Google Search Results Redirected

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Google Search Results Redirected, Unknown Cause, cannot boot safemode.

Options

Shizoku View Member Profile	Nov 30 2009, 12:41 AM Post #1
New Member Group: Members Posts: 11 Joined: 30-November 09 Member No.: 409,710	Hello, Lately when I click on a search result from google I'll be redirected to a questionable site, and it will continue loading additional sites in the same window. I have run Malwarebytes Anti-malware, SAS, ComboFix, Rootrepeal, MGtools and SpywareDoctor with no luck. I ran all these programs in normal startup mode because when I try to start in safemode I get a blue screen. Stop: 0x0000007E (0xC0000005, 0x80537009, 0xF78BE508, 0xF78BE204) The only other problem with my computer is occasional blue screen (various stop errors) during playing 3D games. This problem started before the google problem and I've not detected any virus/spyware, updated all the drivers numerous times, and cleaned out my computer case with compressed air. I do not have the stop errors anymore but some messages were: IRQL_NOT_LESS_OR_EQUAL, BAD_POOL_CALLER, NTFS_FILE_SYSTEM and a few others I can't remember. I pretty much have given up on that issue, but thought I should mention it in case its linked. I use Windows XP Media Center, 2.0 AMD64x2 Processor, 2GB RAM. Problem occurs with yahoo and google in Firefox and Google Chrome. Thanks for your assistance. DDS (Ver_09-11-29.01) - NTFSx86 Run by Owner at 0:13:11.75 on 11/30/2009 Mon Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1918.1423 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Apache\Apache 2.2\bin\httpd.exe C:\Program Files\Apache\Apache 2.2\bin\httpd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Owner.SHIZOKU\My Documents\Downloads\dds.scr C:\WINDOWS\system32\conime.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: {00000000-0000-0000-0000-000000000000} - No File uRun: [Google Update] "c:\documents and settings\owner.shizoku\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe" mRun: [SoundMan] SOUNDMAN.EXE mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRun: [Power2GoExpress] NA dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner.shizoku\start menu\programs\imvu\Run IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ctcive.ap.org/dana-cached/setup/JuniperSetupSP1.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner~1.shi\applic~1\mozilla\firefox\profiles\z106uuzy.default\ FF - plugin: c:\documents and settings\owner.shizoku\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-11-29 28552] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-29 207792] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024] R2 Apache2.2;Apache2.2;c:\program files\apache\apache 2.2\bin\httpd.exe [2007-9-5 24635] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-2-6 2789672] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-9-18 15656] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-29 112592] S2 WebrootSpySweeperService;Webroot Spy Sweeper ウェブルートスパイスウィーパーエンジン;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-29 359624] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-11-29 1141712] =============== Created Last 30 ================ 2009-11-30 05:05:51 0 d-----w- c:\program files\Trend Micro 2009-11-30 02:43:39 0 d-----w- c:\documents and settings\owner.shizoku\DoctorWeb 2009-11-30 02:32:19 3720 ----a-w- c:\windows\system32\tmp.reg 2009-11-29 18:44:53 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-11-29 13:46:25 767952 ----a-w- c:\windows\BDTSupport.dll 2009-11-29 13:46:24 882 ----a-w- c:\windows\RegSDImport.xml 2009-11-29 13:46:24 880 ----a-w- c:\windows\RegISSImport.xml 2009-11-29 13:46:24 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-11-29 13:46:24 1640400 ----a-w- c:\windows\PCTBDCore.dll 2009-11-29 13:46:24 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-11-29 13:46:24 131 ----a-w- c:\windows\IDB.zip 2009-11-29 13:46:24 1152444 ----a-w- c:\windows\UDB.zip 2009-11-29 13:45:40 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-11-29 13:45:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-11-29 13:45:34 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-11-29 13:45:34 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2009-11-29 13:45:34 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-11-29 13:45:34 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-11-29 13:45:27 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2009-11-29 13:45:27 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-11-29 13:45:20 0 d-----w- c:\program files\Spyware Doctor 2009-11-29 13:45:20 0 d-----w- c:\program files\common files\PC Tools 2009-11-29 13:45:20 0 d-----w- c:\docume~1\owner~1.shi\applic~1\PC Tools 2009-11-29 13:45:20 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools 2009-11-29 13:17:45 0 d-----w- c:\program files\MSSOAP 2009-11-29 13:17:12 1563008 ----a-w- c:\windows\WRSetup.dll 2009-11-29 13:17:12 0 d-----w- c:\program files\Webroot 2009-11-29 13:17:12 0 d-----w- c:\docume~1\owner~1.shi\applic~1\Webroot 2009-11-29 13:17:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot 2009-11-29 13:13:47 164 ----a-w- c:\windows\install.dat 2009-11-29 11:59:34 0 d-sha-r- C:\cmdcons 2009-11-29 11:54:59 77312 ----a-w- c:\windows\MBR.exe 2009-11-29 08:49:39 8350 ----a-w- c:\documents and settings\owner.shizoku\ncmd.cfxxe 2009-11-29 08:49:39 439 ----a-w- c:\documents and settings\owner.shizoku\rkill.reg 2009-11-29 08:49:39 236544 ----a-w- c:\documents and settings\owner.shizoku\pev.exe 2009-11-29 03:13:01 32768 ------w- c:\windows\system32\IJRMF.exe 2009-11-22 07:10:55 2255 ----a-w- c:\documents and settings\owner.shizoku\.recently-used.xbel 2009-11-06 17:00:36 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys 2009-11-06 17:00:36 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys 2009-11-06 17:00:34 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys 2009-11-04 18:08:24 0 d-----w- c:\program files\Wayward Gamers 2009-11-01 11:02:30 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-11-01 11:02:30 215920 ----a-w- c:\windows\system32\muweb.dll 2009-11-01 11:02:30 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2009-10-31 20:17:58 0 d-----w- c:\documents and settings\owner.shizoku\Contacts 2009-10-31 20:16:54 0 d-----w- c:\docume~1\alluse~1\applic~1\WindowsLiveInstaller 2009-10-31 18:25:09 0 d-----w- c:\program files\Messenger Plus! 4 2009-10-31 17:32:04 0 d-----w- c:\program files\Windows Journal Viewer 2009-10-31 16:18:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Messenger Plus! ==================== Find3M ==================== 2009-11-29 15:09:43 129291 ----a-w- C:\MGlogs.zip 2009-11-29 11:53:22 2385076 ----a-w- C:\MGtools.exe 2009-11-14 06:47:57 260608 ----a-w- c:\windows\PEV.exe 2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-09-04 21:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-09-04 21:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-09-04 21:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-09-04 21:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-09-04 21:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-09-04 21:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-09-04 21:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2008-09-08 18:56:18 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat ============= FINISH: 0:14:51.46 =============== Attached File(s) Attach.txt ( 11.14k ) Number of downloads: 9 root.txt ( 2.61k ) Number of downloads: 8

schrauber View Member Profile	Dec 13 2009, 11:27 AM Post #2
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

Shizoku View Member Profile	Dec 13 2009, 01:16 PM Post #3
New Member Group: Members Posts: 11 Joined: 30-November 09 Member No.: 409,710	Okay, I just ran DDS. Attached File(s) DDS.txt ( 14.3k ) Number of downloads: 6 Attach.txt ( 10.6k ) Number of downloads: 11

schrauber View Member Profile	Dec 14 2009, 01:26 PM Post #4
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hello, Shizoku and again Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. If you do not make a reply in 5 days, we will have to close your topic. You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here. Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here. Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Please download GMER from one of the following locations and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zipped Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. Now click the Scan button. If you see a rootkit warning window, click OK. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. Click the Copy button and paste the results into your next reply. Exit GMER and re-enable all active protection when done. -- If you encounter any problems, try running GMER in Safe Mode. -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

Shizoku View Member Profile	Dec 14 2009, 06:06 PM Post #5
New Member Group: Members Posts: 11 Joined: 30-November 09 Member No.: 409,710	Hi Tom, Here is the Gmer log. Shizoku GMER 1.0.15.15279 - http://www.gmer.net Rootkit scan 2009-12-14 18:03:42 Windows 5.1.2600 Service Pack 3 Running: 14dr0fh1.exe; Driver: C:\DOCUME~1\OWNER~1.SHI\LOCALS~1\Temp\ufrdypoc.sys ---- System - GMER 1.0.15 ---- SSDT 8A781E08 ZwAllocateVirtualMemory SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB7E0BE52] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB7DECCDE] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB7DECED0] SSDT 8A74EA60 ZwCreateThread SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB7E0C640] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB7E0C8F4] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB7E0AB44] SSDT 8A781E80 ZwQueueApcThread SSDT 8A7C27F0 ZwReadVirtualMemory SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB7E0CD60] SSDT 8A7C25B8 ZwSetContextThread SSDT 8A74E0A8 ZwSetInformationKey SSDT 8A79A260 ZwSetInformationProcess SSDT 8A74EE50 ZwSetInformationThread SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB7E0C112] SSDT 8A781268 ZwSuspendProcess SSDT 8A7C2540 ZwSuspendThread SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB7DEC984] SSDT 8A74EEC8 ZwTerminateThread SSDT 8A7C2868 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C98 80504534 4 Bytes JMP 664E8A74 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB51C2380, 0x3DF545, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[1036] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0266000A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A647020 IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A7AEE40 IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A7AEE40 IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A647020 IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A647020 IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A7AEE40 IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A7AEE40 IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A647020 IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A7AEE40 IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A647020 IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A7AEE40 IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8A647020 IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8A7AEE40 IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8A7AEE40 IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8A647020 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) Device \Driver\Tcpip \Device\Ip 89A1E6E8 Device \Driver\Tcpip \Device\Tcp 89A1E6E8 Device \Driver\Tcpip \Device\Udp 89A1E6E8 Device \Driver\Tcpip \Device\RawIp 89A1E6E8 Device \Driver\Tcpip \Device\IPMULTICAST 89A1E6E8 AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device -> \Driver\atapi \Device\Harddisk0\DR0 8A627618 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1 Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FriendlyName Indeo? video 5.10 Compression Filter Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436} Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FilterData 0x02 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@EncoderType 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A22F8741-669F-1B6D-E905-06669C0B4B86} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A22F8741-669F-1B6D-E905-06669C0B4B86}@abakooacgjojdfljbhheenpibnehpdkopn 0x61 0x61 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A22F8741-669F-1B6D-E905-06669C0B4B86}@bbakooacgjojdfljbhgejchjjloeaeenmocc 0x61 0x61 0x00 0x00 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----

schrauber View Member Profile	Dec 16 2009, 12:17 PM Post #6
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hi, Please go here and have a look how you can disable your security software. Please download ComboFix from here. * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply. This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper If you need help, see this link: http://www.bleepingcomputer.com/combofix/how-to-use-combofix -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays!** If I have helped you then please consider donating to continue the fight against malware

schrauber View Member Profile	Dec 17 2009, 02:08 PM Post #8
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hi, Did you download a fresh copy of Combofix from the link I posted above? Please delete your copy from the desktop and download the fresh one. This post has been edited by schrauber: Dec 17 2009, 02:08 PM -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

schrauber View Member Profile	Dec 17 2009, 02:48 PM Post #10
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Looks better Please post back with a fresh Gmer logfile. This post has been edited by schrauber: Dec 17 2009, 02:49 PM -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

Shizoku View Member Profile	Dec 17 2009, 02:50 PM Post #11
New Member Group: Members Posts: 11 Joined: 30-November 09 Member No.: 409,710	The google thing is fixed, Thank you. I'll run the GMER scan now.

schrauber View Member Profile	Dec 17 2009, 03:03 PM Post #12
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Ok -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

Shizoku View Member Profile	Dec 17 2009, 05:28 PM Post #13
New Member Group: Members Posts: 11 Joined: 30-November 09 Member No.: 409,710	Okay, here is the new GMER log. Also, Safe Mode is working again. Edit: I got a blue screen while playing a game again. I was thinking overheating or video card... GMER 1.0.15.15279 - http://www.gmer.net Rootkit scan 2009-12-17 17:28:11 Windows 5.1.2600 Service Pack 3 Running: 14dr0fh1.exe; Driver: C:\DOCUME~1\OWNER~1.SHI\LOCALS~1\Temp\ufrdypoc.sys ---- System - GMER 1.0.15 ---- SSDT 8A6F8490 ZwAllocateVirtualMemory SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB7DF9E52] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB7DDACDE] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB7DDAED0] SSDT 8A7760D8 ZwCreateThread SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB7DFA640] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB7DFA8F4] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB7DF8B44] SSDT 8A75DDA0 ZwQueueApcThread SSDT 8A6F83A0 ZwReadVirtualMemory SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB7DFAD60] SSDT 8A774088 ZwSetContextThread SSDT 8A773FA8 ZwSetInformationKey SSDT 8A75D860 ZwSetInformationProcess SSDT 8A774100 ZwSetInformationThread SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB7DFA112] SSDT 8A760020 ZwSuspendProcess SSDT 8A75DE18 ZwSuspendThread SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB7DDA984] SSDT 8A75F238 ZwTerminateThread SSDT 8A6F8418 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB61CA380, 0x3DF545, 0xE8000020] ? C:\KittyFix\catchme.sys The system cannot find the path specified. ! ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A6F8230 IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A6F8328 IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A6F8328 IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A6F8230 IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A6F8230 IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A6F8328 IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A6F8328 IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A6F8230 IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A6F8328 IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A6F8230 IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A6F8328 IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8A6F8230 IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8A6F8328 IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8A6F8328 IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8A6F8230 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) Device \Driver\Tcpip \Device\Ip 89B446E8 Device \Driver\Tcpip \Device\Tcp 89B446E8 Device \Driver\Tcpip \Device\Udp 89B446E8 Device \Driver\Tcpip \Device\RawIp 89B446E8 Device \Driver\Tcpip \Device\IPMULTICAST 89B446E8 AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1 Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FriendlyName Indeo? video 5.10 Compression Filter Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436} Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FilterData 0x02 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@EncoderType 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A22F8741-669F-1B6D-E905-06669C0B4B86} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A22F8741-669F-1B6D-E905-06669C0B4B86}@abakooacgjojdfljbhheenpibnehpdkopn 0x61 0x61 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A22F8741-669F-1B6D-E905-06669C0B4B86}@bbakooacgjojdfljbhgejchjjloeaeenmocc 0x61 0x61 0x00 0x00 ---- EOF - GMER 1.0.15 ---- This post has been edited by Shizoku: Dec 18 2009, 12:13 PM

schrauber View Member Profile	Dec 18 2009, 01:39 PM Post #14
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hi, Looks good Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes. Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system. Exit MBAM when done. Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

Shizoku View Member Profile	Dec 18 2009, 10:29 PM Post #15
New Member Group: Members Posts: 11 Joined: 30-November 09 Member No.: 409,710	Hello Tom Malwarebytes Log: Malwarebytes' Anti-Malware 1.42 Database version: 3392 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/18/2009 10:22:26 PM mbam-log-2009-12-18 (22-22-26).txt Scan type: Quick Scan Objects scanned: 116316 Time elapsed: 7 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) RSIT Log: Logfile of random's system information tool 1.06 (written by random/random) Run by Owner at 2009-12-18 22:25:04 Microsoft Windows XP Professional Service Pack 3 System drive C: has 75 GB (32%) free of 234 GB Total RAM: 1918 MB (59% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:25:08 PM, on 12/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Apache\Apache 2.2\bin\httpd.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Apache\Apache 2.2\bin\httpd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\IceWarp\cal.exe C:\Program Files\IceWarp\control.exe C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe C:\Program Files\IceWarp\im.exe C:\Program Files\IceWarp\spam\commtouch\ctasd.exe C:\Program Files\IceWarp\pop3.exe C:\Program Files\IceWarp\smtp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner.SHIZOKU\My Documents\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Owner.exe O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner.SHIZOKU\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user') O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner.SHIZOKU\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ctcive.ap.org/dana-cached/setup/JuniperSetupSP1.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache\Apache 2.2\bin\httpd.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: IceWarp GroupWare Server (IceWarpCalendar) - IceWarp Ltd. - C:\Program Files\IceWarp\cal.exe O23 - Service: IceWarp Web / RCP / FTP (IceWarpControl) - IceWarp Ltd. - C:\Program Files\IceWarp\control.exe O23 - Service: IceWarp IM / VoIP (IceWarpIM) - IceWarp Ltd. - C:\Program Files\IceWarp\im.exe O23 - Service: IceWarp POP3 / IMAP (IceWarpPOP3) - IceWarp Ltd. - C:\Program Files\IceWarp\pop3.exe O23 - Service: IceWarp SMTP (IceWarpSMTP) - IceWarp Ltd. - C:\Program Files\IceWarp\smtp.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe O23 - Service: Webroot Spy Sweeper ?E?F?u???[?g ?X?p?C ?X?E?B?[?p?[ ?G?“?W?“ (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 10247 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3880739418-187157816-220240927-1006Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3880739418-187157816-220240927-1006UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}] PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}] EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280] {472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952] "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168] "Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-26 90112] "Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000] "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936] "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648] "OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-12 98304] "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Documents and Settings\Owner.SHIZOKU\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 133104] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe::Enabled:?ETorrent" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe::Enabled:Veoh Web Player " "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2009-12-18 22:25:04 ----D---- C:\rsit 2009-12-17 17:30:56 ----A---- C:\WINDOWS\ntbtlog.txt 2009-12-17 14:46:45 ----A---- C:\ComboFix.txt 2009-12-09 03:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-09 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-09 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-09 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-09 03:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2009-12-08 09:15:02 ----D---- C:\Program Files\IceWarp 2009-12-06 17:41:17 ----D---- C:\Program Files\Windows Journal Viewer 2009-12-03 03:00:44 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2009-12-03 03:00:38 ----D---- C:\Config.Msi 2009-12-02 18:49:39 ----A---- C:\WINDOWS\MAXLINK.INI 2009-12-02 18:49:27 ----D---- C:\Program Files\Common Files\ScanSoft Shared 2009-12-02 18:49:00 ----D---- C:\Program Files\ScanSoft 2009-12-02 18:47:54 ----D---- C:\Program Files\ArcSoft 2009-12-02 18:47:54 ----A---- C:\WINDOWS\PCDLIB32.DLL 2009-12-02 18:39:04 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ 2009-12-02 18:38:57 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information 2009-12-02 18:38:53 ----A---- C:\WINDOWS\system32\cnco160.dll 2009-12-02 18:38:52 ----A---- C:\WINDOWS\system32\CNCL160.DLL 2009-12-02 18:38:52 ----A---- C:\WINDOWS\system32\CNCI160.DLL 2009-12-02 18:38:52 ----A---- C:\WINDOWS\system32\CNCC160.DLL 2009-12-02 18:38:48 ----HD---- C:\Program Files\CanonBJ 2009-12-02 09:53:47 ----A---- C:\WINDOWS\imsins.BAK 2009-11-30 00:05:51 ----D---- C:\Program Files\Trend Micro 2009-11-29 21:32:20 ----A---- C:\WINDOWS\system32\tmp.txt 2009-11-29 21:32:07 ----A---- C:\rapport.txt 2009-11-29 08:46:25 ----A---- C:\WINDOWS\BDTSupport.dll 2009-11-29 08:46:24 ----A---- C:\WINDOWS\SGDetectionTool.dll 2009-11-29 08:46:24 ----A---- C:\WINDOWS\PCTBDRes.dll 2009-11-29 08:46:24 ----A---- C:\WINDOWS\PCTBDCore.dll 2009-11-29 08:45:20 ----D---- C:\Program Files\Spyware Doctor 2009-11-29 08:45:20 ----D---- C:\Program Files\Common Files\PC Tools 2009-11-29 08:45:20 ----D---- C:\Documents and Settings\Owner.SHIZOKU\Application Data\PC Tools 2009-11-29 08:45:20 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools 2009-11-29 08:17:45 ----D---- C:\Program Files\MSSOAP 2009-11-29 08:17:12 ----D---- C:\Program Files\Webroot 2009-11-29 08:17:12 ----D---- C:\Documents and Settings\Owner.SHIZOKU\Application Data\Webroot 2009-11-29 08:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot 2009-11-29 08:17:12 ----A---- C:\WINDOWS\WRSetup.dll 2009-11-29 06:59:48 ----A---- C:\Boot.bak 2009-11-29 06:59:34 ----RASHD---- C:\cmdcons 2009-11-29 06:54:59 ----A---- C:\WINDOWS\MBR.exe 2009-11-29 03:16:52 ----D---- C:\Program Files\Mozilla Firefox 2009-11-28 22:33:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2009-11-28 22:13:01 ----N---- C:\WINDOWS\system32\IJRMF.exe 2009-11-26 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$ 2009-11-26 03:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ ======List of files/folders modified in the last 1 months====== 2009-12-18 22:16:37 ----D---- C:\Program Files\Trillian 2009-12-18 22:14:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-18 22:14:30 ----D---- C:\WINDOWS\system32\drivers 2009-12-18 21:27:58 ----D---- C:\WINDOWS\Temp 2009-12-18 20:28:17 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-18 20:28:14 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI-SV92PP Soft Modem.txt 2009-12-18 20:28:06 ----D---- C:\WINDOWS\Registration 2009-12-18 20:27:50 ----D---- C:\Documents and Settings\Owner.SHIZOKU\Application Data\WTablet 2009-12-18 20:27:20 ----D---- C:\WINDOWS 2009-12-18 20:27:14 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-12-18 20:27:02 ----D---- C:\WINDOWS\Minidump 2009-12-18 12:29:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-18 03:01:33 ----SHD---- C:\WINDOWS\Installer 2009-12-18 03:01:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-12-18 03:01:32 ----D---- C:\WINDOWS\system32 2009-12-18 03:01:32 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-12-17 20:16:02 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek 2009-12-17 14:46:48 ----D---- C:\Qoobox 2009-12-17 14:37:54 ----A---- C:\WINDOWS\system.ini 2009-12-17 14:26:29 ----D---- C:\WINDOWS\AppPatch 2009-12-17 14:26:24 ----D---- C:\Program Files\Common Files 2009-12-17 14:20:48 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-17 12:43:03 ----D---- C:\Program Files\KParser 2009-12-17 12:39:07 ----RD---- C:\Program Files 2009-12-17 12:17:03 ----D---- C:\WINDOWS\Help 2009-12-17 12:16:00 ----HD---- C:\WINDOWS\inf 2009-12-17 12:15:50 ----D---- C:\WINDOWS\system32\CatRoot 2009-12-16 13:19:38 ----SHD---- C:\System Volume Information 2009-12-16 13:19:38 ----D---- C:\WINDOWS\system32\Restore 2009-12-09 22:54:07 ----A---- C:\WINDOWS\PEV.exe 2009-12-09 03:26:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-09 03:04:44 ----D---- C:\Program Files\Internet Explorer 2009-12-09 03:04:35 ----D---- C:\WINDOWS\ie8updates 2009-12-09 03:04:28 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-09 03:00:22 ----D---- C:\WINDOWS\Debug 2009-12-08 17:22:21 ----D---- C:\Program Files\Fraps 2009-12-02 18:58:55 ----D---- C:\Documents and Settings\Owner.SHIZOKU\Application Data\Canon 2009-12-02 18:49:36 ----D---- C:\WINDOWS\WinSxS 2009-12-02 18:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft 2009-12-02 18:47:54 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-02 18:47:28 ----D---- C:\Program Files\Canon 2009-12-02 18:38:56 ----D---- C:\WINDOWS\twain_32 2009-12-02 18:03:27 ----D---- C:\Program Files\msn 2009-12-01 15:06:19 ----A---- C:\WINDOWS\system32\MRT.exe 2009-11-29 10:09:43 ----D---- C:\MGtools 2009-11-29 07:14:39 ----D---- C:\WINDOWS\ERDNT 2009-11-29 06:59:49 ----RASH---- C:\boot.ini 2009-11-29 06:53:22 ----A---- C:\MGtools.exe 2009-11-29 03:38:45 ----D---- C:\WINDOWS\Prefetch 2009-11-29 03:15:40 ----D---- C:\Documents and Settings\Owner.SHIZOKU\Application Data\Mozilla 2009-11-28 22:33:03 ----D---- C:\Program Files\Google 2009-11-28 22:33:02 ----SD---- C:\WINDOWS\Tasks 2009-11-28 22:07:13 ----D---- C:\Program Files\Firefox ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-10-19 9336] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-10-19 9464] R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-10 12160] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-05-12 8552] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-26 3644800] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568] R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2008-07-11 13352] R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752] S3 catchme;catchme; \??\C:\KittyFix\catchme.sys [] S3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336] R2 Apache2.2;Apache2.2; C:\Program Files\Apache\Apache 2.2\bin\httpd.exe [2007-09-05 24635] R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 IceWarpCalendar;IceWarp GroupWare Server; C:\Program Files\IceWarp\cal.exe [2009-12-08 2216280] R2 IceWarpControl;IceWarp Web / RCP / FTP; C:\Program Files\IceWarp\control.exe [2009-12-08 2728792] R2 IceWarpIM;IceWarp IM / VoIP; C:\Program Files\IceWarp\im.exe [2009-12-08 1817432] R2 IceWarpPOP3;IceWarp POP3 / IMAP; C:\Program Files\IceWarp\pop3.exe [2009-12-08 1916760] R2 IceWarpSMTP;IceWarp SMTP; C:\Program Files\IceWarp\smtp.exe [2009-12-08 1782104] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004] R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-05-12 172032] R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2009-03-26 2789672] R2 WebrootSpySweeperService;Webroot Spy Sweeper ウェブルートスパイスウィーパーエンジン; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-06 4048240] S2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL [] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-24 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2006-09-22 68096] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-05-17 98672] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-05-16 228208] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] -----------------EOF----------------- RSIT Info:* info.txt logfile of random's system information tool 1.06 2009-12-18 22:25:12 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-100000000002} Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Apache HTTP Server 2.2.6-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC} ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9 ASCOM Platform 4.1-->C:\PROGRA~1\COMMON~1\ASCOM\TELESC~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\ASCOM\TELESC~1\INSTALL.LOG Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9 Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe" Audacity 1.3.8 (Unicode)-->"C:\Program Files\Audacity 1.3\unins000.exe" Browser Defender 2.0.6.11-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe" Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP160 User Registration-->C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009 CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Combined Community Codec Pack 2009-09-09-->"C:\Program Files\CCCP\unins000.exe" Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC Drumsite 1.3 (demo)-->"C:\Program Files\Drumsite\Uninstall.exe" "C:\Program Files\Drumsite\install.log" DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" Echo3G Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0E84F066-452E-4CCC-BA79-660C61B3DE71} FINAL FANTASY XI: Chains of Promathia-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3C0619B4-4A2C-4244-8077-488E420DF907} FINAL FANTASY XI: Rise of the Zilart-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE} FINAL FANTASY XI: Treasures of Aht Urhgan-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A606C6FF-12E7-40BE-B777-D8F360FF00CD} FINAL FANTASY XI: Wings of the Goddess-->C:\Program Files\InstallShield Installation Information\{5B037ED7-0755-48D4-9554-808E5AF50F17}\setup.exe -runfromtemp -l0x0409 FINAL FANTASY XI-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{678F6475-D227-432A-94FF-806178A34520} FL Studio 6-->C:\Program Files\Fruity Loops\uninstall.exe Fraps (remove only)-->"C:\Program Files\Fraps\uninstall.exe" Free Mp3 Wma Converter V 1.4.0-->"C:\Program Files\Audio Converter\unins000.exe" GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" Guitar Pro 5.0-->"C:\Program Files\Guitar Pro\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe" Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" IceWarp Server 10.0.4-->C:\Program Files\IceWarp\uninstall.exe /UNINSTALL Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} jv16 PowerTools 2009-->"C:\Program Files\jv16 PowerTools 2009\unins000.exe" KParser-->MsiExec.exe /I{E87380C6-A1E3-4EF1-91DF-82CD5800FB7C} Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87} MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} msxml4-->MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5} MySQL Server 5.0-->MsiExec.exe /I{2FEB25F8-C3CB-49A2-AE79-DE17FFAFB5D9} Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PHP 5.2.5-->MsiExec.exe /I{00FA2C30-C2BB-45A2-B0C3-769541E8F6A2} PlayOnline Viewer and Tetra Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{47004155-7376-403E-89E9-4C9F44AAF0D0} Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log Quintessential Media Player-->"C:\Program Files\Quintessential Media Player\uninst.exe" Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52} ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe" Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sony Vegas Pro 8.0-->MsiExec.exe /X{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6} SoulSeek 157 NS 13b-->"C:\Program Files\Soulseek\uninstall.exe" Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782} Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Trillian-->C:\Program Files\Trillian\Trillian.exe /uninstall Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe" Version 6.7.1-->"C:\Program Files\FFXIP\unins000.exe" VideoLAN VLC media player 0.8.5-->C:\Program Files\VLC\uninstall.exe Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /I{621AF8B2-75D2-4074-BA44-79178A617255} Windows Live Messenger-->MsiExec.exe /X{33F8EAD4-B6EC-498B-B487-696B973D1C0C} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======System event log====== Computer Name: SHIZOKU Event Code: 20 Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Office XP Service Pack 3. Record Number: 90 Source Name: Windows Update Agent Time Written: 20091124030213.000000-300 Event Type: error User: Computer Name: SHIZOKU Event Code: 7034 Message: The MySQL service terminated unexpectedly. It has done this 1 time(s). Record Number: 65 Source Name: Service Control Manager Time Written: 20091123203000.000000-300 Event Type: error User: Computer Name: SHIZOKU Event Code: 7034 Message: The MySQL service terminated unexpectedly. It has done this 1 time(s). Record Number: 37 Source Name: Service Control Manager Time Written: 20091123132548.000000-300 Event Type: error User: Computer Name: SHIZOKU Event Code: 20 Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Office XP Service Pack 3. Record Number: 28 Source Name: Windows Update Agent Time Written: 20091123030153.000000-300 Event Type: error User: Computer Name: SHIZOKU Event Code: 7034 Message: The MySQL service terminated unexpectedly. It has done this 1 time(s). Record Number: 6 Source Name: Service Control Manager Time Written: 20091123021607.000000-300 Event Type: error User: =====Application event log===== Computer Name: SHIZOKU Event Code: 11402 Message: Product: Microsoft Office XP Professional with FrontPage -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance. Record Number: 2212 Source Name: MsiInstaller Time Written: 20091101070741.000000-240 Event Type: error User: SHIZOKU\Owner Computer Name: SHIZOKU Event Code: 12001 Message: The Messenger Sharing USN Journal Reader service started successfully. Record Number: 2190 Source Name: usnjsvc Time Written: 20091031161814.000000-240 Event Type: User: Computer Name: SHIZOKU Event Code: 1517 Message: Windows saved user SHIZOKU\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 2174 Source Name: Userenv Time Written: 20091031143529.000000-240 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: SHIZOKU Event Code: 10005 Message: Product: Windows Live Communications Platform -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2762. The arguments are: , , Record Number: 2168 Source Name: MsiInstaller Time Written: 20091031132631.000000-240 Event Type: error User: SHIZOKU\Owner Computer Name: SHIZOKU Event Code: 10005 Message: Product: Windows Live Communications Platform -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2762. The arguments are: , , Record Number: 2167 Source Name: MsiInstaller Time Written: 20091031132631.000000-240 Event Type: error User: SHIZOKU\Owner ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PHP;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\The Gimp\GTK 2.0\bin "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2302 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "LANG"=C -----------------EOF-----------------

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides