Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Bot infection, multiple viruses

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Bot infection, multiple viruses

Unread postby ihisatsu » August 9th, 2010, 9:04 pm

Due to a BSOD, my previous post was archived when I couldn't check/respond to my replier. Long story shortened, my 10y/o daughter went exploring Dora-style and infected my PC with a multitude of viruses and some kind of un-killable bot which, I believe, caused my computer to crash along with making my internet connection stutter causing my Internet Provider to threaten to cancel my contract due to complaints of mass mailing (if I understood their message correctly). When my connection stutters, every computer/wireless enabled device has the same disconnect issues. Please help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:51:05 PM, on 8/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedUI.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] "C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MyGarminAgent] "C:\Program Files\Garmin\MyGarminAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Custo ... anager.CAB
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/fa ... lyfeud.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51528C4F-16C1-4022-82DB-286A6F480975}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\go333c~1\goec62~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11877 bytes

7-Zip 4.61 beta
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
aiofw
aioocr
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AviSynth 2.5
Barnyard Invasion
Big Fish Games: Game Manager
Bonjour
CCleaner
CCScore
CDisplay 1.8
center
Compatibility Pack for the 2007 Office system
Data Lifeguard Diagnostic for Windows
Diablo II
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Download Manager 2.3.7
Drivers Install For Linksys Easylink Advisor
DVD Album 1.2.1
DVD Profiler Version 3.6.1
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Express Burn
FBReader for Windows XP
FlashCatch
Garmin City Navigator North America NT 2010.40
Garmin Communicator Plugin
Garmin Communicator Plugin with myGarmin Agent
Garmin USB Drivers
GoGear VIBE Device Manager
Google Apps
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Help_CTR
helptut
helpug
Hero Editor V0.96
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Update
ImgBurn
Impulse
Impulse
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 18
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Kodak EasyShare software
ksdip
LabelPrint
LeapFrog Connect
LeapFrog Connect
LeapFrog Didj Plugin
LightScribe System Software 1.10.23.1
LightScribeTemplateLabeler
Linksys EasyLink Advisor 1.6 (0044)
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
Media Converter for Philips
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Research AutoCollage 2008 version 1.1
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mobile Mouse Server
MobileMe Control Panel
Motorola Phone Tools
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
netbrdg
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX v8.09.04
ObjectDock Plus
ObjectDock Plus 2
OfotoXMI
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
Peggle World of Warcraft Edition
PFConfig 1.0.163
Picasa 3
PVSonyDll
Python 2.5
QuickTime
RAM Defrag (remove only)
Realtek High Definition Audio Driver
RecipeMaster
Remote Control USB Driver
Revo Uninstaller Pro 2.2.3
Rhapsody
Rhapsody Player Engine
Right of Way
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
SFR
SHASTA
Signal
skin0001
SKINXSDK
Skype™ 4.0
Soft Data Fax Modem with SmartCP
Sophos Anti-Rootkit 1.5.4
SpeechRedist
Stanza
Star Trek Voyager Elite Force
Stardock MyColors
Stardock MyColors
staticcr
System Requirements Lab
Torchlight
Trend Micro RUBotted
Unreal Tournament 2004
Unreal Tournament 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2202131)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VideoLAN VLC media player 0.8.6d
Vista Codec Package
VLC Connection Utility 2.01
VLC iPhone Connection Utility
VLC iPhone Connection Utility
VPRINTOL
WavePad Sound Editor
WeatherBug Gadget
Webroot Software
Webroot Software
WildTangent Games
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinPcap 4.1 beta5
WinRAR archiver
WIRELESS
World of Warcraft
Z Engine
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut
Advertisement
Register to Remove

Re: Bot infection, multiple viruses

Unread postby MWR 3 day Mod » August 13th, 2010, 1:26 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 14th, 2010, 9:46 pm

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

Random's System Information Tool (RSIT)
Download Random's System Information Tool (RSIT) by random/random from Here & save it to your desktop.
  • Right click on RSIT.exe then choose Run as Administrator to run the tool
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  • Copy & paste the contents of both logs in your next reply
If info.txt does not minimise to the Task Bar, you will find it in C:\rsit

Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Right click the .exe file then choose Run as Administrator to run the tool. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
  • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
  • Double click the gmer.exe file
  • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
  • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply
To post in next reply:
Contents of log.txt
Contents of info.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 15th, 2010, 4:13 pm

will post when complete.
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 15th, 2010, 7:28 pm

OK, thanks
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 16th, 2010, 4:20 pm

info.txt logfile of random's system information tool 1.08 2010-08-15 13:24:27

======Uninstall list======

-->"C:\Program Files\WildGames\Crazy Chicken Pinball\uninstall\uninstaller.exe"
-->"C:\Program Files\WildGames\FATE Undiscovered Realms\Uninstall.exe"
-->"C:\Program Files\WildGames\Game Console - WildGames\Uninstall.exe"
-->"C:\Program Files\WildGames\Spellagories\Uninstall.exe"
-->"C:\Program Files\WildGames\Wild West Billy\Uninstall.exe"
-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
7-Zip 4.61 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
aiofw-->MsiExec.exe /I{791E3D44-33D3-4446-82AD-5CD4B0169083}
aioocr-->MsiExec.exe /I{3BED0238-3A25-41AE-BC23-316914B5B048}
aioprnt-->MsiExec.exe /I{2A97D5B3-A989-47E1-B207-1CA9E3635655}
aioscnnr-->MsiExec.exe /I{C0251585-1BE8-4278-B3CB-964B6E01C59D}
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Barnyard Invasion-->"C:\Program Files\WildGames\Barnyard Invasion\uninstall\uninstaller.exe"
Big Fish Games: Game Manager-->C:\Program Files\bfgclient\Uninstall.exe
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
center-->MsiExec.exe /I{79E41D91-BA1C-44B9-9358-48E598263ECF}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Data Lifeguard Diagnostic for Windows-->MsiExec.exe /X{E40CE517-0D42-4198-96B4-C8232B257EB5}
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
DVD Album 1.2.1-->"C:\Program Files\DVD Album\unins000.exe"
DVD Profiler Version 3.6.1-->"C:\Program Files\DVD Profiler\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
FBReader for Windows XP-->"C:\Program Files\FBReader\uninstall.exe"
FlashCatch-->"C:\Program Files\FlashCatch\unins000.exe"
Garmin City Navigator North America NT 2010.40-->MsiExec.exe /X{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}
Garmin Communicator Plugin with myGarmin Agent-->MsiExec.exe /X{9D809E65-2088-4367-A169-D6DDDA78D6C6}
Garmin Communicator Plugin-->MsiExec.exe /X{C7DD94A8-F775-426C-B56C-8E555A59F9E2}
Garmin USB Drivers-->MsiExec.exe /X{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
GoGear VIBE Device Manager-->C:\Program Files\InstallShield Installation Information\{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Apps-->MsiExec.exe /I{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Help_CTR-->MsiExec.exe /I{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}
helptut-->MsiExec.exe /I{843081BD-351F-46FC-8A17-517A0D9117A3}
helpug-->MsiExec.exe /I{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}
Hero Editor V0.96-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Impulse-->"C:\ProgramData\{559CD377-B28F-4085-9BFD-A7569B14F947}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\ProgramData\{559CD377-B28F-4085-9BFD-A7569B14F947}\Impulse_setup.exe
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018F0}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kodak EasyShare software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0001_2ee2107a\Setup.exe /APR-REMOVE
ksdip-->MsiExec.exe /I{73F1681F-ADE1-461F-9F18-B7640507D395}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LeapFrog Connect-->C:\Program Files\LeapFrog\LeapFrog Connect\uninst.exe
LeapFrog Connect-->MsiExec.exe /X{CF055C57-A988-42E6-BDAF-E3D94C6973A8}
LeapFrog Didj Plugin-->MsiExec.exe /X{E1521F97-FDA4-460A-8A51-0F512552E42A}
LightScribe System Software 1.10.23.1-->MsiExec.exe /X{0E19A83E-F53B-40CF-8C91-96F32D955E6A}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Converter for Philips-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Research AutoCollage 2008 version 1.1-->MsiExec.exe /I{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mobile Mouse Server-->MsiExec.exe /I{F87F2E18-4720-4F97-B3E5-E930D649D92B}
MobileMe Control Panel-->MsiExec.exe /I{51F96AEC-D902-4434-A0DC-B9692A21AE7C}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{5115C036-C0D5-4E1B-81C9-542CA967478A}\muveesetup.exe -removeonly -runfromtemp
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
ObjectDock Plus 2-->"C:\Program Files\Stardock\ObjectDockPlus2\UninstHelper.exe" /autouninstall objectdockplus2
ObjectDock Plus-->"C:\Program Files\Stardock\ObjectDock\UninstHelper.exe" /autouninstall odp
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
Peggle World of Warcraft Edition-->C:\Program Files\PopCap Games\Peggle World of Warcraft Edition\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle World of Warcraft Edition\Install.log"
PFConfig 1.0.163-->C:\Program Files\PFConfig\uninst.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
RecipeMaster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E5528BD-5079-4B7C-802C-80F9623F9846}\setup.exe" -l0x9
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Revo Uninstaller Pro 2.2.3-->"C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Right of Way-->C:\Windows\IsUninst.exe -f"C:\Program Files\DejaVu Software, Inc.\Right of Way\Uninst.isu"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Signal-->C:\Program Files\Signal\Uninstall.exe
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Sophos Anti-Rootkit 1.5.4-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Stanza-->"C:\Program Files\Stanza\uninstall.exe"
Star Trek Voyager Elite Force-->C:\Windows\IsUninst.exe -f"C:\Program Files\Raven\Star Trek Voyager Elite Force\Ef.isu"
Stardock MyColors-->"C:\ProgramData\{358E2726-5129-4614-9175-3CAA96153DFA}\MyColors.exe" REMOVE=TRUE MODIFY=FALSE
Stardock MyColors-->C:\ProgramData\{358E2726-5129-4614-9175-3CAA96153DFA}\MyColors.exe
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Torchlight-->C:\Program Files\Runic Games\Torchlight\uninstall.exe
Trend Micro RUBotted-->C:\Program Files\InstallShield Installation Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\setup.exe -runfromtemp -l0x0009 -removeonly
Unreal Tournament 2004-->C:\UT2004\System\Setup.exe uninstall "UT2004"
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
VLC Connection Utility 2.01-->"C:\Program Files\Hobbyist Software\VLC Connection Utility\unins000.exe"
VLC iPhone Connection Utility-->MsiExec.exe /I{1E2C3040-1331-4561-BAED-3A4A5E645D61}
VLC iPhone Connection Utility-->MsiExec.exe /I{7C84E006-D044-4441-A294-E318B147476C}
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Webroot Software-->"C:\ProgramData\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\WRInstall.exe" REMOVE=TRUE MODIFY=FALSE
Webroot Software-->C:\ProgramData\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\WRInstall.exe
WildTangent Games-->"C:\Program Files\WildGames\Uninstall.exe"
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_0efc767c\grmnusb.inf
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
WinPcap 4.1 beta5-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Public Test-PTR\Uninstall.exe
Z Engine-->MsiExec.exe /X{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}

======Hosts File======

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

======Security center information======

AS: Windows Defender

=====Application event log=====

Computer Name: Adam-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 491
Source Name: Microsoft-Windows-Search
Time Written: 20081128020250.000000-000
Event Type: Warning
User:

Computer Name: Adam-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1685170627-3577132848-81057928-1000:
Process 556 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1685170627-3577132848-81057928-1000

Record Number: 469
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081128020002.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Adam-PC
Event Code: 1000
Message: Faulting application SYMCUW.exe, version 8.0.0.103, time stamp 0x46cea71a, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception code 0xc0000008, fault offset 0x00074c53, process id 0x4b0, application start time 0x01c950fadcbe1437.
Record Number: 460
Source Name: Application Error
Time Written: 20081128015251.000000-000
Event Type: Error
User:

Computer Name: Adam-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 402
Source Name: Microsoft-Windows-Search
Time Written: 20081128022038.000000-000
Event Type: Warning
User:

Computer Name: WIN-OVWOPS1NA8Q
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 380
Source Name: Microsoft-Windows-WMI
Time Written: 20080505215053.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Adam-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1fa4fa72
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: DARCNISS-PC
Source Network Address: 192.168.1.101
Source Port: 50093

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 82378
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100108033902.498000-000
Event Type: Audit Success
User:

Computer Name: Adam-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1fa4f83a
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: DARCNISS-PC
Source Network Address: 192.168.1.101
Source Port: 50092

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 82377
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100108033902.175000-000
Event Type: Audit Success
User:

Computer Name: Adam-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1fa3de2f

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 82376
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100108033247.481000-000
Event Type: Audit Success
User:

Computer Name: Adam-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1fa3de22

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 82375
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100108033247.478000-000
Event Type: Audit Success
User:

Computer Name: Adam-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1fa3de2f
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: DARCNISS-PC
Source Network Address: 192.168.1.101
Source Port: 50076

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 82374
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100108033236.861000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=7f02
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=HPD
"PCBRAND"=Presario
"OnlineServices"=Online Services
"KDS_LANGUAGE"=13
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.08 (written by random/random)
Run by Adam at 2010-08-15 13:24:14
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 88 GB (38%) free of 229 GB
Total RAM: 2046 MB (40% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\EasyShare Registration Task.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1685170627-3577132848-81057928-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1685170627-3577132848-81057928-1000UA.job
C:\Windows\tasks\HPCeeScheduleForAdam.job
C:\Windows\tasks\Kodak AiO Scheduled Maintenance.job
C:\Windows\tasks\User_Feed_Synchronization-{BF955419-3C2E-4DC3-86C2-CE8E1953218C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-14 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{10CECF4F-A96E-4803-8AC2-F565FB29FF47} - FlashCatch - C:\Program Files\FlashCatch\flashcatch.dll [2009-10-16 1474792]
{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - LastPass Toolbar - C:\Program Files\LastPass\LPBar.dll [2010-02-18 1054920]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
"EKIJ5000StatusMonitor"=C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2009-07-31 1626112]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 1468296]
"MyGarminAgent"=C:\Program Files\Garmin\MyGarminAgent.exe [2009-06-17 331776]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-23 30192]
"WebrootTrayApp"=C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe [2010-07-19 1266336]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-24 39408]
"Google Update"=C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-24 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2009-07-31 1626112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-24 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\hp\support\hpsysdrv.exe [2007-04-18 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [2008-11-25 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2010-04-03 13683816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2010-04-03 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunSpySweeperScheduleAtStartup]
C:\Windows\system32\msfeedssync.exe [2010-05-03 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-24 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-05-18 322352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Adam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Adam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE /tsr []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Air Mouse.lnk - C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Philips GoGear VIBE Device Manager.lnk - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe

C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Impulse Now.lnk - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\google\go333c~1\goec62~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll [2010-03-24 511344]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\Windows\system32\khfDwvWq

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"TaskbarNoNotification"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-15 13:24:14 ----D---- C:\rsit
2010-08-12 13:27:59 ----SHD---- C:\Config.Msi
2010-07-31 19:05:31 ----ASH---- C:\hiberfil.sys
2010-07-31 15:55:21 ----A---- C:\Windows\system32\imageres.dll
2010-07-31 15:49:51 ----DC---- C:\ProgramData\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}
2010-07-29 21:12:54 ----D---- C:\AdobeTemp
2010-07-29 12:17:08 ----A---- C:\Windows\system32\drivers\revoflt.sys
2010-07-29 12:17:03 ----D---- C:\Program Files\VS Revo Group
2010-07-28 17:56:26 ----A---- C:\Windows\Luxor Quest for the Afterlife Uninstall Log.txt
2010-07-28 17:50:22 ----D---- C:\Program Files\Sophos
2010-07-28 17:38:50 ----A---- C:\TDSSKiller.2.4.0.0_28.07.2010_17.38.50_log.txt
2010-07-28 17:33:56 ----A---- C:\TDSSKiller.2.4.0.0_28.07.2010_17.33.56_log.txt
2010-07-27 13:36:34 ----D---- C:\TDSSKiller_Quarantine
2010-07-27 13:34:54 ----A---- C:\TDSSKiller.2.4.0.0_27.07.2010_13.34.54_log.txt
2010-07-27 13:05:00 ----A---- C:\Windows\system32\drivers\TMPassthru.sys
2010-07-27 13:03:54 ----D---- C:\Program Files\Trend Micro
2010-07-26 23:08:37 ----D---- C:\Users\Adam\AppData\Roaming\Malwarebytes
2010-07-26 23:08:21 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-26 23:08:20 ----D---- C:\ProgramData\Malwarebytes
2010-07-26 23:08:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-26 23:08:19 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-26 22:09:37 ----A---- C:\TDSSKiller.2.4.0.0_26.07.2010_22.09.37_log.txt
2010-07-26 21:39:05 ----A---- C:\TDSSKiller.2.4.0.0_26.07.2010_21.39.05_log.txt
2010-07-25 11:45:35 ----A---- C:\Windows\system32\wrLZMA.dll
2010-07-25 11:45:35 ----A---- C:\Windows\system32\SsiEfr.exe
2010-07-25 11:45:34 ----A---- C:\Windows\system32\drivers\ssfmonm.sys
2010-07-25 11:36:04 ----HDC---- C:\ProgramData\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}
2010-07-25 11:35:02 ----D---- C:\ProgramData\webroot
2010-07-22 12:00:54 ----A---- C:\Windows\system32\drivers\jcbggfvh.sys
2010-07-22 12:00:53 ----D---- C:\ProgramData\Update
2010-07-22 12:00:53 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2010-08-15 13:23:57 ----D---- C:\Windows\Prefetch
2010-08-15 13:23:56 ----D---- C:\Windows\Temp
2010-08-15 11:05:10 ----D---- C:\Windows\Tasks
2010-08-15 00:00:40 ----SHD---- C:\System Volume Information
2010-08-12 18:38:31 ----D---- C:\Program Files
2010-08-12 18:38:01 ----SHD---- C:\Windows\Installer
2010-08-12 18:37:52 ----D---- C:\Program Files\Common Files\System
2010-08-12 18:37:09 ----D---- C:\Program Files\Microsoft
2010-08-12 17:17:54 ----D---- C:\ProgramData\Microsoft Help
2010-08-12 17:17:52 ----RSD---- C:\Windows\assembly
2010-08-12 17:17:16 ----SD---- C:\ProgramData\Microsoft
2010-08-12 17:17:16 ----D---- C:\Program Files\Microsoft.NET
2010-08-12 17:17:16 ----D---- C:\Program Files\Microsoft Office
2010-08-12 17:17:16 ----D---- C:\Program Files\Common Files\microsoft shared
2010-08-12 17:17:15 ----D---- C:\Windows\System32
2010-08-12 17:17:13 ----D---- C:\Program Files\Common Files\DESIGNER
2010-08-12 17:17:06 ----D---- C:\Windows\ShellNew
2010-08-12 17:16:39 ----D---- C:\Program Files\MSBuild
2010-08-12 17:16:24 ----RSD---- C:\Windows\Fonts
2010-08-12 13:29:47 ----A---- C:\Windows\win.ini
2010-08-09 20:09:55 ----D---- C:\Windows\system32\config
2010-08-09 20:09:49 ----D---- C:\Windows\system32\Tasks
2010-08-09 20:09:49 ----D---- C:\Windows\system32\spool
2010-08-09 20:09:49 ----D---- C:\Windows\system32\Msdtc
2010-08-09 20:09:49 ----D---- C:\Windows\system32\drivers
2010-08-09 20:09:49 ----D---- C:\Windows\system32\catroot2
2010-08-09 20:09:49 ----D---- C:\Windows
2010-08-09 20:09:48 ----HD---- C:\ProgramData\{358E2726-5129-4614-9175-3CAA96153DFA}
2010-08-09 20:09:48 ----D---- C:\Program Files\Common Files\Stardock
2010-08-09 20:09:46 ----D---- C:\Windows\system32\wbem
2010-08-09 20:09:46 ----D---- C:\Windows\registration
2010-07-31 16:17:12 ----D---- C:\Windows\Panther
2010-07-31 15:50:24 ----D---- C:\Program Files\Stardock
2010-07-31 15:49:51 ----HD---- C:\ProgramData
2010-07-29 21:36:06 ----D---- C:\Program Files\EA GAMES
2010-07-29 21:17:17 ----D---- C:\Program Files\Common Files\Adobe
2010-07-29 21:17:16 ----D---- C:\Program Files\Common Files
2010-07-29 21:15:22 ----D---- C:\Program Files\Adobe
2010-07-29 21:14:31 ----D---- C:\ProgramData\Adobe
2010-07-29 21:07:55 ----D---- C:\Users\Adam\AppData\Roaming\Adobe
2010-07-29 12:44:31 ----D---- C:\Users\Adam\AppData\Roaming\uTorrent
2010-07-29 12:44:31 ----AD---- C:\ProgramData\TEMP
2010-07-28 18:05:20 ----D---- C:\Program Files\MagicDisc
2010-07-28 18:04:13 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-28 17:59:44 ----D---- C:\Windows\winsxs
2010-07-28 17:59:21 ----D---- C:\Program Files\Common Files\Motorola Shared
2010-07-28 17:48:25 ----D---- C:\Program Files\Rising Research
2010-07-28 17:48:13 ----D---- C:\Program Files\Audiosurf
2010-07-27 19:40:33 ----D---- C:\Program Files\The Wonderful End of the World
2010-07-27 19:39:33 ----D---- C:\Users\Adam\AppData\Roaming\Red Kawa
2010-07-27 19:38:18 ----D---- C:\Program Files\Xilisoft
2010-07-27 18:21:05 ----D---- C:\Users\Adam\AppData\Roaming\Mozilla
2010-07-27 13:05:51 ----D---- C:\Windows\system32\catroot
2010-07-27 13:05:49 ----D---- C:\Windows\inf
2010-07-27 01:33:34 ----D---- C:\Windows\nap
2010-07-26 22:05:12 ----D---- C:\Program Files\Thoosje Vista Tweaker
2010-07-26 22:04:29 ----D---- C:\Program Files\NCH Swift Sound
2010-07-26 22:03:35 ----D---- C:\Program Files\MobMapUpdater
2010-07-26 22:03:10 ----D---- C:\Program Files\Graboid
2010-07-26 19:49:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-26 19:20:01 ----D---- C:\Users\Adam\AppData\Roaming\NCH Swift Sound
2010-07-26 19:20:01 ----D---- C:\ProgramData\NCH Swift Sound
2010-07-25 17:32:05 ----D---- C:\Fraps
2010-07-25 17:05:35 ----D---- C:\Windows\Debug
2010-07-25 11:49:16 ----D---- C:\Program Files\Webroot
2010-07-25 11:17:37 ----D---- C:\ProgramData\Google Updater
2010-07-22 12:00:52 ----D---- C:\Program Files\Internet Explorer
2010-07-21 21:30:33 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2007-12-07 140320]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-11-30 685816]
R0 sshrmd;Sshrmd; C:\Windows\system32\DRIVERS\sshrmd.sys [2010-06-17 24496]
R0 ssidrv;Ssidrv; C:\Windows\system32\DRIVERS\ssidrv.sys [2010-06-17 182056]
R2 elagopro;GoProto Protocol Driver for LELA; C:\Windows\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\Windows\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 ssfmonm;ssfmonm; C:\Windows\system32\DRIVERS\ssfmonm.sys [2010-06-17 45072]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device; C:\Windows\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device; C:\Windows\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2008-12-19 30088]
R3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys []
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys []
S3 ayhv2i25;ayhv2i25; C:\Windows\system32\drivers\ayhv2i25.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\EDA5.tmp []
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-11-29 47360]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2008-10-14 4608]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-12-07 131616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-12 13312]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 KodakSvc;Kodak AiO Device Service; C:\Program Files\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe [2010-07-19 3858168]
R2 WindowBlinds;Stardock WindowBlinds; C:\Program Files\Stardock\MyColors\VistaSrv.exe [2009-06-09 230704]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-07-19 3019672]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-20 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-02 194032]
S2 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2010-06-18 246520]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-23 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-12-23 117264]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 16th, 2010, 4:22 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-16 07:53:37
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Adam\AppData\Local\Temp\kwldrpoc.sys


---- System - GMER 1.0.15 ----

SSDT 854246C0 ZwAllocateVirtualMemory
SSDT 85418618 ZwCreateProcess
SSDT 85424B70 ZwCreateProcessEx
SSDT 85424990 ZwCreateThread
SSDT 85424738 ZwQueueApcThread
SSDT 854245D0 ZwReadVirtualMemory
SSDT 85424828 ZwSetContextThread
SSDT 85424A80 ZwSetInformationProcess
SSDT 854248A0 ZwSetInformationThread
SSDT 85424A08 ZwSuspendProcess
SSDT 854247B0 ZwSuspendThread
SSDT 85424AF8 ZwTerminateProcess
SSDT 85424918 ZwTerminateThread
SSDT 85424648 ZwWriteVirtualMemory
SSDT 854244E0 ZwCreateThreadEx
SSDT 85424558 ZwCreateUserProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 131 822BC894 4 Bytes [C0, 46, 42, 85] {ROL BYTE [ESI+0x42], 0x85}
.text ntkrnlpa.exe!KeSetEvent + 209 822BC96C 8 Bytes [18, 86, 41, 85, 70, 4B, 42, ...]
.text ntkrnlpa.exe!KeSetEvent + 221 822BC984 4 Bytes [90, 49, 42, 85]
.text ntkrnlpa.exe!KeSetEvent + 4E5 822BCC48 4 Bytes [38, 47, 42, 85]
.text ntkrnlpa.exe!KeSetEvent + 4FD 822BCC60 4 Bytes [D0, 45, 42, 85]
.text ...
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
? System32\Drivers\jcbggfvh.sys A device attached to the system is not functioning. !
.text USBPORT.SYS!DllUnload 887A741B 5 Bytes JMP 8683D770
.text ayhv2i25.SYS 8CB2A000 22 Bytes [82, 03, 5D, 82, 6C, 02, 5D, ...]
.text ayhv2i25.SYS 8CB2A017 181 Bytes [00, 32, 47, D0, 82, 3D, 45, ...]
.text ayhv2i25.SYS 8CB2A0CE 73 Bytes [00, 00, 00, 00, 01, C2, 03, ...]
.text ayhv2i25.SYS 8CB2A118 185 Bytes [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text ayhv2i25.SYS 8CB2A1D2 22 Bytes [E0, C2, E2, 84, E3, 46, E6, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskeng.exe[256] kernel32.dll!VirtualProtect 768C1DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[256] USER32.dll!SetWindowPlacement 76827963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[256] USER32.dll!MoveWindow 7682989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[256] USER32.dll!SetWindowPos 768335E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[256] USER32.dll!SetWindowPos + 3 768335E6 2 Bytes [80, EF]
.text C:\Windows\system32\taskeng.exe[256] USER32.dll!DeferWindowPos 7683467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[256] USER32.dll!EndPaint 7683A28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[256] USER32.dll!BeginPaint 7683A2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[256] USER32.dll!GetWindowRect 76840E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[256] USER32.dll!GetWindowPlacement 768538E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[468] kernel32.dll!VirtualProtect 768C1DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[468] USER32.dll!SetWindowPlacement 76827963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[468] USER32.dll!MoveWindow 7682989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[468] USER32.dll!SetWindowPos 768335E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[468] USER32.dll!SetWindowPos + 3 768335E6 2 Bytes [80, EF]
.text C:\Windows\system32\taskeng.exe[468] USER32.dll!DeferWindowPos 7683467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[468] USER32.dll!EndPaint 7683A28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[468] USER32.dll!BeginPaint 7683A2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[468] USER32.dll!GetWindowRect 76840E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[468] USER32.dll!GetWindowPlacement 768538E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3292] kernel32.dll!VirtualProtect 768C1DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3292] USER32.dll!SetWindowPlacement 76827963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3292] USER32.dll!MoveWindow 7682989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3292] USER32.dll!SetWindowPos 768335E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3292] USER32.dll!SetWindowPos + 3 768335E6 2 Bytes [80, EF]
.text C:\Users\Adam\Desktop\gmer.exe[3292] USER32.dll!DeferWindowPos 7683467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3292] USER32.dll!EndPaint 7683A28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3292] USER32.dll!BeginPaint 7683A2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3292] USER32.dll!GetWindowRect 76840E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3292] USER32.dll!GetWindowPlacement 768538E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4264] ntdll.dll!KiUserExceptionDispatcher + A 77AC5DD2 5 Bytes JMP 000160C0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4264] kernel32.dll!VirtualProtect 768C1DC3 5 Bytes JMP 00015300 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4264] kernel32.dll!LoadLibraryExW 768E9109 5 Bytes [33, C0, C2, 0C, 00] {XOR EAX, EAX; RET 0xc}
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4264] kernel32.dll!VirtualFree 769040AA 5 Bytes JMP 000152E0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4264] kernel32.dll!VirtualAlloc 7690AD55 5 Bytes JMP 000152B0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4264] kernel32.dll!CreateFileA 7690CE5F 5 Bytes JMP 00014940 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Windows\Explorer.EXE[4416] kernel32.dll!VirtualProtect 768C1DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[4416] USER32.dll!SetWindowPlacement 76827963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[4416] USER32.dll!MoveWindow 7682989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[4416] USER32.dll!SetWindowPos 768335E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[4416] USER32.dll!SetWindowPos + 3 768335E6 2 Bytes [80, EF]
.text C:\Windows\Explorer.EXE[4416] USER32.dll!DeferWindowPos 7683467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[4416] USER32.dll!DrawTextW 768397D3 5 Bytes JMP 6605C0F9 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[4416] USER32.dll!EndPaint 7683A28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[4416] USER32.dll!BeginPaint 7683A2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[4416] USER32.dll!GetWindowRect 76840E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[4416] USER32.dll!GetWindowPlacement 768538E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program[4876] kernel32.dll!VirtualProtect 768C1DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program[4876] USER32.dll!SetWindowPlacement 76827963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program[4876] USER32.dll!MoveWindow 7682989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program[4876] USER32.dll!SetWindowPos 768335E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program[4876] USER32.dll!SetWindowPos + 3 768335E6 2 Bytes [80, EF]
.text C:\Program[4876] USER32.dll!DeferWindowPos 7683467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program[4876] USER32.dll!EndPaint 7683A28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program[4876] USER32.dll!BeginPaint 7683A2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program[4876] USER32.dll!GetWindowRect 76840E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program[4876] USER32.dll!GetWindowPlacement 768538E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4892] kernel32.dll!VirtualProtect 768C1DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4892] USER32.dll!SetWindowPlacement 76827963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4892] USER32.dll!MoveWindow 7682989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4892] USER32.dll!SetWindowPos 768335E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4892] USER32.dll!SetWindowPos + 3 768335E6 2 Bytes [80, EF]
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4892] USER32.dll!DeferWindowPos 7683467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4892] USER32.dll!EndPaint 7683A28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4892] USER32.dll!BeginPaint 7683A2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4892] USER32.dll!GetWindowRect 76840E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4892] USER32.dll!GetWindowPlacement 768538E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[5008] kernel32.dll!VirtualProtect 768C1DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[5008] USER32.dll!SetWindowPlacement 76827963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[5008] USER32.dll!MoveWindow 7682989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[5008] USER32.dll!SetWindowPos 768335E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[5008] USER32.dll!SetWindowPos + 3 768335E6 2 Bytes [80, EF]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[5008] USER32.dll!DeferWindowPos 7683467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[5008] USER32.dll!EndPaint 7683A28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[5008] USER32.dll!BeginPaint 7683A2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[5008] USER32.dll!GetWindowRect 76840E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[5008] USER32.dll!GetWindowPlacement 768538E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5432] kernel32.dll!VirtualProtect 768C1DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5432] USER32.dll!SetWindowPlacement 76827963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5432] USER32.dll!MoveWindow 7682989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5432] USER32.dll!SetWindowPos 768335E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5432] USER32.dll!SetWindowPos + 3 768335E6 2 Bytes [80, EF]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5432] USER32.dll!DeferWindowPos 7683467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5432] USER32.dll!EndPaint 7683A28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5432] USER32.dll!BeginPaint 7683A2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5432] USER32.dll!GetWindowRect 76840E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5432] USER32.dll!GetWindowPlacement 768538E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8681C098
Device \FileSystem\Ntfs \Ntfs 84A4E1E8
Device \FileSystem\fastfat \FatCdrom 87B50790
Device \Driver\volmgr \Device\VolMgrControl 84A4A1E8
Device \Driver\usbohci \Device\USBPDO-0 868411E8
Device \Driver\usbehci \Device\USBPDO-1 8682E1E8
Device \Driver\nvstor32 \Device\00000056 84A4D1E8
Device \Driver\nvstor32 \Device\00000057 84A4D1E8
Device \Driver\volmgr \Device\HarddiskVolume1 84A4A1E8
Device \Driver\volmgr \Device\HarddiskVolume2 84A4A1E8
Device \Driver\cdrom \Device\CdRom0 868491E8
Device \Driver\USBSTOR \Device\00000065 87BA9790
Device \Driver\cdrom \Device\CdRom1 868491E8
Device \Driver\volmgr \Device\HarddiskVolume3 84A4A1E8
Device \Driver\atapi \Device\Ide\IdePort0 84A4C1E8
Device \Driver\atapi \Device\Ide\IdePort1 84A4C1E8
Device \Driver\USBSTOR \Device\00000066 87BA9790
Device \Driver\cdrom \Device\CdRom2 868491E8
Device \Driver\netbt \Device\NetBT_Tcpip_{51528C4F-16C1-4022-82DB-286A6F480975} 8E6AF1E8
Device \Driver\netbt \Device\NetBt_Wins_Export 8E6AF1E8
Device \Driver\PCI_NTPNP8708 \Device\0000004b sptd.sys
Device \Driver\volmgr \Device\HarddiskVolume65 84A4A1E8
Device \Driver\nvstor32 \Device\RaidPort0 84A4D1E8
Device \Driver\iScsiPrt \Device\RaidPort1 8683B1E8
Device \Driver\usbohci \Device\USBFDO-0 868411E8
Device \Driver\usbehci \Device\USBFDO-1 8682E1E8
Device \Driver\USBSTOR \Device\000000f7 87BA9790
Device \Driver\ayhv2i25 \Device\Scsi\ayhv2i251Port4Path0Target1Lun0 868531E8
Device \Driver\ayhv2i25 \Device\Scsi\ayhv2i251Port4Path0Target0Lun0 868531E8
Device \Driver\ayhv2i25 \Device\Scsi\ayhv2i251 868531E8
Device \Driver\USBSTOR \Device\000000f8 87BA9790
Device \FileSystem\fastfat \Fat 87B50790

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.EXE [4416] 0x67910000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.EXE [4416] 0x68730000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.EXE [4416] 0x6C610000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.EXE [4416] 0x747A0000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.EXE [4416] 0x663D0000
Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.EXE [4416] 0x68210000
Library C:\Program (*** hidden *** ) @ C:\Program [4876] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [4876] 0x68730000
Library C:\Program (*** hidden *** ) @ C:\Program [4876] 0x6C610000
Library C:\Program (*** hidden *** ) @ C:\Program [4876] 0x67910000
Library C:\Program (*** hidden *** ) @ C:\Program [4876] 0x747A0000

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] jcbggfvh <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\jcbggfvh@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\jcbggfvh@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jcbggfvh@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jcbggfvh@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xFD 0x14 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x83 0xAA 0xCE 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8D 0xBE 0xE0 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x8E 0x64 0x92 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\Services\jcbggfvh@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\jcbggfvh@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\jcbggfvh@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\jcbggfvh@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xFD 0x14 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x83 0xAA 0xCE 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8D 0xBE 0xE0 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x8E 0x64 0x92 0x5C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CB32676-1BF9-C844-3D10-275E46703089}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CB32676-1BF9-C844-3D10-275E46703089}@abcoiafodchjifjihbmjngibjdehpjogpk 0x61 0x62 0x65 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CB32676-1BF9-C844-3D10-275E46703089}@bbcoiafodchjifjihbpjagfoecfbfogfmhlj 0x61 0x62 0x6A 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE72919B-4354-D8B2-1A22-E7CD6449212D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE72919B-4354-D8B2-1A22-E7CD6449212D}@hageggimffbflelf 0x69 0x61 0x6D 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE72919B-4354-D8B2-1A22-E7CD6449212D}@iaafaggiffhehldjal 0x69 0x61 0x6E 0x6A ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\EA GAMES\The Sims 2 H&M\xae Fashion Stuff\EAUninstall.exe 32

---- EOF - GMER 1.0.15 ----
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 16th, 2010, 7:51 pm

Hi

Why you should not be using MSconfig to control startups!!

1. MSconfig was designed to be used only as a temporary debugging/troubleshooting tool. It was not meant to be used for long term solutions.
2. MSconfig does not show all startups anyway.
3. If you uninstall programs while they are being disabled with MSconfig, they will not be uninstall properly and you will have to resort to manual registry editing to properly get everything removed. MSconfig will leave orphan entries if/when installed software is uninstalled while under the control of MSconfig . When/if MSconfig is turned back to normal startup, it will give errors on boot due to those orphan entries.
4. MSconfig and Services:
  • If you uninstall programs while you have some of the programs services being controlled with MSconfig, the programs will not be uninstall properly and you will have to resort to manual registry editing to get everything properly removed.
  • When you uncheck a service in msconfig, you completely disable it. If you uncheck the wrong one, you may not be able to restart your computer.
  • It is safer to control services by using Control Panel, Administrative Tools, Services (this runs services.msc).
5. You can lock malware items into your registry that you may not see anymore until some point in time where you switch back to Normal Startup mode and now you can cause total reinfection of your PC with the malware. You need to remove the malware not mask it.
If you still don't understand why not to use MSconfig, see what Microsoft writes Here

The System Configuration utility helps you find problems with your Windows XP configuration. It does not manage the programs that run when Windows starts.



WinPcap 4.1 beta5 - Did you install this yourself?

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Double-click TFC.exe to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 17th, 2010, 12:10 am

Ran both programs, cleaned over 600MB with Temp cleaner, Combofix generated error box with no dialog and an "OK" box, clicked ok, scan proceeded, it rebooted my computer, no log file found. I checked C:\ and did a scan for combofix.txt with no luck. I am setting MSConfig to Normal startup and no, i do not recall installing WinPCap 4.1 (have no idea what that is). please advise.
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 17th, 2010, 1:42 am

Hi

Delete the copy of ComboFix you have & download it again:
Link 1
Link 2

Re-run ComboFix, then post the log, if it produces one.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 17th, 2010, 1:32 pm

Re-downloaded, ran again, no error dialog this time. However, there was a window telling me that PEV.EXE stopped working, I didn't click any buttons and let the message stay on the screen while combofix finished scanning and watched my computer reboot without complication. Searced for combofix.txt in the c:\ drive, cannot find.
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 17th, 2010, 7:06 pm

OK

There should be a folder on your C drive named Qoobox. Have a look in that folder. There should be at least one ComboFix.txt log there. There should also be a log named ComboFix-quarantined-files.txt
Post the contents of the logs.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 17th, 2010, 9:45 pm

I found the Folder called Qoobox, searched everywhere, there are no txt files like the ones you specified, nothing with the name Combofix even. I see the following folders:
BackEnv, LastRun, Quarantine, Test, TestC

I'm selecting Run as Administrator, is there anything I'm missing?
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 18th, 2010, 1:18 am

Hi

OK, see if there is another folder at C:\ named ComboFix. If it's there check that folder for the ComboFix.txt log/s. if present post the contents of the logs. Please don't list the contents of that folder if present, other than to let me know if the logs are present.
Failing that delete the following folder listed in red:
C:\Qoobox\LastRun
Then boot your computer into Safe Mode & try running ComboFix from there. If successful & ComboFix needs to reboot your computer, make sure you boot back to Safe Mode to allow ComboFix to finish. Once finished you can reboot back to Normal Mode.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 18th, 2010, 2:28 am

No such folder.
Deleted LastRun folder and booted to safe mode.
Ran Combofix as Administrator, got Administrator access errors right away (during the restore point creation phase, I believe).
Combofix began scanning, received another Administrator access error after phase 38 or so, last entry after phase 50 listed some file called "jcbggfvh", then computer rebooted.
During reboot, initiated safe mode boot option.
Screen black, no boot yet, has been 20 min.
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 312 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware