Fake "Virus Attacks"

kdo · May 31, 2010, 05:26:08 AM

Hello! All of a sudden Avast started to alert me of virus after virus, and I added them all to my chest. Then, I get popups saying that there's a Virus Infiltration and that I need to download a certain AntiVirus program. Then, when I try to open a program, it states that _____ is infected. Also, I would get porn site popups. x__x I didn't know what to do, so I downloaded and ran rkill from this forum. The viruses stopped, so then I downloaded what I needed to get help. Oh, and right as I'm typing this moment, I'm running Malwarebytes and Avast.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/05/30 22:10
Program Version:      Version 1.3.5.0
Windows Version:      Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8DAC0000   Size: 32768   File Visible: No   Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8DAB5000   Size: 45056   File Visible: No   Signed: -
Status: -

Name: rootrepeal2.sys
Image Path: C:\Windows\system32\drivers\rootrepeal2.sys
Address: 0xAA3C9000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000   Size: 0   File Visible: No   Signed: -
Status: -

Name: spwq.sys
Image Path: C:\Windows\System32\Drivers\spwq.sys
Address: 0x80695000   Size: 995328   File Visible: No   Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4   Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1220   Status: Locked to the Windows API!

SSDT
-------------------
#: 334   Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0x8da16620

==EOF==

Logfile of random's system information tool 1.07 (written by random/random)
Run by Nguyet Nguen at 2010-05-30 22:17:40
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 60 GB (43%) free of 140 GB
Total RAM: 2037 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Nguyet Nguen.job
C:\Windows\tasks\PCConfidential.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2010-03-12 1328464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2007-03-16 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll [2009-06-08 82784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll [2009-06-08 82784]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2010-03-12 1328464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-27 857648]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-05-15 138008]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-05-15 154392]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-05-15 133912]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-03-21 1548288]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-04-16 184320]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"ECenter"=c:\dell\E-Center\EULALauncher.exe [2007-03-16 17920]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-09 30192]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-06-24 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 []
"BitTorrent DNA"=C:\Users\Nguyet Nguen\Program Files\DNA\btdna.exe [2009-11-12 323392]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Aim"=C:\Program Files\AIM\aim.exe [2010-03-08 3972440]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"chdir.exe"=C:\Users\Nguyet Nguen\AppData\Local\Microsoft\Windows\WER\ERC\ResponseCache\chdir.exe [2009-11-22 22016]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-05-25 2397424]
"wxdcsjee"=C:\Users\Nguyet Nguen\AppData\Local\sbyyflsmr\fxjqlkktssd.exe [2010-05-30 390912]
"asam"=C:\Users\Nguyet Nguen\AppData\Local\asam.exe [2010-05-30 99584]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Users\Nguyet Nguen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
RollerCoaster Tycoon 3_ Wild Registration.lnk - C:\Users\Nguyet Nguen\AppData\Local\Temp\{E9EDF203-72FA-416D-B82F-C2C8C66D68A7}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-05-15 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77583357-c6b8-11de-9f6b-001c2394fc9a}]
shell\AutoRun\command - F:\Autorun.exe

======List of files/folders created in the last 1 months======

2010-05-30 22:13:50 ----D---- C:\Program Files\trend micro
2010-05-30 22:13:46 ----D---- C:\rsit
2010-05-30 22:12:06 ----A---- C:\RootRepeal report 05-30-10 (22-12-06).txt
2010-05-30 22:07:03 ----D---- C:\Windows\ERDNT
2010-05-30 22:06:27 ----D---- C:\Program Files\ERUNT
2010-05-30 21:56:43 ----A---- C:\mbam-error.txt
2010-05-30 21:12:13 ----D---- C:\ProgramData\Update
2010-05-30 21:11:35 ----D---- C:\Users\Nguyet Nguen\AppData\Roaming\D4455887C436A080E1FB952DA2120FC8
2010-05-30 00:08:20 ----D---- C:\ProgramData\Playrix Entertainment
2010-05-29 23:02:52 ----D---- C:\ProgramData\Sun
2010-05-29 23:02:03 ----A---- C:\Windows\system32\javaws.exe
2010-05-29 23:02:03 ----A---- C:\Windows\system32\javaw.exe
2010-05-29 23:02:03 ----A---- C:\Windows\system32\java.exe
2010-05-29 23:02:03 ----A---- C:\Windows\system32\deployJava1.dll
2010-05-25 20:21:24 ----A---- C:\Windows\system32\tzres.dll
2010-05-12 22:29:20 ----D---- C:\Program Files\GIMP-2.0
2010-05-11 16:58:51 ----A---- C:\Windows\system32\inetcomm.dll
2010-05-09 12:41:24 ----D---- C:\Users\Nguyet Nguen\AppData\Roaming\Facebook
2010-05-01 03:14:26 ----D---- C:\Program Files\Windows Portable Devices
2010-05-01 02:14:54 ----A---- C:\Windows\system32\UIAnimation.dll
2010-05-01 02:14:53 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-05-01 02:14:52 ----A---- C:\Windows\system32\UIRibbon.dll
2010-05-01 02:13:46 ----A---- C:\Windows\system32\WMPhoto.dll
2010-05-01 02:13:45 ----A---- C:\Windows\system32\cdd.dll
2010-05-01 02:13:42 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-05-01 02:13:42 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-05-01 02:13:42 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-05-01 02:13:42 ----A---- C:\Windows\system32\d3d10warp.dll
2010-05-01 02:13:41 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-05-01 02:13:41 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-05-01 02:13:41 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-05-01 02:13:41 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-05-01 02:13:41 ----A---- C:\Windows\system32\dxdiagn.dll
2010-05-01 02:13:41 ----A---- C:\Windows\system32\dxdiag.exe
2010-05-01 02:13:41 ----A---- C:\Windows\system32\d2d1.dll
2010-05-01 02:13:40 ----A---- C:\Windows\system32\xpsservices.dll
2010-05-01 02:13:40 ----A---- C:\Windows\system32\XpsPrint.dll
2010-05-01 02:13:40 ----A---- C:\Windows\system32\OpcServices.dll
2010-05-01 02:13:39 ----A---- C:\Windows\system32\FntCache.dll
2010-05-01 02:13:39 ----A---- C:\Windows\system32\DWrite.dll
2010-05-01 02:13:39 ----A---- C:\Windows\system32\d3d10level9.dll
2010-05-01 02:13:39 ----A---- C:\Windows\system32\d3d10core.dll
2010-05-01 02:13:39 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-05-01 02:13:38 ----A---- C:\Windows\system32\dxgi.dll
2010-05-01 02:13:38 ----A---- C:\Windows\system32\d3d11.dll
2010-05-01 02:13:38 ----A---- C:\Windows\system32\d3d10_1.dll
2010-05-01 02:13:38 ----A---- C:\Windows\system32\d3d10.dll
2010-05-01 02:12:39 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-05-01 02:12:38 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-05-01 02:12:38 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-05-01 02:12:28 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-05-01 02:12:22 ----A---- C:\Windows\system32\WpdMtpUS.dll
2010-05-01 02:12:22 ----A---- C:\Windows\system32\WpdConns.dll
2010-05-01 02:12:21 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-05-01 02:12:21 ----A---- C:\Windows\system32\wpdshext.dll
2010-05-01 02:12:21 ----A---- C:\Windows\system32\WpdMtp.dll
2010-05-01 02:12:21 ----A---- C:\Windows\system32\wpd_ci.dll
2010-05-01 02:12:21 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-05-01 02:12:20 ----A---- C:\Windows\system32\WPDSp.dll
2010-05-01 02:12:20 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-05-01 02:12:20 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-05-01 02:12:20 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-05-01 02:10:34 ----A---- C:\Windows\system32\oleaccrc.dll
2010-05-01 02:10:30 ----A---- C:\Windows\system32\oleacc.dll
2010-05-01 02:10:29 ----A---- C:\Windows\system32\UIAutomationCore.dll

======List of files/folders modified in the last 1 months======

2010-05-30 22:17:38 ----D---- C:\Windows\Temp
2010-05-30 22:13:50 ----D---- C:\Program Files
2010-05-30 22:12:41 ----D---- C:\Program Files\Mozilla Firefox
2010-05-30 22:11:05 ----D---- C:\Windows\system32\drivers
2010-05-30 22:07:03 ----D---- C:\Windows
2010-05-30 21:57:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-30 21:52:20 ----D---- C:\Windows\Prefetch
2010-05-30 21:45:15 ----D---- C:\Users\Nguyet Nguen\AppData\Roaming\DNA
2010-05-30 21:38:13 ----SHD---- C:\System Volume Information
2010-05-30 21:38:12 ----D---- C:\Windows\Logs
2010-05-30 21:12:13 ----HD---- C:\ProgramData
2010-05-30 01:09:50 ----AD---- C:\ProgramData\TEMP
2010-05-30 00:07:20 ----D---- C:\Program Files\Shockwave.com
2010-05-30 00:06:09 ----D---- C:\Windows\System32
2010-05-29 23:02:52 ----SHD---- C:\Windows\Installer
2010-05-29 23:02:49 ----D---- C:\Program Files\Common Files\Java
2010-05-29 23:01:59 ----D---- C:\Program Files\Java
2010-05-29 22:59:50 ----D---- C:\Windows\system32\catroot2
2010-05-26 20:47:36 ----D---- C:\Windows\rescache
2010-05-26 20:33:49 ----D---- C:\Windows\winsxs
2010-05-26 20:33:37 ----D---- C:\Windows\system32\en-US
2010-05-25 21:06:30 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-25 20:18:29 ----D---- C:\Windows\system32\catroot
2010-05-17 15:02:31 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-05-13 15:27:45 ----D---- C:\Users\Nguyet Nguen\AppData\Roaming\gtk-2.0
2010-05-12 16:51:22 ----D---- C:\Program Files\Windows Mail
2010-05-12 11:21:16 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-02 09:53:15 ----D---- C:\Windows\inf
2010-05-02 09:53:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-01 13:48:22 ----D---- C:\Windows\Microsoft.NET
2010-05-01 13:48:09 ----RSD---- C:\Windows\assembly
2010-05-01 09:07:03 ----D---- C:\Windows\system32\Tasks
2010-05-01 03:14:25 ----D---- C:\Windows\system32\wbem
2010-05-01 03:14:23 ----D---- C:\Windows\system32\uk-UA
2010-05-01 03:14:23 ----D---- C:\Windows\system32\sl-SI
2010-05-01 03:14:23 ----D---- C:\Windows\system32\pt-PT
2010-05-01 03:14:23 ----D---- C:\Windows\system32\pt-BR
2010-05-01 03:14:23 ----D---- C:\Windows\system32\pl-PL
2010-05-01 03:14:23 ----D---- C:\Windows\system32\ko-KR
2010-05-01 03:14:23 ----D---- C:\Windows\system32\it-IT
2010-05-01 03:14:23 ----D---- C:\Windows\system32\hu-HU
2010-05-01 03:14:23 ----D---- C:\Windows\system32\hr-HR
2010-05-01 03:14:23 ----D---- C:\Windows\system32\he-IL
2010-05-01 03:14:23 ----D---- C:\Windows\system32\bg-BG
2010-05-01 03:14:22 ----D---- C:\Windows\system32\zh-HK
2010-05-01 03:14:22 ----D---- C:\Windows\system32\nl-NL
2010-05-01 03:14:22 ----D---- C:\Windows\system32\fr-FR
2010-05-01 03:14:22 ----D---- C:\Windows\system32\el-GR
2010-05-01 03:14:21 ----D---- C:\Windows\system32\zh-TW
2010-05-01 03:14:21 ----D---- C:\Windows\system32\zh-CN
2010-05-01 03:14:21 ----D---- C:\Windows\system32\tr-TR
2010-05-01 03:14:21 ----D---- C:\Windows\system32\th-TH
2010-05-01 03:14:21 ----D---- C:\Windows\system32\sv-SE
2010-05-01 03:14:21 ----D---- C:\Windows\system32\sr-Latn-CS
2010-05-01 03:14:21 ----D---- C:\Windows\system32\sk-SK
2010-05-01 03:14:21 ----D---- C:\Windows\system32\ru-RU
2010-05-01 03:14:21 ----D---- C:\Windows\system32\ro-RO
2010-05-01 03:14:21 ----D---- C:\Windows\system32\nb-NO
2010-05-01 03:14:21 ----D---- C:\Windows\system32\lv-LV
2010-05-01 03:14:21 ----D---- C:\Windows\system32\lt-LT
2010-05-01 03:14:21 ----D---- C:\Windows\system32\ja-JP
2010-05-01 03:14:21 ----D---- C:\Windows\system32\fi-FI
2010-05-01 03:14:21 ----D---- C:\Windows\system32\et-EE
2010-05-01 03:14:21 ----D---- C:\Windows\system32\es-ES
2010-05-01 03:14:21 ----D---- C:\Windows\system32\de-DE
2010-05-01 03:14:21 ----D---- C:\Windows\system32\da-DK
2010-05-01 03:14:21 ----D---- C:\Windows\system32\cs-CZ
2010-05-01 03:14:21 ----D---- C:\Windows\system32\ar-SA
2010-05-01 03:14:20 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-25 67656]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-27 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-27 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-27 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-21 534016]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-15 1674240]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-06-24 326656]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-27 182456]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 a50flyi4;a50flyi4; C:\Windows\system32\drivers\a50flyi4.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2006-12-20 49904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-08-18 25280]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 PD0620VID;Creative WebCam Instant; C:\Windows\system32\DRIVERS\P0620Vid.sys [2004-07-29 91577]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 rootrepeal;rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [2010-05-30 34816]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-02-12 277784]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-06-24 94208]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-03-21 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-09 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-05-30 22:13:58

======Uninstall list======

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AIM 7-->C:\Program Files\AIM\uninst.exe
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
AOL Install-->MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Creative WebCam Instant Driver (1.01.02.0729)-->C:\Windows\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres P0620Pin.crl
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Dream Day Wedding™-->C:\PROGRA~1\SHOCKW~1.COM\DREAMD~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\DREAMD~1\INSTALL.LOG
EA Download Manager UI-->msiexec /qb /x {C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}
EA Download Manager UI-->MsiExec.exe /I{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}
EarthLink Setup Files-->MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fraps-->"C:\Fraps\uninstall.exe"
FrostWire 4.17.2-->C:\Program Files\FrostWire\Uninstall.exe
Games, Music, & Photos Launcher-->MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
GIMP 2.6.8-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet D4300 Printer Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{387D9916-BD27-480f-8CF0-3228832BBAA2}\setup\hpzscr01.exe -datfile hphscr27.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Internet Service Offers Launcher-->MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Miriel the Magical Merchant-->C:\PROGRA~1\SHOCKW~1.COM\MIRIEL~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\MIRIEL~1\INSTALL.LOG
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{893FC88E-70C1-409D-AF31-9E8D9441B0D8}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.0.52\InstStub.exe /X
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Prima Games Eguide Database-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{f1ac566c-847c-49c0-a41c-d4d91d71972e}.sdb"
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickSet-->MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Registry Easy v5.6-->"C:\Program Files\Registry Easy\unins000.exe"
Required-->C:\Windows\iun6002.exe "C:\Program Files\Required\irunin.ini"
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Royal Envoy™-->C:\PROGRA~1\SHOCKW~1.COM\ROYALE~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\ROYALE~1\INSTALL.LOG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sony Media Manager 2.2-->MsiExec.exe /X{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}
Sony Vegas 7.0-->MsiExec.exe /X{EC6BAAC5-F5E0-48D4-B4B6-7C654DD54086}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinVNKey-->MsiExec.exe /I{45D98E28-4375-46AC-816E-0C09C9732D2E}
Wisdom-soft AutoScreenRecorder 3.0 Free-->C:\PROGRA~1\WISDOM~2\UNWISE.EXE C:\PROGRA~1\WISDOM~2\INSTALL.LOG

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 100530-1]
AS: Windows Defender (disabled)
AS: SUPERAntiSpyware
AS: avast! antivirus 4.8.1229 [VPS 100530-1]

======System event log======

Computer Name: NguyetNguyen-PC
Event Code: 4
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 280212
Source Name: bcm4sbxp
Time Written: 20091229063149.159600-000
Event Type: Warning
User:

Computer Name: NguyetNguyen-PC
Event Code: 7
Message: The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 4 seconds since the last report.
Record Number: 280204
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20091228204125.146000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: NguyetNguyen-PC
Event Code: 7
Message: The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 4 seconds since the last report.
Record Number: 280203
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20091228204125.146000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: NguyetNguyen-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 280157
Source Name: Service Control Manager
Time Written: 20091228201210.000000-000
Event Type: Error
User:

Computer Name: NguyetNguyen-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 280088
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091228201027.110587-000
Event Type: Error
User:

=====Application event log=====

Computer Name: NguyetNguyen-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 280190
Source Name: SideBySide
Time Written: 20081130232234.000000-000
Event Type: Error
User:

Computer Name: NguyetNguyen-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 280189
Source Name: SideBySide
Time Written: 20081130232227.000000-000
Event Type: Error
User:

Computer Name: NguyetNguyen-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 280188
Source Name: SideBySide
Time Written: 20081130232220.000000-000
Event Type: Error
User:

Computer Name: NguyetNguyen-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 280187
Source Name: SideBySide
Time Written: 20081130232213.000000-000
Event Type: Error
User:

Computer Name: NguyetNguyen-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 280186
Source Name: SideBySide
Time Written: 20081130232206.000000-000
Event Type: Error
User:

kdo · May 31, 2010, 06:37:42 AM

After Malwarebytes finished scanning, I restarted the laptop, and to my surprise, it seems like its old self now! No more virus? :) I hope that's the case. Is there anything else I must do?

Malwarebytes Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5/30/2010 10:27:26 PM
mbam-log-2010-05-30 (22-27-26).txt

Scan type: Quick scan
Objects scanned: 124184
Time elapsed: 17 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxdcsjee (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Nguyet Nguen\AppData\Local\asam.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Nguyet Nguen\AppData\Local\Temp\gmfrxpgv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Nguyet Nguen\AppData\Local\Temp\TMPBC6F.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Nguyet Nguen\AppData\Local\Temp\PRAGMAc870.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Nguyet Nguen\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Nguyet Nguen\AppData\Local\sbyyflsmr\fxjqlkktssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Corrine · May 31, 2010, 02:25:04 PM

Hi, kdo.

Welcome to Landzdown Forum!

You have at least one outdated, vulnerable software on your computer -- Adobe Reader 7.1.0. You need to install the latest version of Adobe Reader, available from http://www.adobe.com/products/reader/.

To check if your system is missing security updates or has other insecure applications installed, visit http://secunia.com/software_inspector/ . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:

Detects insecure versions of applications installed
Verifies that all Microsoft patches are applied
Assists you in updating your system and applications

Let us know if you have further problems.

Fake "Virus Attacks"

kdo

kdo

Corrine