Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan and Malware Galore [Solved]

Started by Navy Seal , Jul 19 2009 05:26 PM

This topic is locked

#1
Navy Seal

Posted 19 July 2009 - 05:26 PM

Member

Member
119 posts

Hey there! I've been having a lot of computer problems as of late. A lot of trojan warnings have been popping up, and i haven't been able to get rid of any of them. I will post my hijackthis log below. Thanks for the help in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:33 PM, on 7/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\dlcicoms.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Creative\Mixer\CTSVolFE.exe
H:\WINDOWS\stsystra.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Dell AIO Printer 946\dlcimon.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\wscsvc32.exe
H:\WINDOWS\system32\net.exe
H:\WINDOWS\system32\net1.exe
H:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - H:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - H:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSVolFE.exe] "H:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCICATS] rundll32 H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "H:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "H:\Program Files\Dell Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Protection System] H:\Program Files\Protection System\psystem.exe
O4 - Startup: ERUNT AutoBackup.lnk = H:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &AIM Search - h:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - H:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211744901000
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlci_device - - H:\WINDOWS\system32\dlcicoms.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8501 bytes

#2
Navy Seal

Posted 20 July 2009 - 01:32 AM

Member

Topic Starter
Member
119 posts

Update:

Here are some of the names of the trojans and worm names that have been popping up.

trojan.win.agent.dcc
virus.win32.gpcode.ak
backdoor.win32.kbot.al
email-worm.win32.netsky.q
backdoor.win32.agent.ich
trojan.win32.agent.dcc
net-worm.win32.dipnet.d

#3
fenzodahl512

Posted 20 July 2009 - 04:32 AM

Malware Removal
9,863 posts

Hello and welcome to Geekstogo.. Don't do anything to the computer yet..

virus.win32.gpcode.ak

This one is extremey nasty.. I would advice you to backup ALL of your data/documents/pictures/movies/songs/etc and save it somewhere else like external drives.. Tell me if you can open the documents correctly such as PowerPoint, MS-Words, Photoshop, PDF, etc..

#4
Navy Seal

Posted 20 July 2009 - 11:44 AM

Member

Topic Starter
Member
119 posts

Hello Fenz, and thank you for your response.

See i dont know if i have that virus...but i had this protection thing (that i didn't install) telling me i had it..a red circle with an X inside was in my tray bar, as well as the microsoft shield secuirty center being red saying no virus protection. I don't have a clue as to what my computer is infected with, but hopefully you do haha!

I have my computer partitioned for Vista and XP. MSWord is not accessible on the XP version so i wasn't able to see if i could load it. XP is the only OS ive used for the past few months. Should i try to go on vista to open it?

#5
fenzodahl512

Posted 20 July 2009 - 12:23 PM

Malware Removal
9,863 posts

Hello.. Please see below for the detail about GPCode virus

http://www.viruslist...?virusid=313444

Its not fun at all as it will encrypt in such manner that you may not access your file anymore.. That's why before doing any cleaning process, I would ask you to backup all your documents/data etc so that you won't lose it.. Please backup your data now before we continue with the fixes.. And please try access your data with another clean pc to verify it has not been encrypted yet by this nasty virus.. If it does, please follow the link above very closely

#6
Navy Seal

Posted 20 July 2009 - 12:30 PM

Member

Topic Starter
Member
119 posts

I backed up all the necessary files. They're still accessible..so maybe im not infected with it! Sounds pretty nasty though...ready when you are for the cleanup!

#7
fenzodahl512

Posted 20 July 2009 - 12:51 PM

Malware Removal
9,863 posts

Ok then, lets roll

Please download The Comedian.exe by Rorschach112 to your desktop

Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
Double click the program to run it. It will only take around several minutes to run.
It will do a series of tasks and tell you when each one is finished.
You will be prompted to press any key after each step
When it is done it will close and exit itself automatically.
You can delete The_Comedian.exe once it is finished

STOP! if you can't complete this step.. Tell me more about it..

NEXT

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

NEXT

Please download RSIT by random/random and save it to your Desktop.

Double click on RSIT.exe to run RSIT
Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

NEXT

Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS

Open the renamed program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results

Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

#8
Navy Seal

Posted 20 July 2009 - 10:13 PM

Member

Topic Starter
Member
119 posts

Ok I did all the scans you had listed above, but I ran into a few problems.

When I ran The Comedian, it created the ERUNT program, as well as a registry file I believe titled NTREGOPT. When I click it, a box comes up saying, This program optimizes the registry files of your Windows NT/2000/XP system. Click OK to start the process.

What does this do, and was I suppose to run it or the ERUNT program?

Also during The comedian processes, when it tried to create a restore point, a box came up saying could not create a restore point. A couple days ago I also realized I couldn't restore my computer back to an earlier date, as well as all of my restore points being non existent.

I had Malwarebytes installed on my computer, but I couldn't get it to run. So I uninstalled it, and tried to reinstall it. The setup got to the Extracting Files part, but froze there. I couldn't get a malwarebytes log to give you.

When I ran the gamer program, at the end a box came up saying Warning gmer has found system modification caused by a rootkit activity.

I'll post the logs in separate responses below.

Thanks in advance for your help!

Attached Files

gamer.txt 30.73KB 173 downloads

Edited by Navy Seal, 20 July 2009 - 10:19 PM.

#9
Navy Seal

Posted 20 July 2009 - 10:15 PM

Member

Topic Starter
Member
119 posts

INFO.txt LOG

info.txt logfile of random's system information tool 1.06 2009-07-20 23:55:01

======Uninstall list======

-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9
-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove
-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9
-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->H:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->H:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6-->H:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"H:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
America's Army 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/13140
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->H:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battlefield 1942-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Clue-->H:\WINDOWS\IsUninst.exe -f"H:\Program Files\Hasbro Interactive\Clue\Uninst.isu"
Conexant D850 56K V.9x DFVc Modem-->H:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell AIO Printer 946-->H:\Program Files\Dell AIO Printer 946\Install\x86\Uninst.exe
Dell PC Fax-->H:\Program Files\Dell Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Dell ResourceCD-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DesertCombat 0.7-->H:\WINDOWS\iun6002.exe "H:\Program Files\EA GAMES\Battlefield 1942\DesertCombat.ini"
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection H:\WINDOWS\INF\DXM51.INF,Uninstall.NT
ERUNT 1.1j-->"H:\Program Files\ERUNT\unins000.exe"
HijackThis 2.0.2-->"H:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman: Blood Money-->"C:\Program Files\Steam\steam.exe" steam://uninstall/6860
Hotfix for Windows Internet Explorer 7 (KB947864)-->"H:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"H:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"H:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"H:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"H:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"H:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"H:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PRO Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Linksys Wireless-G PCI Adapter-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
LiveUpdate 3.2 (Symantec Corporation)-->"H:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"H:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"H:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"H:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"H:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NVIDIA Drivers-->H:\WINDOWS\System32\nvudisp.exe UninstallGUI
Panda ActiveScan 2.0-->H:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Print to Fax-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Security Update for Windows Internet Explorer 7 (KB938127)-->"H:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"H:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"H:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"H:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"H:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"H:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"H:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"H:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"H:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"H:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"H:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"H:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"H:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"H:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"H:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"H:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"H:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"H:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"H:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"H:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"H:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"H:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"H:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"H:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"H:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"H:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"H:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"H:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"H:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"H:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"H:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"H:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"H:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"H:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"H:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"H:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"H:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"H:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"H:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"H:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"H:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"H:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"H:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"H:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"H:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"H:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"H:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"H:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"H:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"H:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"H:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"H:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"H:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"H:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"H:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"H:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"H:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"H:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"H:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"H:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"H:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"H:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"H:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"H:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"H:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"H:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"H:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"H:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"H:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"H:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"H:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"H:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"H:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"H:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"H:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"H:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"H:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"H:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"H:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"H:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"H:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"H:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"H:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"H:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"H:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"H:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"H:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"H:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"H:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"H:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy-->"H:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB898461)-->"H:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"H:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"H:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"H:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"H:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"H:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"H:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"H:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"H:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"H:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"H:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"H:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"H:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"H:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"H:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"H:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Viewpoint Media Player-->H:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
WarZone Client v1.0.41-->H:\PROGRA~1\WarZone\UNWISE.EXE H:\PROGRA~1\WarZone\INSTALL.LOG
Windows Installer 3.1 (KB893803)-->"H:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"H:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"H:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"H:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"H:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"H:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->H:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->H:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->H:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->H:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->H:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->H:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"H:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->H:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->H:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Xpress Mail Professional Edition-->"H:\Program Files\Xpress Mail\Professional Editon\Uninstall.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {7B5F3E58-C5ED-40F9-B446-3B49CC34DD36} - H:\WINDOWS\system32\avwa.dll [2008-07-09]
O2 - BHO: (no name) - {669AC196-6F92-47FC-A943-576455675194} - H:\WINDOWS\system32\avwa.dll [2008-07-09]
O2 - BHO: (no name) - {E3B379EB-DE2F-443B-9DFD-A937E791E44D} - H:\WINDOWS\system32\avwa.dll [2008-07-09]
O2 - BHO: (no name) - {58AA813B-8CB8-4766-9601-81EFD7E16357} - H:\WINDOWS\system32\ddcDuSkk.dll (file missing) [2008-07-09]
O20 - Winlogon Notify: ssqOHxWQ - ssqOHxWQ.dll (file missing) [2008-07-09]

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: AVG Anti-Virus Free
AV: Protection System (outdated)

======System event log======

Computer Name: STEPHEN
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Record Number: 2153
Source Name: DCOM
Time Written: 20080613042535.000000-240
Event Type: error
User: STEPHEN\Stearns

Computer Name: STEPHEN
Event Code: 7000
Message: The PfModNT service failed to start due to the following error:
The system cannot find the file specified.

Record Number: 2127
Source Name: Service Control Manager
Time Written: 20080613042332.000000-240
Event Type: error
User:

Computer Name: STEPHEN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 2107
Source Name: Tcpip
Time Written: 20080612162941.000000-240
Event Type: warning
User:

Computer Name: STEPHEN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 2103
Source Name: Tcpip
Time Written: 20080612054044.000000-240
Event Type: warning
User:

Computer Name: STEPHEN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 2102
Source Name: Tcpip
Time Written: 20080612050222.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: STEPHEN
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 72
Source Name: .NET Runtime Optimization Service
Time Written: 20080525232645.000000-240
Event Type:
User:

Computer Name: STEPHEN
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Accessibility, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 70
Source Name: .NET Runtime Optimization Service
Time Written: 20080525232636.000000-240
Event Type:
User:

Computer Name: STEPHEN
Event Code: 1001
Message: Fault bucket 287084659.

Record Number: 64
Source Name: Application Error
Time Written: 20080525230858.000000-240
Event Type: error
User:

Computer Name: STEPHEN
Event Code: 1000
Message: Faulting application smixerfe.exe, version 1.0.3.0, faulting module mxlib.dll, version 2.0.1.0, fault address 0x00005580.

Record Number: 63
Source Name: Application Error
Time Written: 20080525230856.000000-240
Event Type: error
User:

Computer Name: STEPHEN
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 51
Source Name: ASP.NET 2.0.50727.0
Time Written: 20080525224648.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;H:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;H:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=H:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#10
Navy Seal

Posted 20 July 2009 - 10:16 PM

Member

Topic Starter
Member
119 posts

LOG.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stearns at 2009-07-20 23:54:25
Microsoft Windows XP Home Edition Service Pack 2
System drive H: has 20 GB (61%) free of 32 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:30 PM, on 7/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\dlcicoms.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Creative\Mixer\CTSVolFE.exe
H:\WINDOWS\stsystra.exe
H:\Program Files\Dell AIO Printer 946\dlcimon.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\Iexplore.exe
H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
H:\Documents and Settings\Stearns\Desktop\RSIT.exe
H:\Program Files\Trend Micro\HijackThis\Stearns.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - H:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - H:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSVolFE.exe] "H:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCICATS] rundll32 H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "H:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "H:\Program Files\Dell Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Protection System] H:\Program Files\Protection System\psystem.exe
O4 - Startup: ERUNT AutoBackup.lnk = H:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &AIM Search - h:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - H:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211744901000
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlci_device - - H:\WINDOWS\system32\dlcicoms.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8510 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - H:\Program Files\AVG\AVG8\avgssie.dll [2009-07-19 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - H:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - H:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - H:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=H:\WINDOWS\System32\NvCpl.dll [2007-06-01 8429568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=H:\WINDOWS\System32\NvMcTray.dll [2007-06-01 81920]
"CTSVolFE.exe"=H:\Program Files\Creative\Mixer\CTSVolFE.exe [2005-02-23 57344]
"SigmatelSysTrayApp"=H:\WINDOWS\stsystra.exe [2006-03-20 282624]
"AVG8_TRAY"=H:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-05 1948440]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DLCICATS"=rundll32 H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16 []
"dlcimon.exe"=H:\Program Files\Dell AIO Printer 946\dlcimon.exe [2007-01-12 435696]
"FaxCenterServer"=H:\Program Files\Dell Fax Solutions\fm3032.exe [2006-12-08 312200]
"iTunesHelper"=H:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"SunJavaUpdateSched"=H:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"QuickTime Task"=H:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Aim6"= []
"SUPERAntiSpyware"=H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []
"SpybotSD TeaTimer"=H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Protection System"=H:\Program Files\Protection System\psystem.exe []

H:\Documents and Settings\Stearns\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - H:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
H:\WINDOWS\system32\avgrsstx.dll [2009-07-05 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\AVG\AVG8\avgupd.exe"="H:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"H:\Program Files\AVG\AVG8\avgemc.exe"="H:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Steam\steamapps\kung48fu\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\kung48fu\counter-strike\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"H:\Program Files\XMPChat\XMPChat Client.exe"="H:\Program Files\XMPChat\XMPChat Client.exe:*:Enabled:XMPChat Client"
"H:\Program Files\Internet Explorer\iexplore.exe"="H:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"H:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe"="H:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe:*:Enabled:XpressMailDesktopClient"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"H:\Program Files\Messenger\msmsgs.exe"="H:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"H:\WINDOWS\system32\dlcicoms.exe"="H:\WINDOWS\system32\dlcicoms.exe:*:Enabled:Lexmark Communications System"
"H:\Program Files\Dell AIO Printer 946\DLCImon.exe"="H:\Program Files\Dell AIO Printer 946\DLCImon.exe:*:Enabled:Device Monitor"
"H:\Program Files\Dell AIO Printer 946\DLCIaiox.exe"="H:\Program Files\Dell AIO Printer 946\DLCIaiox.exe:*:Enabled:All In One Center"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"H:\Program Files\Common Files\AOL\Loader\aolload.exe"="H:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"H:\Program Files\AIM6\aim6.exe"="H:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Steam\steamapps\kung48fu\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\kung48fu\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\hitman blood money\HitmanBloodMoney.exe"="C:\Program Files\Steam\steamapps\common\hitman blood money\HitmanBloodMoney.exe:*:Enabled:Hitman: Blood Money"
"C:\Program Files\Steam\steamapps\common\hitman blood money\configure.exe"="C:\Program Files\Steam\steamapps\common\hitman blood money\configure.exe:*:Enabled:Hitman: Blood Money"
"C:\Program Files\Steam\steamapps\killer1493\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\killer1493\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe"="C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3"
"H:\Program Files\Bonjour\mDNSResponder.exe"="H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"H:\Program Files\iTunes\iTunes.exe"="H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 3 months======

2009-07-20 23:54:25 ----D---- H:\rsit
2009-07-20 03:50:06 ----A---- H:\WINDOWS\system32\javaws.exe
2009-07-20 03:50:06 ----A---- H:\WINDOWS\system32\javaw.exe
2009-07-20 03:50:06 ----A---- H:\WINDOWS\system32\java.exe
2009-07-19 18:22:48 ----A---- H:\WINDOWS\system32\resdll.dll
2009-07-18 03:58:50 ----A---- H:\WINDOWS\system32\GEARAspi.dll
2009-07-18 03:58:26 ----D---- H:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-18 03:57:08 ----DC---- H:\WINDOWS\system32\DRVSTORE
2009-07-18 03:57:08 ----A---- H:\WINDOWS\system32\usbaaplrc.dll
2009-07-18 03:56:56 ----D---- H:\Documents and Settings\All Users\Application Data\Apple
2009-07-06 19:12:26 ----D---- H:\Program Files\Spybot - Search & Destroy
2009-07-06 19:09:47 ----D---- H:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-07-06 19:09:45 ----D---- H:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-06 19:09:43 ----D---- H:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-07-06 19:09:39 ----D---- H:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-07-06 16:14:51 ----D---- H:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-06-30 03:52:36 ----A---- H:\WINDOWS\system32\xactengine2_9.dll
2009-06-30 03:52:36 ----A---- H:\WINDOWS\system32\d3dx9_35.dll
2009-06-30 03:52:36 ----A---- H:\WINDOWS\system32\d3dx10_35.dll
2009-06-30 03:52:36 ----A---- H:\WINDOWS\system32\D3DCompiler_35.dll
2009-06-30 03:52:35 ----A---- H:\WINDOWS\system32\xactengine2_8.dll
2009-06-30 03:52:35 ----A---- H:\WINDOWS\system32\x3daudio1_2.dll
2009-06-30 03:52:35 ----A---- H:\WINDOWS\system32\d3dx9_34.dll
2009-06-30 03:52:35 ----A---- H:\WINDOWS\system32\d3dx10_34.dll
2009-06-30 03:52:35 ----A---- H:\WINDOWS\system32\D3DCompiler_34.dll
2009-06-30 03:52:34 ----A---- H:\WINDOWS\system32\xinput1_3.dll
2009-06-30 03:52:33 ----A---- H:\WINDOWS\system32\xactengine2_7.dll
2009-06-30 03:52:31 ----A---- H:\WINDOWS\system32\d3dx10_33.dll
2009-06-30 03:52:31 ----A---- H:\WINDOWS\system32\D3DCompiler_33.dll
2009-06-30 03:52:28 ----A---- H:\WINDOWS\system32\d3dx9_33.dll
2009-06-30 03:52:27 ----A---- H:\WINDOWS\system32\xactengine2_6.dll
2009-06-30 03:52:27 ----A---- H:\WINDOWS\system32\xactengine2_5.dll
2009-06-30 03:52:27 ----A---- H:\WINDOWS\system32\d3dx9_32.dll
2009-06-30 03:52:26 ----A---- H:\WINDOWS\system32\xactengine2_4.dll
2009-06-30 03:52:26 ----A---- H:\WINDOWS\system32\xactengine2_3.dll
2009-06-30 03:52:26 ----A---- H:\WINDOWS\system32\x3daudio1_1.dll
2009-06-30 03:52:26 ----A---- H:\WINDOWS\system32\d3dx9_31.dll
2009-06-30 03:52:25 ----A---- H:\WINDOWS\system32\xinput1_2.dll
2009-06-30 03:52:25 ----A---- H:\WINDOWS\system32\xinput1_1.dll
2009-06-30 03:52:25 ----A---- H:\WINDOWS\system32\xactengine2_2.dll
2009-06-30 03:52:24 ----A---- H:\WINDOWS\system32\xactengine2_1.dll
2009-06-30 03:52:18 ----A---- H:\WINDOWS\system32\d3dx9_30.dll
2009-06-30 03:52:17 ----A---- H:\WINDOWS\system32\xactengine2_0.dll
2009-06-30 03:52:17 ----A---- H:\WINDOWS\system32\x3daudio1_0.dll
2009-06-30 03:52:17 ----A---- H:\WINDOWS\system32\d3dx9_29.dll
2009-06-30 03:52:17 ----A---- H:\WINDOWS\system32\d3dx9_28.dll
2009-06-30 03:52:16 ----A---- H:\WINDOWS\system32\xinput9_1_0.dll
2009-06-30 03:52:16 ----A---- H:\WINDOWS\system32\d3dx9_27.dll
2009-06-30 03:52:16 ----A---- H:\WINDOWS\system32\d3dx9_26.dll
2009-06-30 03:52:15 ----A---- H:\WINDOWS\system32\d3dx9_25.dll
2009-06-30 03:52:14 ----A---- H:\WINDOWS\system32\d3dx9_24.dll
2009-06-23 02:55:07 ----D---- H:\Program Files\ESEA
2009-06-23 02:47:30 ----A---- H:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 3 months======

2009-07-20 23:53:47 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-07-20 23:51:35 ----D---- H:\WINDOWS\system32\drivers
2009-07-20 23:45:02 ----D---- H:\WINDOWS\ERDNT
2009-07-20 23:44:43 ----D---- H:\Program Files\ERUNT
2009-07-20 23:38:23 ----D---- H:\WINDOWS\Temp
2009-07-20 23:38:23 ----D---- H:\WINDOWS\system32
2009-07-20 23:37:21 ----D---- H:\WINDOWS\system32\CatRoot2
2009-07-20 14:29:10 ----D---- H:\WINDOWS\Prefetch
2009-07-20 13:50:34 ----D---- H:\Config.Msi
2009-07-20 13:50:33 ----D---- H:\Program Files\QuickTime
2009-07-20 13:50:25 ----SHD---- H:\WINDOWS\Installer
2009-07-20 10:00:10 ----HD---- H:\$AVG8.VAULT$
2009-07-20 03:50:05 ----D---- H:\Program Files\Java
2009-07-20 03:28:43 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-07-20 03:03:40 ----D---- H:\Program Files\SUPERAntiSpyware
2009-07-20 03:03:40 ----D---- H:\Program Files\Common Files\Wise Installation Wizard
2009-07-19 23:16:09 ----D---- H:\WINDOWS
2009-07-19 23:15:01 ----RD---- H:\Program Files
2009-07-19 19:46:25 ----D---- H:\Documents and Settings\Stearns\Application Data\Mozilla
2009-07-19 19:13:38 ----D---- H:\Documents and Settings\All Users\Application Data\avg8
2009-07-18 20:24:56 ----D---- H:\Documents and Settings\Stearns\Application Data\Apple Computer
2009-07-18 18:52:50 ----D---- H:\Documents and Settings\Stearns\Application Data\mIRC
2009-07-18 04:06:14 ----HD---- H:\WINDOWS\inf
2009-07-18 03:58:49 ----D---- H:\Program Files\iTunes
2009-07-18 03:58:28 ----D---- H:\Program Files\Common Files\Apple
2009-07-18 03:58:10 ----D---- H:\Program Files\Bonjour
2009-07-18 03:57:34 ----D---- H:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-18 03:57:20 ----SD---- H:\WINDOWS\Tasks
2009-07-18 03:57:17 ----D---- H:\Program Files\Apple Software Update
2009-07-12 10:26:33 ----D---- H:\WINDOWS\system32\wbem
2009-07-12 05:10:26 ----D---- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-08 03:56:53 ----D---- H:\Documents and Settings\Stearns\Application Data\Ventrilo
2009-07-05 23:40:44 ----D---- H:\Documents and Settings\Stearns\Application Data\Ruckus Network
2009-07-05 23:39:00 ----A---- H:\WINDOWS\system32\avgrsstx.dll
2009-07-05 23:31:22 ----D---- H:\WINDOWS\system32\config
2009-07-05 23:31:10 ----D---- H:\WINDOWS\Registration
2009-06-30 03:53:44 ----A---- H:\WINDOWS\system32\PnkBstrA.exe
2009-06-30 03:53:20 ----A---- H:\WINDOWS\system32\PnkBstrB.exe
2009-06-30 03:52:37 ----D---- H:\WINDOWS\system32\DirectX
2009-06-30 03:52:24 ----RSD---- H:\WINDOWS\assembly
2009-06-30 03:52:19 ----D---- H:\WINDOWS\Microsoft.NET
2009-06-23 02:48:41 ----D---- H:\WINDOWS\Debug
2009-06-23 02:41:21 ----D---- H:\Program Files\Dl_cats

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; H:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-05 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; H:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-05 27784]
R1 AvgTdiX;AVG8 Network Redirector; H:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-23 108552]
R1 intelppm;Intel Processor Driver; H:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; H:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 OMCI;OMCI; H:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; H:\WINDOWS\System32\DRIVERS\AegisP.sys [2008-05-25 20747]
R2 mdmxsdk;mdmxsdk; H:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmcomm;tmcomm; \??\H:\WINDOWS\system32\drivers\tmcomm.sys []
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; H:\WINDOWS\System32\DRIVERS\e1e5132.sys [2007-08-30 242320]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\H:\WINDOWS\system32\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; H:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; H:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; H:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; H:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; H:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 nv;nv; H:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-06-01 6738880]
R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); H:\WINDOWS\System32\DRIVERS\RT61.sys [2005-10-27 356096]
R3 STHDA;SigmaTel High Definition Audio CODEC; H:\WINDOWS\system32\drivers\sthda.sys [2006-03-20 1156648]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; H:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; H:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; H:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; H:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; H:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; H:\WINDOWS\system32\drivers\WmBEnum.sys [2003-03-25 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; H:\WINDOWS\system32\drivers\WmXlCore.sys [2003-03-25 40256]
S1 SASDIFSV;SASDIFSV; \??\H:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\H:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S2 PfModNT;PfModNT; \??\H:\WINDOWS\System32\PfModNT.sys []
S3 BCM42RLY;BCM42RLY; \??\H:\WINDOWS\System32\BCM42RLY.SYS []
S3 MBAMCatchMe;MBAMCatchMe; \??\H:\WINDOWS\system32\drivers\mbamcatchme.sys []
S3 PnkBstrK;PnkBstrK; \??\H:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SASENUM;SASENUM; \??\H:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; H:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 WmFilter;Logitech WingMan HID Filter Driver; H:\WINDOWS\system32\drivers\WmFilter.sys [2003-03-25 21216]
S3 WmVirHid;Logitech Virtual Hid Device Driver; H:\WINDOWS\system32\drivers\WmVirHid.sys [2003-03-25 5728]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-04 611664]
R2 Apple Mobile Device;Apple Mobile Device; H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8emc;AVG8 E-mail Scanner; H:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-05 907032]
R2 avg8wd;AVG8 WatchDog; H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-05 298776]
R2 Bonjour Service;Bonjour Service; H:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 dlci_device;dlci_device; H:\WINDOWS\system32\dlcicoms.exe [2006-12-08 537480]
R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\System32\nvsvc32.exe [2007-06-01 163908]
R2 PnkBstrA;PnkBstrA; H:\WINDOWS\system32\PnkBstrA.exe [2009-06-30 75064]
R2 PnkBstrB;PnkBstrB; H:\WINDOWS\system32\PnkBstrB.exe [2009-06-30 189288]
R3 iPod Service;iPod Service; H:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Viewpoint Manager Service;Viewpoint Manager Service; H:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WMP54Gv4SVC;WMP54Gv4SVC; H:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2004-02-06 41025]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 LiveUpdate;LiveUpdate; H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

#11
fenzodahl512

Posted 21 July 2009 - 03:41 AM

Malware Removal
9,863 posts

NTREGOPT is to optimize your Registry setting, although I personally don't know how effective could it be.. What we want is ERUNT.. I believe you got that installed as you can see the NTREGOPT

The computer has rootkit inside it.. Lets do this..

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:

Tools->Options->Main tab
Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

#12
Navy Seal

Posted 21 July 2009 - 11:23 AM

Member

Topic Starter
Member
119 posts

1. Ran the combo fix, but a couple problems arised. I turned off my anti virus, firewall, and spyware programs, and it still said i had avg running anyway. Pretty sure it was off though.

2. When it asked to install the recovery console i clicked ok, a box popped up saying that it failed to install the required files..abort.

3. A box popped up saying ComboFix has detected the presence of rootkit activity and needs to reboot the machine. Kindly note down on paper, the name of each file. We may need it later. Do you need the names of these files?

4. After it rebooted my machine, it asked again if i wanted to install the recovery console, i clicked ok, and i didn't get the error box about the files not being able to be installed.

Below is my log from the scan.

ComboFix 09-07-20.05 - Stearns 07/21/2009 13:12.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1617 [GMT -4:00]
Running from: h:\documents and settings\Stearns\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\13e3a70.msi
c:\windows\Installer\155b41b7.msp
c:\windows\Installer\155b41c8.msp
c:\windows\Installer\155b41d0.msp
c:\windows\Installer\155b41d7.msp
c:\windows\Installer\1ab43bd9.msp
c:\windows\Installer\1ab43beb.msp
c:\windows\Installer\1ab43bfd.msp
c:\windows\Installer\1ab868.msp
c:\windows\Installer\1cd8d90.msi
c:\windows\Installer\1e956f3.msi
c:\windows\Installer\1e956f8.msi
c:\windows\Installer\1ed0b0f0.msp
c:\windows\Installer\1ed0b102.msp
c:\windows\Installer\1ed0b115.msp
c:\windows\Installer\1ed0b127.msp
c:\windows\Installer\1ed0b139.msp
c:\windows\Installer\1f234ef2.msi
c:\windows\Installer\2076547.msi
c:\windows\Installer\244526.msi
c:\windows\Installer\286b345.msp
c:\windows\Installer\286b358.msp
c:\windows\Installer\29170332.msp
c:\windows\Installer\2d175a.msp
c:\windows\Installer\2d176c.msp
c:\windows\Installer\2d178b.msp
c:\windows\Installer\2d179b.msp
c:\windows\Installer\2d189c.msp
c:\windows\Installer\2d18a7.msp
c:\windows\Installer\2d18b1.msp
c:\windows\Installer\2d18b9.msp
c:\windows\Installer\2d18cd.msp
c:\windows\Installer\2d18e1.msp
c:\windows\Installer\2d18f4.msp
c:\windows\Installer\2d1907.msp
c:\windows\Installer\2f5b76ec.msp
c:\windows\Installer\2f5b76f4.msp
c:\windows\Installer\2f5b76fc.msp
c:\windows\Installer\2fb74d.msp
c:\windows\Installer\2fb75d.msp
c:\windows\Installer\315f4a.msi
c:\windows\Installer\319574.msp
c:\windows\Installer\31957b.msp
c:\windows\Installer\31959a.msp
c:\windows\Installer\3195ab.msp
c:\windows\Installer\3195b6.msp
c:\windows\Installer\3195bc.msp
c:\windows\Installer\3398672.msi
c:\windows\Installer\34b5ec.msi
c:\windows\Installer\382ab42d.msi
c:\windows\Installer\382ab438.msp
c:\windows\Installer\382ab440.msp
c:\windows\Installer\4481485d.msp
c:\windows\Installer\4481486f.msp
c:\windows\Installer\4c6ca4c.msi
c:\windows\Installer\4d64bbf.msi
c:\windows\Installer\4f21284.msi
c:\windows\Installer\4f2128d.msi
c:\windows\Installer\4f212b2.msp
c:\windows\Installer\4f212c3.msp
c:\windows\Installer\4f212d4.msp
c:\windows\Installer\4f212e6.msp
c:\windows\Installer\4f212f7.msp
c:\windows\Installer\4f21309.msp
c:\windows\Installer\4f2131a.msp
c:\windows\Installer\4f21320.msi
c:\windows\Installer\4f21330.msp
c:\windows\Installer\4fa7677.msp
c:\windows\Installer\54a3ac0.msi
c:\windows\Installer\54d2e30.msi
c:\windows\Installer\54d2e35.msi
c:\windows\Installer\54d2e3a.msi
c:\windows\Installer\54d2e3f.msi
c:\windows\Installer\54d2e44.msi
c:\windows\Installer\54d2e49.msi
c:\windows\Installer\54d2e50.msi
c:\windows\Installer\54d2e56.msi
c:\windows\Installer\54d2e5b.msi
c:\windows\Installer\54d2e60.msi
c:\windows\Installer\54d2e67.msi
c:\windows\Installer\5c1d9a.msp
c:\windows\Installer\5c1dad.msp
c:\windows\Installer\5c1dbf.msp
c:\windows\Installer\5c1dd1.msp
c:\windows\Installer\66ed36.msi
c:\windows\Installer\66ed3b.msi
c:\windows\Installer\66ed41.msp
c:\windows\Installer\66ed52.msp
c:\windows\Installer\66ed63.msp
c:\windows\Installer\92add73.msi
c:\windows\Installer\9a50814.msp
c:\windows\Installer\9a5081d.msp
c:\windows\Installer\9a50826.msp
c:\windows\Installer\9b122b3.msi
c:\windows\Installer\9b12559.msi
c:\windows\Installer\9b12879.msi
c:\windows\Installer\9b12888.msi
c:\windows\Installer\c2fcaa1.msi
c:\windows\Installer\cf69af2.msi
c:\windows\Installer\cf69afd.msi
c:\windows\Installer\d10037.msi
c:\windows\Installer\de6f7.msi
c:\windows\Installer\e0ca4.msp
c:\windows\Installer\e0cad.msp
c:\windows\Installer\e0cb6.msp
c:\windows\Installer\f5b0473.msp
c:\windows\Installer\f5b0485.msp
h:\$recycle.bin\S-1-5-21-3717018928-1745147974-576139371-1000
h:\windows\010112010146118114.dat
h:\windows\0101120101464849.dat
h:\windows\system32\drivers\UACneamiolbcb.sys
h:\windows\system32\resdll.dll
h:\windows\system32\UACayghqkters.dll
h:\windows\system32\UACdligcramac.dll
h:\windows\system32\UACfjtpdvbrxn.log
h:\windows\system32\UACgayihxgexq.dll
h:\windows\system32\uacinit.dll
h:\windows\system32\UACklxnmesdne.dll
h:\windows\system32\UACoelqmxrogd.db
h:\windows\system32\UACrklmmjfgah.dll
h:\windows\system32\UACserysmijll.dat
h:\windows\system32\UACtvstexahtw.dll

h:\windows\system32\proquota.exe was missing
Restored copy from - h:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-21 04:35 . 2009-07-21 04:35 -------- d-----w- h:\program files\Ventrilo
2009-07-21 03:54 . 2009-07-21 03:55 -------- d-----w- H:\rsit
2009-07-21 03:51 . 2009-07-13 17:36 19096 ----a-w- h:\windows\system32\drivers\mbam.sys
2009-07-20 08:07 . 2009-07-20 08:06 102664 ----a-w- h:\windows\system32\drivers\tmcomm.sys
2009-07-20 07:51 . 2009-07-20 08:14 -------- d-----w- h:\documents and settings\Stearns\.housecall6.6
2009-07-20 07:49 . 2009-07-20 07:49 152576 ----a-w- h:\documents and settings\Stearns\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-20 07:45 . 2009-07-13 17:36 38160 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2009-07-18 07:58 . 2009-03-19 20:32 23400 ----a-w- h:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-18 07:58 . 2008-04-17 16:12 107368 ----a-w- h:\windows\system32\GEARAspi.dll
2009-07-18 07:58 . 2009-07-18 07:58 -------- d-----w- h:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-18 07:57 . 2009-07-18 07:57 -------- d-----w- h:\documents and settings\Stearns\Local Settings\Application Data\Apple
2009-07-18 07:57 . 2009-07-18 07:58 -------- dc----w- h:\windows\system32\DRVSTORE
2009-07-18 07:57 . 2009-07-09 16:16 39424 ----a-w- h:\windows\system32\drivers\usbaapl.sys
2009-07-18 07:57 . 2009-07-09 16:16 2060288 ----a-w- h:\windows\system32\usbaaplrc.dll
2009-07-18 07:56 . 2009-07-18 08:06 -------- d-----w- h:\docume~1\ALLUSE~1\APPLIC~1\Apple
2009-07-06 23:12 . 2009-07-07 20:37 -------- d-----w- h:\program files\Spybot - Search & Destroy
2009-07-06 23:10 . 2009-07-07 20:37 117760 ----a-w- h:\documents and settings\Stearns\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-06 23:09 . 2009-07-06 23:09 -------- d-----w- h:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-06 23:09 . 2009-07-06 23:09 -------- d-----w- h:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-06 23:09 . 2009-07-06 23:09 -------- d-----w- h:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-06 23:09 . 2009-07-06 23:09 -------- d-----w- h:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-06 23:07 . 2009-07-06 23:07 6144 ----a-w- h:\documents and settings\Stearns\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
2009-07-06 23:07 . 2009-07-06 23:07 22528 ----a-w- h:\documents and settings\Stearns\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
2009-07-06 20:14 . 2009-07-06 20:14 -------- d-----w- h:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-07-06 20:14 . 2009-07-06 20:14 -------- d-----w- h:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-06 03:31 . 2009-07-06 03:31 -------- d-----w- h:\windows\system32\wbem\Repository
2009-06-30 07:53 . 2009-06-30 07:53 -------- d-----w- h:\documents and settings\Stearns\Local Settings\Application Data\PunkBuster
2009-06-23 06:55 . 2009-06-23 06:55 -------- d-----w- h:\program files\ESEA
2009-06-23 06:47 . 2009-05-21 15:33 410984 ----a-w- h:\windows\system32\deploytk.dll
2009-06-23 06:46 . 2009-06-23 06:46 152576 ----a-w- h:\documents and settings\Stearns\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 07:11 . 2008-05-27 10:33 -------- d-----w- h:\documents and settings\Stearns\Application Data\mIRC
2009-07-21 04:35 . 2008-05-26 03:16 -------- d-----w- h:\documents and settings\Stearns\Application Data\Ventrilo
2009-07-21 04:34 . 2008-05-26 23:44 -------- d-----w- h:\program files\Common Files\Wise Installation Wizard
2009-07-21 03:53 . 2008-06-07 21:40 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2009-07-21 03:44 . 2008-07-09 20:23 -------- d-----w- h:\program files\ERUNT
2009-07-20 17:50 . 2008-06-05 00:10 -------- d-----w- h:\program files\QuickTime
2009-07-20 07:50 . 2008-05-26 03:13 -------- d-----w- h:\program files\Java
2009-07-20 07:03 . 2008-06-07 21:44 -------- d-----w- h:\program files\SUPERAntiSpyware
2009-07-19 23:13 . 2008-05-26 23:16 -------- d-----w- h:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-19 00:24 . 2008-06-05 00:10 -------- d-----w- h:\documents and settings\Stearns\Application Data\Apple Computer
2009-07-18 07:58 . 2008-06-05 00:10 -------- d-----w- h:\program files\iTunes
2009-07-18 07:58 . 2008-06-05 00:09 -------- d-----w- h:\program files\Common Files\Apple
2009-07-18 07:58 . 2008-06-05 00:10 -------- d-----w- h:\program files\Bonjour
2009-07-18 07:57 . 2008-06-05 00:10 -------- d-----w- h:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
2009-07-18 07:57 . 2008-06-05 00:09 -------- d-----w- h:\program files\Apple Software Update
2009-07-12 09:10 . 2008-05-26 23:40 -------- d-----w- h:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-06 03:40 . 2008-06-04 23:49 -------- d-----w- h:\documents and settings\Stearns\Application Data\Ruckus Network
2009-07-06 03:39 . 2008-05-26 23:16 11952 ----a-w- h:\windows\system32\avgrsstx.dll
2009-07-06 03:39 . 2008-05-26 23:16 335752 ----a-w- h:\windows\system32\drivers\avgldx86.sys
2009-07-06 03:39 . 2008-05-26 23:16 27784 ----a-w- h:\windows\system32\drivers\avgmfx86.sys
2009-06-30 07:53 . 2008-05-26 23:54 137888 ----a-w- h:\windows\system32\drivers\PnkBstrK.sys
2009-06-30 07:53 . 2008-05-26 23:53 75064 ----a-w- h:\windows\system32\PnkBstrA.exe
2009-06-30 07:53 . 2008-05-26 23:54 189288 ----a-w- h:\windows\system32\PnkBstrB.exe
2009-06-23 19:25 . 2008-05-26 23:16 108552 ----a-w- h:\windows\system32\drivers\avgtdix.sys
2009-06-23 06:41 . 2008-06-05 17:19 -------- d-----w- h:\program files\Dl_cats
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 14:36 1008896 ----a-w- h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="h:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="h:\windows\System32\NvCpl.dll" [2007-06-01 8429568]
"NvMediaCenter"="h:\windows\System32\NvMcTray.dll" [2007-06-01 81920]
"CTSVolFE.exe"="h:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"AVG8_TRAY"="h:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-06 1948440]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DLCICATS"="h:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"dlcimon.exe"="h:\program files\Dell AIO Printer 946\dlcimon.exe" [2007-01-12 435696]
"FaxCenterServer"="h:\program files\Dell Fax Solutions\fm3032.exe" [2006-12-08 312200]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"nwiz"="nwiz.exe" - h:\windows\system32\nwiz.exe [2008-05-03 1630208]
"SigmatelSysTrayApp"="stsystra.exe" - h:\windows\stsystra.exe [2006-03-20 282624]

h:\documents and settings\Stearns\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - h:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-06 03:39 11952 ----a-w- h:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"h:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Steam\\steamapps\\kung48fu\\counter-strike\\hl.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"h:\\Program Files\\XMPChat\\XMPChat Client.exe"=
"h:\\Program Files\\Xpress Mail\\Professional Editon\\XpressMailDesktopClient.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"h:\\Program Files\\Messenger\\msmsgs.exe"=
"h:\\WINDOWS\\system32\\dlcicoms.exe"=
"h:\\Program Files\\Dell AIO Printer 946\\DLCImon.exe"=
"h:\\Program Files\\Dell AIO Printer 946\\DLCIaiox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"h:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"h:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\steamapps\\kung48fu\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hitman blood money\\HitmanBloodMoney.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hitman blood money\\configure.exe"=
"c:\\Program Files\\Steam\\steamapps\\killer1493\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=
"h:\\Program Files\\Ventrilo\\Ventrilo.exe"=

R0 pavboot;pavboot;h:\windows\system32\drivers\pavboot.sys [6/7/2008 6:25 PM 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [5/26/2008 7:16 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [5/26/2008 7:16 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;h:\progra~1\AVG\AVG8\avgemc.exe [6/4/2008 5:50 PM 907032]
R2 avg8wd;AVG8 WatchDog;h:\progra~1\AVG\AVG8\avgwdsvc.exe [6/4/2008 5:50 PM 298776]
R2 dlci_device;dlci_device;h:\windows\system32\dlcicoms.exe -service --> h:\windows\system32\dlcicoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;h:\program files\Viewpoint\Common\ViewpointService.exe [8/4/2008 6:00 AM 24652]
S1 SASDIFSV;SASDIFSV;\??\h:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> h:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\h:\program files\SUPERAntiSpyware\SASKUTIL.sys --> h:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);h:\windows\system32\drivers\ctlsb16.sys [5/26/2008 3:12 PM 96256]
S3 MBAMCatchMe;MBAMCatchMe;\??\h:\windows\system32\drivers\mbamcatchme.sys --> h:\windows\system32\drivers\mbamcatchme.sys [?]
S3 SASENUM;SASENUM;\??\h:\program files\SUPERAntiSpyware\SASENUM.SYS --> h:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - h:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKCU-Run-Protection System - h:\program files\Protection System\psystem.exe
HKCU-Run-Aim6 - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - h:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 13:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 h:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-21 13:18
ComboFix-quarantined-files.txt 2009-07-21 17:18

Pre-Run: 20,639,391,744 bytes free
Post-Run: 19,603,902,464 bytes free

309 --- E O F --- 2008-08-18 00:52

#13
fenzodahl512

Posted 21 July 2009 - 11:41 AM

Malware Removal
9,863 posts

Ok, can you now update and perform Full Scan with Malwarebytes'? If yes do so and remove everythig that it found.. Post the log here and tell me how's the computer now

#14
Navy Seal

Posted 22 July 2009 - 12:56 AM

Member

Topic Starter
Member
119 posts

Got malwarebytes to run. It found and removed 10 files successfully. Computer has been running pretty good..not sure if it's fully clean. The log is posted below.

Malwarebytes' Anti-Malware 1.39
Database version: 2475
Windows 5.1.2600 Service Pack 2

7/22/2009 2:50:52 AM
mbam-log-2009-07-22 (02-50-35).txt

Scan type: Full Scan (C:\|H:\|)
Objects scanned: 269805
Time elapsed: 1 hour(s), 34 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
h:\Qoobox\quarantine\H\WINDOWS\system32\UACdligcramac.dll.vir (Trojan.TDSS) -> No action taken.
h:\Qoobox\quarantine\H\WINDOWS\system32\UACgayihxgexq.dll.vir (Trojan.TDSS) -> No action taken.
h:\Qoobox\quarantine\H\WINDOWS\system32\UACrklmmjfgah.dll.vir (Trojan.TDSS) -> No action taken.
h:\Qoobox\quarantine\H\WINDOWS\system32\UACtvstexahtw.dll.vir (Trojan.TDSS) -> No action taken.
h:\system volume information\_restore{b184aebd-3a2a-4feb-b209-3d796bd30f84}\RP299\A0019509.dll (Trojan.TDSS) -> No action taken.
h:\system volume information\_restore{b184aebd-3a2a-4feb-b209-3d796bd30f84}\RP299\A0019512.dll (Trojan.TDSS) -> No action taken.
h:\system volume information\_restore{b184aebd-3a2a-4feb-b209-3d796bd30f84}\RP299\A0019513.dll (Trojan.TDSS) -> No action taken.
h:\system volume information\_restore{b184aebd-3a2a-4feb-b209-3d796bd30f84}\RP299\A0019514.dll (Trojan.TDSS) -> No action taken.

#15
fenzodahl512

Posted 22 July 2009 - 04:07 AM

Malware Removal
9,863 posts

Computer has been running pretty good..not sure if it's fully clean.

Lets verify that with another scanner

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic