-19 18:54:56 ----A---- C:\Boot.bak
2008-11-19 18:54:44 ----RASHD---- C:\cmdcons
2008-11-19 18:52:36 ----A---- C:\WINDOWS\zip.exe
2008-11-19 18:52:36 ----A---- C:\WINDOWS\VFIND.exe
2008-11-19 18:52:36 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-19 18:52:36 ----A---- C:\WINDOWS\SWSC.exe
2008-11-19 18:52:36 ----A---- C:\WINDOWS\SWREG.exe
2008-11-19 18:52:36 ----A---- C:\WINDOWS\sed.exe
2008-11-19 18:52:36 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-19 18:52:36 ----A---- C:\WINDOWS\grep.exe
2008-11-19 18:52:36 ----A---- C:\WINDOWS\fdsv.exe
2008-11-19 18:52:20 ----D---- C:\WINDOWS\ERDNT
2008-11-19 18:52:20 ----D---- C:\Qoobox
2008-11-19 18:52:18 ----D---- C:\ComboFix
2008-11-19 17:08:41 ----A---- C:\WINDOWS\system32\cont_adsoftinc-remove.exe
2008-11-19 17:08:32 ----A---- C:\WINDOWS\system32\gnqwbysrhk.exe
2008-11-19 17:08:19 ----A---- C:\WINDOWS\system32\iesvcmon.exe
2008-11-16 00:29:10 ----D---- C:\Program Files\Trend Micro
2008-11-11 21:19:51 ----SHD---- C:\Config.Msi
2008-11-11 21:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 21:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 21:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 19:22:33 ----D---- C:\Program Files\AV9
2008-11-09 19:22:31 ----D---- C:\Program Files\Webtools
2008-11-09 19:19:11 ----A---- C:\WINDOWS\system32\uqypok.dll
2008-11-09 19:19:11 ----A---- C:\WINDOWS\system32\qigap.com
2008-11-09 19:19:11 ----A---- C:\WINDOWS\system32\kymuqefi.bat
2008-11-09 19:19:11 ----A---- C:\WINDOWS\system32\debytat.com
2008-11-09 19:19:11 ----A---- C:\Documents and Settings\Jarett\Application Data\liko.dll
2008-11-09 19:19:11 ----A---- C:\Documents and Settings\All Users\Application Data\ypyxamapo.vbs
2008-11-09 14:47:36 ----D---- C:\WINDOWS\Minidump
2008-11-09 14:39:57 ----A---- C:\WINDOWS\system32\TDSSlxwp.dll
2008-11-09 14:39:55 ----A---- C:\WINDOWS\system32\TDSSxfum.dll
2008-11-09 14:39:39 ----A---- C:\WINDOWS\system32\TDSSoiqh.dll
2008-11-09 14:38:55 ----A---- C:\WINDOWS\system32\mkrnl.exe
2008-11-09 14:38:32 ----D---- C:\Documents and Settings\Jarett\Application Data\NI.GSCNS
2008-11-09 14:38:22 ----D---- C:\WINDOWS\system32\sX3i19
2008-11-09 14:38:18 ----D---- C:\Temp
2008-11-09 14:38:01 ----A---- C:\WINDOWS\system32\prun.exe
2008-11-06 22:52:58 ----D---- C:\Program Files\MSECache
2008-11-06 22:51:54 ----A---- C:\FileFormatConverters.exe
2008-11-02 14:35:13 ----D---- C:\Program Files\uTorrent
2008-11-02 14:35:07 ----D---- C:\Documents and Settings\Jarett\Application Data\uTorrent
2008-11-02 11:09:47 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-02 11:09:02 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-02 11:08:24 ----D---- C:\WINDOWS\SHELLNEW
2008-11-02 11:07:24 ----D---- C:\Program Files\Microsoft.NET
2008-11-02 11:05:21 ----RHD---- C:\MSOCache
2008-10-30 11:24:26 ----A---- C:\WINDOWS\system32\xqbtwuobfynmqnflm.dll
2008-10-28 10:20:32 ----A---- C:\WINDOWS\system32\nspF.dll
2008-10-26 22:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-21 19:26:43 ----D---- C:\Program Files\Mozilla Firefox
2008-11-21 18:02:08 ----D---- C:\WINDOWS\system32\dllcache
2008-11-21 18:02:04 ----D---- C:\WINDOWS\Temp
2008-11-21 18:02:03 ----D---- C:\WINDOWS\system32
2008-11-21 18:02:01 ----HD---- C:\WINDOWS\inf
2008-11-21 18:02:01 ----D---- C:\WINDOWS\Help
2008-11-21 18:01:52 ----D---- C:\WINDOWS
2008-11-21 18:01:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-21 17:32:35 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-11-20 22:04:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-20 21:44:51 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-20 21:21:24 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-11-19 20:12:20 ----D---- C:\WINDOWS\system32\drivers
2008-11-19 19:37:17 ----D---- C:\WINDOWS\Prefetch
2008-11-19 19:17:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-19 19:10:52 ----A---- C:\WINDOWS\system.ini
2008-11-19 19:08:44 ----D---- C:\WINDOWS\system32\config
2008-11-19 19:04:31 ----D---- C:\Program Files\Common Files
2008-11-19 19:04:30 ----D---- C:\WINDOWS\AppPatch
2008-11-19 18:58:32 ----D---- C:\Program Files
2008-11-19 18:54:56 ----RASH---- C:\boot.ini
2008-11-17 20:55:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-15 20:41:13 ----D---- C:\WINDOWS\Registration
2008-11-11 21:22:31 ----D---- C:\Documents and Settings\Jarett\Application Data\HP
2008-11-11 21:20:42 ----SHD---- C:\WINDOWS\Installer
2008-11-11 21:06:59 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-11 21:06:57 ----A---- C:\WINDOWS\imsins.BAK
2008-11-11 21:05:41 ----D---- C:\WINDOWS\WinSxS
2008-11-11 20:44:34 ----D---- C:\QUARANTINE
2008-11-07 20:47:17 ----D---- C:\Documents and Settings\Jarett\Application Data\AdobeUM
2008-11-06 22:53:30 ----RSD---- C:\WINDOWS\Fonts
2008-11-06 22:53:19 ----D---- C:\Program Files\Microsoft Office
2008-11-06 22:53:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-06 22:07:17 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-02 11:11:27 ----AC---- C:\WINDOWS\ODBC.INI
2008-11-02 11:10:57 ----RSD---- C:\WINDOWS\assembly
2008-11-02 11:10:41 ----A---- C:\WINDOWS\win.ini
2008-11-02 11:08:28 ----D---- C:\Program Files\Common Files\System
2008-11-02 11:05:30 ----D---- C:\WINDOWS\system

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-12-13 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-09-23 1681920]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-15 28544]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-22 1171464]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-09-22 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 10912219;10912219; C:\WINDOWS\System32\drivers\10912219.sys []
S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB28xxBGA;USB 2820 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 292864]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-21 7168]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-09-23 401408]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-21 168432]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2005-05-04 9150464]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-08-23 380928]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.04 2008-11-21 20:10:26

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advertisement Service-->C:\WINDOWS\system32\prun.exe Uninstall
AIM 6-->C:\Program Files\AIM6\uninst.exe
AMD Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Catalyst Control Center-->MsiExec.exe /I{AC6AE077-1566-4655-BE73-38A869C150DC}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Cisco Clean Access Agent-->MsiExec.exe /X{04010300-6D72-4D54-8686-91D884A27B5C}
Cisco Clean Access Agent-->MsiExec.exe /X{41C18715-AFF0-49E9-B940-287A50532D33}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Contextual Tool Adsoftinc-->C:\WINDOWS\system32\cont_adsoftinc-remove.exe
Corel Snapfire Plus-->MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DPS-->"C:\WINDOWS\system32\iesvcmon.exe" -u
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet 8.0 Software-->C:\Program Files\HP\Digital Imaging\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}\setup\hpzscr01.exe -datfile hphscr13.dat -showdisconnect -forcereboot
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Smart Web Printing 1.0-->MsiExec.exe /X{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OIN Analytics-->C:\Program Files\OINAnalytics\Uninstall.exe
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
RON Tool Adsoftinc-->C:\WINDOWS\system32\gnqwbysrhk.exe
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
kiyt13
Active Member
 
Posts: 10
Joined: November 16th, 2008, 1:44 am

Re: HELP! Computer infected

Unread postby Axephilic » November 22nd, 2008, 1:29 pm

Hello,

  1. Please download OTMoveIt3.exe from Geeks to Go and save it to your desktop.
  2. Double click on OTMoveIt3.exe to run it.
  3. Please copy and paste the following in the Code box into OTMoveIt3 (1).

    Warning: Do not type it out to prevent any typo errors and damaging your machine.

    Code: Select all
    :Services
    10912219
    
    :Files
    C:\WINDOWS\system32\wini10894.exe
    C:\WINDOWS\brastk.exe
    C:\WINDOWS\system32\TDSSahvw.dll
    C:\WINDOWS\system32\TDSSpuaq.dll
    C:\WINDOWS\system32\TDSSurgi.dll
    C:\WINDOWS\system32\TDSSckve.dll
    C:\WINDOWS\system32\brastk.exe
    C:\WINDOWS\system32\TDSSedwv.dll
    C:\WINDOWS\system32\cont_adsoftinc-remove.exe
    C:\WINDOWS\system32\gnqwbysrhk.exe
    C:\WINDOWS\system32\iesvcmon.exe
    C:\Program Files\AV9
    C:\Program Files\Webtools
    C:\WINDOWS\system32\uqypok.dll
    C:\WINDOWS\system32\qigap.com
    C:\WINDOWS\system32\kymuqefi.bat
    C:\WINDOWS\system32\debytat.com
    C:\Documents and Settings\Jarett\Application Data\liko.dll
    C:\Documents and Settings\All Users\Application Data\ypyxamapo.vbs
    C:\WINDOWS\system32\TDSSlxwp.dll
    C:\WINDOWS\system32\TDSSxfum.dll
    C:\WINDOWS\system32\TDSSoiqh.dll
    C:\WINDOWS\system32\mkrnl.exe
    C:\Documents and Settings\Jarett\Application Data\NI.GSCNS
    C:\WINDOWS\system32\sX3i19
    C:\WINDOWS\system32\prun.exe
    C:\Program Files\uTorrent
    C:\Documents and Settings\Jarett\Application Data\uTorrent
    C:\WINDOWS\system32\xqbtwuobfynmqnflm.dll
    C:\WINDOWS\system32\nspF.dll
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C1AA693-0D8B-0199-BDC4-EF0C72CB10FA}]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "prunnet"=-
    "iesvcmon"=-
    "zvvaqgioovjiesmyv"=-
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "prunnet"=-
    "brastk"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\Blubster\Blubster.exe"=-
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    
    :Commands
    [EmptyTemp]
    [Reboot]


    Please refer to this image to use OTMoveIt3.

    Image

  4. Click on MoveIt! (2)
  5. Click Exit (3) when done.


Run GMER
Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.
  6. Double click on gmer.exe to run it.
  7. Select the Rootkit tab.
  8. On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  9. Select all drives that are connected to your system to be scanned.
  10. Click on the Scan button.
  11. When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  12. Open Notepad or a similar text editor.
  13. Paste the clipboard contents into the text editor.
  14. Save the Gmer scan log and post it in your next reply.
  15. Close Gmer.
  16. Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  17. In Command Prompt, type in net stop gmer. Press Enter.
  18. Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.


In your next reply, please include:
  1. OTMoveIt3 log
  2. GMER log
  3. Try and run HijackThis again after restarting and make a new log if it will run

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: HELP! Computer infected

Unread postby Axephilic » November 25th, 2008, 4:39 pm

Hello,

THREE DAY BUMP!

It has been three days since my last post.

  • Do you still need help with this?
  • Do you need more time?
  • Are you having problems following my instructions?

If after 48 hours you have not replied to this thread, then it will have to be closed!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: HELP! Computer infected

Unread postby Shaba » November 28th, 2008, 1:58 pm

Due to lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware