Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virtumonde, rootkit, trojan.BHI, AdAware


  • This topic is locked This topic is locked
18 replies to this topic

#1 nasatopgun

nasatopgun

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 20 December 2008 - 04:35 AM

Hi,

Here is RSIT log and info

log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Chandransu Choudhury at 2008-12-20 01:25:58
Microsoft Windows XP Professional Service Pack 2
System drive F: has 186 GB (65%) free of 286 GB
Total RAM: 1023 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:08 AM, on 12/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
F:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
F:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Network Associates\Common Framework\FrameworkService.exe
F:\Program Files\Network Associates\VirusScan\mcshield.exe
F:\Program Files\Network Associates\VirusScan\vstskmgr.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\CyberLink\Shared Files\RichVideo.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\dvd43\dvd43_tray.exe
F:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
F:\WINDOWS\system32\RunDLL32.exe
F:\Program Files\CyberLink\PowerCinema\PCMService.exe
F:\WINDOWS\Mixer.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\RunDLL32.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\Program Files\SUPERAntiSpyware\36345d38-1f79-402e-b345-404e007f8fc3.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\WINDOWS\system32\rundll32.exe
F:\WlanUtility\tiwlan.exe
F:\Program Files\internet explorer\iexplore.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\SoftwareDistribution\Download\11594e7b94fdf4fa05f80f796f4cd691\update\update.exe
F:\Documents and Settings\Chandransu Choudhury\Local Settings\Temporary Internet Files\Content.IE5\DNG04560\RSIT[1].exe
F:\Program Files\Trend Micro\HijackThis\Chandransu Choudhury.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [dvd43] F:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "F:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "F:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCMService] "F:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [OfotoNow USB Detection] F:\WINDOWS\system32\RunDLL32.exe F:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\36345d38-1f79-402e-b345-404e007f8fc3.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HijackThis startup scan] F:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - F:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.38/uploader2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180920327956
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://photoservices.van.fedex.com/softwar...geUploader4.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !saswinlogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - F:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - F:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - F:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - F:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9103 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\AppleSoftwareUpdate.job
F:\WINDOWS\tasks\At1.job
F:\WINDOWS\tasks\At10.job
F:\WINDOWS\tasks\At11.job
F:\WINDOWS\tasks\At12.job
F:\WINDOWS\tasks\At13.job
F:\WINDOWS\tasks\At14.job
F:\WINDOWS\tasks\At15.job
F:\WINDOWS\tasks\At16.job
F:\WINDOWS\tasks\At17.job
F:\WINDOWS\tasks\At18.job
F:\WINDOWS\tasks\At19.job
F:\WINDOWS\tasks\At2.job
F:\WINDOWS\tasks\At20.job
F:\WINDOWS\tasks\At21.job
F:\WINDOWS\tasks\At22.job
F:\WINDOWS\tasks\At23.job
F:\WINDOWS\tasks\At24.job
F:\WINDOWS\tasks\At3.job
F:\WINDOWS\tasks\At4.job
F:\WINDOWS\tasks\At5.job
F:\WINDOWS\tasks\At6.job
F:\WINDOWS\tasks\At7.job
F:\WINDOWS\tasks\At8.job
F:\WINDOWS\tasks\At9.job
F:\WINDOWS\tasks\User_Feed_Synchronization-{158E40EB-1615-4DFE-BB55-D75DD7A343CD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=F:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"dvd43"=F:\Program Files\dvd43\dvd43_tray.exe [2006-05-22 694272]
"ShStatEXE"=F:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-08-18 94208]
"McAfeeUpdaterUI"=F:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-10-06 139320]
"NvMediaCenter"=F:\WINDOWS\system32\NvMCTray.dll [2006-08-11 86016]
"PCMService"=F:\Program Files\CyberLink\PowerCinema\PCMService.exe [2005-05-23 127118]
"C-Media Mixer"=Mixer.exe /startup []
"GrooveMonitor"=F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"NeroFilterCheck"=F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"iTunesHelper"=F:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (reboot)"=F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 1265296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OfotoNow USB Detection"=F:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL [2002-11-05 77824]
"ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"WMPNSCFG"=F:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"H/PC Connection Agent"=F:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"SUPERAntiSpyware"=F:\Program Files\SUPERAntiSpyware\36345d38-1f79-402e-b345-404e007f8fc3.exe [2008-12-04 1809648]
"SpybotSD TeaTimer"=F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"HijackThis startup scan"=F:\Program Files\Trend Micro\HijackThis\HijackThis.exe [2008-12-13 396288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!saswinlogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
F:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\Google\Google Talk\googletalk.exe"="F:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"F:\Program Files\Common Files\AOL\Loader\aolload.exe"="F:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"F:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="F:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="F:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema"
"F:\Program Files\utorrent\utorrent.exe"="F:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent"
"F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"F:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="F:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\Program Files\SopCast\SopCast.exe"="F:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"F:\Program Files\SopCast\adv\SopAdver.exe"="F:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"F:\Program Files\Cisco Systems\Cisco Unified Video Advantage\VideoAdvantage.exe"="F:\Program Files\Cisco Systems\Cisco Unified Video Advantage\VideoAdvantage.exe:*:Enabled:Cisco Unified Video Advantage"
"F:\Program Files\Microsoft ActiveSync\rapimgr.exe"="F:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\Program Files\Microsoft ActiveSync\wcescomm.exe"="F:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="F:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"F:\Program Files\Microsoft Money Plus\MNYCoreFiles\msmoney.exe"="F:\Program Files\Microsoft Money Plus\MNYCoreFiles\msmoney.exe:*:Enabled:Money Plus"
"F:\Program Files\iTunes\iTunes.exe"="F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\MSN Messenger\msncall.exe"="F:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"F:\Program Files\MSN Messenger\msnmsgr.exe"="F:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"F:\Program Files\MSN Messenger\livecall.exe"="F:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\Program Files\Cisco Systems\Cisco Unified Video Advantage\VideoAdvantage.exe"="F:\Program Files\Cisco Systems\Cisco Unified Video Advantage\VideoAdvantage.exe:*:Enabled:Cisco Unified Video Advantage"
"F:\Program Files\Microsoft ActiveSync\rapimgr.exe"="F:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\Program Files\Microsoft ActiveSync\wcescomm.exe"="F:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="F:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2008-12-20 01:25:58 ----D---- F:\rsit
2008-12-20 01:25:43 ----D---- F:\WINDOWS\LastGood
2008-12-20 00:03:20 ----A---- F:\yppyncya.txt
2008-12-19 19:59:48 ----D---- F:\C_DIR
2008-12-19 00:54:11 ----D---- F:\Program Files\Spybot - Search & Destroy
2008-12-19 00:54:11 ----D---- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 23:56:31 ----SHD---- F:\RECYCLER
2008-12-17 15:12:16 ----A---- F:\ComboFix.txt
2008-12-17 15:04:57 ----D---- F:\WINDOWS\temp
2008-12-17 14:59:55 ----A---- F:\Boot.bak
2008-12-17 14:59:41 ----RASHD---- F:\cmdcons
2008-12-17 14:58:16 ----A---- F:\WINDOWS\zip.exe
2008-12-17 14:58:16 ----A---- F:\WINDOWS\VFIND.exe
2008-12-17 14:58:16 ----A---- F:\WINDOWS\SWXCACLS.exe
2008-12-17 14:58:16 ----A---- F:\WINDOWS\SWSC.exe
2008-12-17 14:58:16 ----A---- F:\WINDOWS\SWREG.exe
2008-12-17 14:58:16 ----A---- F:\WINDOWS\sed.exe
2008-12-17 14:58:16 ----A---- F:\WINDOWS\NIRCMD.exe
2008-12-17 14:58:16 ----A---- F:\WINDOWS\grep.exe
2008-12-17 14:58:16 ----A---- F:\WINDOWS\fdsv.exe
2008-12-17 14:58:11 ----D---- F:\WINDOWS\ERDNT
2008-12-17 14:58:11 ----D---- F:\Qoobox
2008-12-13 19:47:10 ----D---- F:\Documents and Settings\Chandransu Choudhury\Application Data\Malwarebytes
2008-12-13 11:37:07 ----D---- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-13 11:36:26 ----D---- F:\Program Files\SUPERAntiSpyware
2008-12-13 11:36:26 ----D---- F:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com
2008-12-13 11:36:11 ----D---- F:\Program Files\Common Files\Wise Installation Wizard
2008-12-13 04:53:16 ----D---- F:\Documents and Settings\Chandransu Choudhury\Application Data\GlarySoft
2008-12-13 04:47:36 ----D---- F:\Program Files\Glary Registry Repair
2008-12-13 04:14:29 ----D---- F:\VundoFix Backups
2008-12-13 04:14:29 ----A---- F:\VundoFix.txt
2008-12-13 02:37:43 ----D---- F:\Program Files\Trend Micro
2008-12-13 02:28:59 ----D---- F:\Program Files\Malwarebytes' Anti-Malware
2008-12-13 02:28:59 ----D---- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-13 02:11:17 ----D---- F:\WINDOWS\Prefetch
2008-12-13 01:09:58 ----D---- F:\Program Files\CCleaner
2008-12-12 23:57:38 ----A---- F:\WINDOWS\system32\bffce610-.txt
2008-12-12 21:44:34 ----D---- F:\WINDOWS\system32\IOSUBSYS
2008-12-12 21:11:12 ----D---- F:\Program Files\Windows Mobile Device Handbook
2008-12-11 22:03:12 ----HDC---- F:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 22:03:06 ----HDC---- F:\WINDOWS\$NtUninstallKB955839$
2008-12-11 21:59:19 ----HDC---- F:\WINDOWS\$NtUninstallKB954600$
2008-12-11 21:59:07 ----HDC---- F:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2008-12-20 01:25:52 ----HD---- F:\WINDOWS\inf
2008-12-20 01:25:46 ----HD---- F:\WINDOWS\$hf_mig$
2008-12-20 01:25:43 ----D---- F:\WINDOWS
2008-12-20 01:22:17 ----D---- F:\WINDOWS\system32\CatRoot2
2008-12-20 01:04:56 ----SHD---- F:\WINDOWS\Installer
2008-12-20 01:04:55 ----D---- F:\WINDOWS\WinSxS
2008-12-20 01:04:37 ----SHD---- F:\Config.Msi
2008-12-20 01:04:30 ----D---- F:\Program Files\Adobe
2008-12-20 01:03:53 ----D---- F:\WINDOWS\system32
2008-12-20 01:03:17 ----RD---- F:\Program Files
2008-12-20 01:02:40 ----D---- F:\Program Files\DVDFab Decrypter
2008-12-20 01:00:17 ----D---- F:\Program Files\Common Files
2008-12-20 00:03:20 ----D---- F:\WINDOWS\system32\drivers
2008-12-19 22:24:11 ----N---- F:\WINDOWS\SchedLgU.Txt
2008-12-19 01:27:11 ----D---- F:\WINDOWS\system32\CatRoot_bak
2008-12-19 01:27:11 ----D---- F:\WINDOWS\system32\CatRoot
2008-12-18 23:28:12 ----D---- F:\Program Files\Windows Live Toolbar
2008-12-18 23:27:47 ----SD---- F:\WINDOWS\Tasks
2008-12-18 23:23:32 ----D---- F:\Program Files\MyPublisher
2008-12-18 23:22:56 ----D---- F:\Program Files\MagicISO
2008-12-18 23:12:43 ----D---- F:\Program Files\Common Files\Real
2008-12-18 23:12:42 ----D---- F:\Program Files\Real
2008-12-18 23:12:05 ----D---- F:\Documents and Settings\Chandransu Choudhury\Application Data\Real
2008-12-18 23:03:50 ----HD---- F:\Program Files\InstallShield Installation Information
2008-12-18 22:57:20 ----D---- F:\Program Files\Google
2008-12-18 22:57:18 ----D---- F:\Documents and Settings\All Users\Application Data\Google
2008-12-18 17:14:22 ----RSHDC---- F:\WINDOWS\system32\dllcache
2008-12-17 15:07:28 ----A---- F:\WINDOWS\system.ini
2008-12-17 15:05:17 ----D---- F:\WINDOWS\system32\config
2008-12-17 15:04:26 ----D---- F:\WINDOWS\AppPatch
2008-12-17 14:59:55 ----RASH---- F:\boot.ini
2008-12-13 05:03:16 ----D---- F:\WINDOWS\system32\en-US
2008-12-13 05:03:16 ----D---- F:\WINDOWS\Media
2008-12-13 05:03:16 ----D---- F:\WINDOWS\Help
2008-12-13 05:03:15 ----D---- F:\Program Files\Internet Explorer
2008-12-13 04:44:06 ----D---- F:\Program Files\Mozilla Firefox
2008-12-13 04:32:10 ----D---- F:\Program Files\CA Yahoo! Anti-Spy
2008-12-13 02:20:08 ----A---- F:\WINDOWS\win.ini
2008-12-13 02:19:26 ----D---- F:\Program Files\878
2008-12-13 01:24:33 ----D---- F:\Program Files\CyberLink
2008-12-13 01:18:30 ----D---- F:\WINDOWS\Debug
2008-12-13 01:18:26 ----D---- F:\WINDOWS\Minidump
2008-12-13 00:41:34 ----D---- F:\Documents and Settings\Chandransu Choudhury\Application Data\Yahoo!
2008-12-13 00:41:34 ----D---- F:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-13 00:41:19 ----D---- F:\Program Files\Yahoo!
2008-12-13 00:31:32 ----D---- F:\Program Files\PhotoAcute
2008-12-13 00:31:18 ----D---- F:\Program Files\PhotoRemedy Phone
2008-12-13 00:30:35 ----D---- F:\WINDOWS\system32\appmgmt
2008-12-13 00:00:54 ----D---- F:\WINDOWS\uninstall
2008-12-12 23:59:30 ----D---- F:\Program Files\SatelliteTVforPC
2008-12-12 23:04:44 ----A---- F:\WINDOWS\NeroDigital.ini
2008-12-11 22:04:01 ----D---- F:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-09 15:24:37 ----A---- F:\WINDOWS\system32\MRT.exe
2008-11-27 19:55:10 ----D---- F:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-11-21 00:07:36 ----D---- F:\Program Files\Apple Software Update

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; F:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 PCLEPCI;PCLEPCI; \??\F:\WINDOWS\system32\drivers\pclepci.sys []
R1 sasdifsv;SASDIFSV; \??\F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 saskutil;SASKUTIL; \??\F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 BT848;Conexant's BtPCI WDM Video Capture; F:\WINDOWS\system32\DRIVERS\BT848.sys [2006-11-23 371349]
R2 MASPINT;MASPINT; F:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver; F:\WINDOWS\system32\DRIVERS\ndiscdp.sys [2007-12-05 20400]
R3 cmpci;C-Media PCI Audio Driver (WDM); F:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 dvd43llh;dvd43llh; F:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2006-08-24 18816]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; F:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; F:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 NaiAvFilter1;NaiAvFilter1; F:\WINDOWS\system32\drivers\naiavf5x.sys [2004-08-18 108256]
R3 nv;nv; F:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 odysseyIM3;Odyssey Network Services Miniport; F:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-02-04 62865]
R3 sasenum;SASENUM; \??\F:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 TNET1130;802.11 WLAN; F:\WINDOWS\System32\DRIVERS\tnet1130.sys [2004-06-17 386688]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; F:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; F:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; F:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; F:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S2 BTXBAR;Conexant BT878 Crossbar; F:\WINDOWS\system32\drivers\CXXBAR.sys [2004-07-01 9472]
S2 CXTUNER;Conexant BT878 Tuner; F:\WINDOWS\system32\drivers\CXTUNER.sys [2004-07-01 28032]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); F:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-05-09 1075360]
S3 CCDECODE;Closed Caption Decoder; F:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmuda3;Xtreme Sound PCI Audio Interface; F:\WINDOWS\system32\drivers\cmuda3.sys [2005-12-06 1355456]
S3 cvpopflt;Cisco POP Suppression Filter; F:\WINDOWS\system32\DRIVERS\cvpopflt.sys [2007-05-09 1507104]
S3 CVUVC;Cisco VT Camera II(UVC); F:\WINDOWS\system32\DRIVERS\cvuvc.sys [2007-05-09 1924128]
S3 cvuvcflt;UVC Filter Service (Cisco); F:\WINDOWS\system32\DRIVERS\cvuvcflt.sys [2007-05-09 22432]
S3 Icam4USB;Intel PC Camera Pro; F:\WINDOWS\System32\Drivers\Icam4USB.sys [2001-12-03 160640]
S3 LVUSBSta;Logitech USB Monitor Filter; F:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-09 41504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; F:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; F:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; F:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; F:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb_rndisx;USB RNDIS Adapter; F:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 usbaudio;USB Audio Driver (WDM); F:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; F:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; F:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wanatw;WAN Miniport (ATW); F:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 wceusbsh;Windows CE USB Serial Host Driver; F:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext Codec; F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []
S4 NaiAvTdi1;NaiAvTdi1; F:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-08-18 58016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-05-23 221281]
R2 CLSched;CyberLink Task Scheduler (CTS); F:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-05-23 110687]
R2 CyberLink Media Library Service;CyberLink Media Library Service; F:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-23 61440]
R2 McAfeeFramework;McAfee Framework Service; F:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-10-06 102463]
R2 McShield;Network Associates McShield; F:\Program Files\Network Associates\VirusScan\mcshield.exe [2004-08-18 221191]
R2 McTaskManager;Network Associates Task Manager; F:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2004-08-18 28672]
R2 NVSvc;NVIDIA Display Driver Service; F:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); F:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-10 196708]
R2 WMDM PMSP Service;WMDM PMSP Service; F:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; F:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; f:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-04 138168]
S3 IDriverT;InstallDriver Table Manager; F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-29 779824]
S3 odserv;Microsoft Office Diagnostics Service; F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt:
info.txt logfile of random's system information tool 1.05 2008-12-20 01:26:11

======Uninstall list======

-->F:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->F:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->F:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->F:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->F:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->F:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
878 WDM Drivers-->F:\WINDOWS\c7xunist.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AviSynth 2.5-->"F:\Program Files\AviSynth 2.5\Uninstall.exe"
CA Yahoo! Anti-Spy (remove only)-->"F:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Canon Camera Window for ZoomBrowser EX-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{570B96D1-70D3-4B48-93EF-029440FA1BCE}
Canon PhotoRecord-->F:\WINDOWS\IsUninst.exe -fF:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"F:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon PowerShot G3 WIA Driver-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B94061DC-B2BB-42F7-800D-BCBF678AA8B3}
Canon Utilities FileViewerUtility 1.0-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0627E8E9-6822-4A5E-9225-286741CDC3E4}
Canon Utilities PhotoStitch 3.1-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}
Canon Utilities RemoteCapture 2.6-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only)-->"F:\Program Files\CCleaner\uninst.exe"
Cisco Unified Video Advantage-->MsiExec.exe /X{12AAA33E-36A2-4D97-96BA-3DF2760D1448}
Cisco VT Camera Driver-->MsiExec.exe /X{B232CC8B-A796-4944-9ABF-00B06E58124D}
DivX Player-->F:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro-->F:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD43 v3.9.0-->"F:\Program Files\dvd43\unins000.exe"
Garmin Communicator Plugin-->MsiExec.exe /X{10B3936F-0E93-4431-8E7B-3FEA5DAC88C3}
Glary Registry Repair 3.0-->"F:\Program Files\Glary Registry Repair\unins000.exe"
HijackThis 2.0.2-->"F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->F:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"F:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"F:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"F:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"F:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"F:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"F:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"F:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"F:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB928388)-->"F:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB929120)-->"F:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"F:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iPod for Windows 2006-03-23-->F:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}
iPod for Windows 2006-06-28-->F:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Malwarebytes' Anti-Malware-->"F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"F:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"F:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"F:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"F:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"F:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\DECCHECK.inf,Uninstall
MicroStaff WINASPI-->F:\MWASPI\uninst.exe
MOTO Q 9h Device Handbook-->F:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Ultra Edition-->MsiExec.exe /I{37FCE36B-D082-41BE-847E-B63707251033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->F:\WINDOWS\system32\nvudisp.exe UninstallGUI
OfotoNow-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2875A5F5-E613-4F99-9B47-8882C9DD24A5}\Setup.exe" -l0x9 anything
PCI Audio Driver-->cmuninst.exe
Picasa 3-->"F:\Program Files\Google\Picasa3\Uninstall.exe"
PowerCinema 4.0-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
PowerDirector-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB928090)-->"F:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"F:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"F:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"F:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"F:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"F:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"F:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"F:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"F:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"F:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"F:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"F:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"F:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"F:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"F:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"F:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"F:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"F:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"F:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"F:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"F:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"F:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"F:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"F:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"F:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"F:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"F:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"F:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"F:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"F:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"F:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"F:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"F:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"F:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"F:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"F:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"F:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"F:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"F:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"F:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"F:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"F:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"F:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"F:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"F:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"F:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"F:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"F:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"F:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"F:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"F:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"F:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"F:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"F:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"F:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"F:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"F:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"F:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"F:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"F:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"F:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"F:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"F:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"F:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"F:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"F:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"F:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"F:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"F:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"F:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"F:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"F:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"F:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"F:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"F:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"F:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"F:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"F:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"F:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"F:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"F:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"F:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"F:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"F:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"F:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"F:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"F:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"F:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"F:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"F:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"F:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"F:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"F:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"F:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"F:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"F:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"F:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"F:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"F:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"F:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"F:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"F:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"F:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"F:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"F:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"F:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"F:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"F:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"F:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"F:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"F:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"F:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"F:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"F:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"F:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"F:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"F:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"F:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"F:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"F:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"F:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"F:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"F:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"F:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"F:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"F:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"F:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"F:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"F:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"F:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Treo 750v User Guide-->MsiExec.exe /X{321A5AF2-1480-4BBF-B737-9B5E3D5591FA}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB894391)-->"F:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"F:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"F:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"F:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"F:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"F:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"F:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"F:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"F:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"F:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"F:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"F:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"F:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"F:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"F:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"F:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"F:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"F:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"F:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"F:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"F:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"F:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"F:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"F:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Driver Package - Logitech (CamDrL) Image (05/09/2007 10.5.1.1200)-->rundll32.exe F:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage F:\WINDOWS\system32\DRVSTORE\lvCSCOv_8BBAC278533E79BBF2B0A239B05ACC7BE8315535\lvCSCOv.inf
Windows Driver Package - Logitech MEDIA (05/09/2007 10.5.1.1200)-->rundll32.exe F:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage F:\WINDOWS\system32\DRVSTORE\lvCSCOs_4C9C84C6D0180241007E689AC6A4D87C2743CEB3\lvCSCOs.inf
Windows Driver Package - Logitech USB (05/09/2007 10.5.1.1200)-->rundll32.exe F:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage F:\WINDOWS\system32\DRVSTORE\lvCSCOc_E447D4D00F518B461245AB116CE00747F83BAADB\lvCSCOc.inf
Windows Imaging Component-->"F:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"F:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Connect-->"F:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"F:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"F:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"F:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB873339-->F:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->F:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->F:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->F:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->F:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->F:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->F:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->F:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->F:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"F:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->F:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->F:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->F:\Program Files\WinRAR\uninstall.exe
WlanUtility-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{07DEC7A1-F8D2-4DBB-900B-A2F9302647BB}\setup.exe" -l0x9
Xtreme Sound PCI-->F:\WINDOWS\CmiPCIUninstall.exe F:\Program Files\Xtreme Sound PCI#C-Media PCI Audio#Xtreme Sound PCI#

=====HijackThis Backups=====

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O8 - Extra context menu item: &AOL Toolbar search - res://F:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll

System event log

Computer Name: CHANDRANSU-NEW
Event Code: 7035
Message: The iPod Service service was successfully sent a start control.

Record Number: 41040
Source Name: Service Control Manager
Time Written: 20081003124815.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: CHANDRANSU-NEW
Event Code: 7036
Message: The NMIndexingService service entered the running state.

Record Number: 41039
Source Name: Service Control Manager
Time Written: 20081003124815.000000-420
Event Type: information
User:

Computer Name: CHANDRANSU-NEW
Event Code: 7035
Message: The NMIndexingService service was successfully sent a start control.

Record Number: 41038
Source Name: Service Control Manager
Time Written: 20081003124815.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: CHANDRANSU-NEW
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 41037
Source Name: Service Control Manager
Time Written: 20081003124815.000000-420
Event Type: information
User:

Computer Name: CHANDRANSU-NEW
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 41036
Source Name: Service Control Manager
Time Written: 20081003124815.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: CHANDRANSU-NEW
Event Code: 0
Message:
Record Number: 16296
Source Name: iPod Service
Time Written: 20080501112331.000000-420
Event Type: information
User:

Computer Name: CHANDRANSU-NEW
Event Code: 0
Message:
Record Number: 16295
Source Name: NMIndexingService
Time Written: 20080501112330.000000-420
Event Type: information
User:

Computer Name: CHANDRANSU-NEW
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 16294
Source Name: SecurityCenter
Time Written: 20080501112310.000000-420
Event Type: information
User:

Computer Name: CHANDRANSU-NEW
Event Code: 0
Message:
Record Number: 16293
Source Name: CLSched
Time Written: 20080501112301.000000-420
Event Type: information
User:

Computer Name: CHANDRANSU-NEW
Event Code: 105
Message: The service was started.

Record Number: 16292
Source Name: WMDM PMSP Service
Time Written: 20080501112300.000000-420
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;F:\Program Files\Common Files\Roxio Shared\DLLShared;F:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

I also posted the other details here: http://www.bleepingcomputer.com/forums/t/187926/pc-infected-with-several-malware/

Need your help in cleaning my PC

Thanks!!!

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:09 PM

Posted 21 December 2008 - 09:34 AM

Hello! :thumbsup:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 nasatopgun

nasatopgun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 21 December 2008 - 06:23 PM

Hi Sam,

Thanks!!!

Here is the SDFix Report:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
SDFix: Version 1.240
Run by Chandransu Choudhury on Sun 12/21/2008 at 02:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: F:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Google\\Google Talk\\googletalk.exe"="F:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"F:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="F:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="F:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:PowerCinema"
"F:\\Program Files\\utorrent\\utorrent.exe"="F:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:ęTorrent"
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"F:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="F:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\\Program Files\\SopCast\\SopCast.exe"="F:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"F:\\Program Files\\SopCast\\adv\\SopAdver.exe"="F:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
"F:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe"="F:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe:*:Enabled:Cisco Unified Video Advantage"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"F:\\Program Files\\Microsoft Money Plus\\MNYCoreFiles\\msmoney.exe"="F:\\Program Files\\Microsoft Money Plus\\MNYCoreFiles\\msmoney.exe:*:Enabled:Money Plus"
"F:\\Program Files\\iTunes\\iTunes.exe"="F:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\MSN Messenger\\msncall.exe"="F:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"F:\\Program Files\\MSN Messenger\\msnmsgr.exe"="F:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"F:\\Program Files\\MSN Messenger\\livecall.exe"="F:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe"="F:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe:*:Enabled:Cisco Unified Video Advantage"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files :



Files with Hidden Attributes :

Fri 24 Nov 2006 8 ..SHR --- "F:\WINDOWS\system32\42D8433671.sys"
Fri 24 Nov 2006 4,704 A.SH. --- "F:\WINDOWS\system32\KGyGaAvL.sys"
Sun 9 Jul 2006 4,348 ..SH. --- "F:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 11 Dec 2008 7,829,056 A..H. --- "F:\Program Files\Google\Picasa3\setup.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "F:\RECYCLER\S-1-5-21-1229272821-2000478354-839522115-1003\Df3\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "F:\RECYCLER\S-1-5-21-1229272821-2000478354-839522115-1003\Df3\SDHelper.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "F:\RECYCLER\S-1-5-21-1229272821-2000478354-839522115-1003\Df3\Tools.dll"
Sun 4 Feb 2007 0 A.SH. --- "F:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 9 Jul 2006 4,348 A..H. --- "F:\Documents and Settings\Chandransu Choudhury\My Documents\My Music\License Backup\drmv1key.bak"
Sun 9 Jul 2006 20 A..H. --- "F:\Documents and Settings\Chandransu Choudhury\My Documents\My Music\License Backup\drmv1lic.bak"
Tue 8 Nov 2005 312 A.SH. --- "F:\Documents and Settings\Chandransu Choudhury\My Documents\My Music\License Backup\drmv2key.bak"

Finished!

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

When I run my Malwarevytes' Anti-Malware and SUPERAntiSpyware after the SDFix it still show the same issues. The logs of those I posted on the earlier thread. After the machine was infected. I uninstalled several applications + I don't go to the internet as well. Opening IE brings up AdWare+Fun Products back.

Please let me know if you need additional logs etc.

Regards,
-CC

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:09 PM

Posted 22 December 2008 - 11:11 AM

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    F:\WINDOWS\tasks\At?.job
    F:\WINDOWS\tasks\At??.job
    
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


===================


I need to see an updated log from Malwarebytes.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform quick scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 nasatopgun

nasatopgun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 23 December 2008 - 05:07 AM

Hi Sam,

Here is the log of OTMoveIt3:

========== FILES ==========
F:\WINDOWS\tasks\At1.job moved successfully.
F:\WINDOWS\tasks\At2.job moved successfully.
F:\WINDOWS\tasks\At3.job moved successfully.
F:\WINDOWS\tasks\At4.job moved successfully.
F:\WINDOWS\tasks\At5.job moved successfully.
F:\WINDOWS\tasks\At6.job moved successfully.
F:\WINDOWS\tasks\At7.job moved successfully.
F:\WINDOWS\tasks\At8.job moved successfully.
F:\WINDOWS\tasks\At9.job moved successfully.
F:\WINDOWS\tasks\At10.job moved successfully.
F:\WINDOWS\tasks\At11.job moved successfully.
F:\WINDOWS\tasks\At12.job moved successfully.
F:\WINDOWS\tasks\At13.job moved successfully.
F:\WINDOWS\tasks\At14.job moved successfully.
F:\WINDOWS\tasks\At15.job moved successfully.
F:\WINDOWS\tasks\At16.job moved successfully.
F:\WINDOWS\tasks\At17.job moved successfully.
F:\WINDOWS\tasks\At18.job moved successfully.
F:\WINDOWS\tasks\At19.job moved successfully.
F:\WINDOWS\tasks\At20.job moved successfully.
F:\WINDOWS\tasks\At21.job moved successfully.
F:\WINDOWS\tasks\At22.job moved successfully.
F:\WINDOWS\tasks\At23.job moved successfully.
F:\WINDOWS\tasks\At24.job moved successfully.
========== COMMANDS ==========
File delete failed. F:\DOCUME~1\CHANDR~1\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. F:\WINDOWS\temp\Perflib_Perfdata_640.dat scheduled to be deleted on reboot.
File delete failed. F:\WINDOWS\temp\WFV1.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12222008_095229

Files moved on Reboot...
F:\DOCUME~1\CHANDR~1\LOCALS~1\Temp\WCESLog.log moved successfully.
File F:\WINDOWS\temp\Perflib_Perfdata_640.dat not found!
File F:\WINDOWS\temp\WFV1.tmp not found!
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.



Everyrun of MalwareByte's shows one infected object. Never is able to clean it:

Malwarebytes' Anti-Malware 1.31
Database version: 1535
Windows 5.1.2600 Service Pack 3

12/23/2008 2:03:32 AM
mbam-log-2008-12-23 (02-03-32).txt

Scan type: Quick Scan
Objects scanned: 57982
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
A lot of time my anti-virus program catches and cleans various trojans. This morning it alerted about something in the System restore folder.

Thanks,
-CC

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:09 PM

Posted 23 December 2008 - 11:39 AM

Copy the text below into OTMoveit3 and click MoveIt just like before.

:reg
[-HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d}]



Not at all surprising that your system restore files are infected.
Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer, turn it back on and create a restore point.

Create a restore point:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.


===================



Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 nasatopgun

nasatopgun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 23 December 2008 - 07:58 PM

Hi Sam,

Here is the gmer.log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-23 11:24:50
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF5754F20]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ F:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.14 ----
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Malwarebyte's doesn't show any objects after I moved it using OtMoveIt3.
However, when I did a full scan; my anti-virus caught some trojans. Before I posted the message I moved all files from c:\ to C_DIR and formatted the C:\. Windows was installed on F:\

Log from the anti-virus:

12/11/2008 10:04:14 PM Statistics:
12/11/2008 10:04:14 PM Files scanned: 5673
12/11/2008 10:04:14 PM Files detected: 0
12/11/2008 10:04:14 PM Files cleaned: 0
12/11/2008 10:04:14 PM Files deleted: 0
12/11/2008 10:04:14 PM Files moved: 0
12/12/2008 9:03:17 PM Engine version = 5.3.00
12/12/2008 9:03:17 PM DAT version = 5461
12/12/2008 9:03:17 PM Number of virus signatures in EXTRA.DAT = None
12/12/2008 9:03:17 PM Names of viruses that EXTRA.DAT can detect = None
12/12/2008 10:27:58 PM Engine version = 5.3.00
12/12/2008 10:27:58 PM DAT version = 5462
12/12/2008 10:27:58 PM Number of virus signatures in EXTRA.DAT = None
12/12/2008 10:27:58 PM Names of viruses that EXTRA.DAT can detect = None
12/12/2008 11:41:31 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury focus magic 3.0 F:\Program Files\Mozilla Firefox\number.exe Generic Downloader.x (Trojan)
12/12/2008 11:41:37 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury serial.exe F:\Documents and Settings\Chandransu Choudhury\Local Settings\Temporary Internet Files\Content.IE5\5RPZZNNH\ouerbfgqd[1].htm Generic Packed (Trojan)
12/12/2008 11:41:50 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury winlogin.exe F:\Documents and Settings\Chandransu Choudhury\Local Settings\Temp\1072770000.exe Generic.dx (Trojan)
12/12/2008 11:41:53 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury serial.exe F:\Documents and Settings\Chandransu Choudhury\Local Settings\Temporary Internet Files\Content.IE5\AI9X4X8S\gqnbs[1].htm Generic Packed (Trojan)
12/12/2008 11:42:06 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury ftsuih.exe F:\Documents and Settings\Chandransu Choudhury\Local Settings\Temporary Internet Files\Content.IE5\5RPZZNNH\aasuper1[1].htm Generic Packed (Trojan)
12/12/2008 11:42:10 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury ftsuih.exe C:\uuyrv.exe Generic Packed (Trojan)
12/12/2008 11:42:26 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury ftsuih.exe F:\Documents and Settings\Chandransu Choudhury\Local Settings\Temporary Internet Files\Content.IE5\U3MSB1E0\aasuper3[1].htm Generic Packed (Trojan)
12/12/2008 11:42:32 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury ftsuih.exe C:\xohlv.exe Generic Packed (Trojan)
12/12/2008 11:42:33 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury explorer.exe F:\Documents and Settings\Chandransu Choudhury\Local Settings\Temp\1324332500.exe Generic.dx (Trojan)
12/12/2008 11:55:34 PM Engine version = 5.3.00
12/12/2008 11:55:34 PM DAT version = 5462
12/12/2008 11:55:34 PM Number of virus signatures in EXTRA.DAT = None
12/12/2008 11:55:34 PM Names of viruses that EXTRA.DAT can detect = None
12/13/2008 12:15:47 AM Engine version = 5.3.00
12/13/2008 12:15:47 AM DAT version = 5462
12/13/2008 12:15:47 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 12:15:47 AM Names of viruses that EXTRA.DAT can detect = None
12/13/2008 12:54:53 AM Engine version = 5.3.00
12/13/2008 12:54:53 AM DAT version = 5462
12/13/2008 12:54:53 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 12:54:53 AM Names of viruses that EXTRA.DAT can detect = None

12/13/2008 1:31:00 AM Statistics:
12/13/2008 1:31:00 AM Files scanned: 7
12/13/2008 1:31:00 AM Files detected: 0
12/13/2008 1:31:00 AM Files cleaned: 0
12/13/2008 1:31:00 AM Files deleted: 0
12/13/2008 1:31:00 AM Files moved: 0
12/13/2008 1:35:00 AM Engine version = 5.3.00
12/13/2008 1:35:00 AM DAT version = 5462
12/13/2008 1:35:00 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 1:35:00 AM Names of viruses that EXTRA.DAT can detect = None

12/13/2008 2:09:55 AM Statistics:
12/13/2008 2:09:55 AM Files scanned: 5
12/13/2008 2:09:55 AM Files detected: 0
12/13/2008 2:09:55 AM Files cleaned: 0
12/13/2008 2:09:55 AM Files deleted: 0
12/13/2008 2:09:55 AM Files moved: 0
12/13/2008 2:13:54 AM Engine version = 5.3.00
12/13/2008 2:13:54 AM DAT version = 5462
12/13/2008 2:13:54 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 2:13:54 AM Names of viruses that EXTRA.DAT can detect = None

12/13/2008 3:07:48 AM Statistics:
12/13/2008 3:07:48 AM Files scanned: 4
12/13/2008 3:07:48 AM Files detected: 0
12/13/2008 3:07:48 AM Files cleaned: 0
12/13/2008 3:07:48 AM Files deleted: 0
12/13/2008 3:07:48 AM Files moved: 0
12/13/2008 3:12:46 AM Engine version = 5.3.00
12/13/2008 3:12:46 AM DAT version = 5462
12/13/2008 3:12:46 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 3:12:46 AM Names of viruses that EXTRA.DAT can detect = None
12/13/2008 3:18:52 AM Engine version = 5.3.00
12/13/2008 3:18:52 AM DAT version = 5462
12/13/2008 3:18:52 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 3:18:52 AM Names of viruses that EXTRA.DAT can detect = None
12/13/2008 4:02:35 AM Engine version = 5.3.00
12/13/2008 4:02:35 AM DAT version = 5462
12/13/2008 4:02:35 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 4:02:35 AM Names of viruses that EXTRA.DAT can detect = None
12/13/2008 4:11:16 AM Engine version = 5.3.00
12/13/2008 4:11:16 AM DAT version = 5462
12/13/2008 4:11:16 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 4:11:16 AM Names of viruses that EXTRA.DAT can detect = None
12/13/2008 4:23:58 AM Engine version = 5.3.00
12/13/2008 4:23:58 AM DAT version = 5462
12/13/2008 4:23:58 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 4:23:58 AM Names of viruses that EXTRA.DAT can detect = None

12/13/2008 5:02:12 AM Statistics:
12/13/2008 5:02:12 AM Files scanned: 10
12/13/2008 5:02:12 AM Files detected: 0
12/13/2008 5:02:12 AM Files cleaned: 0
12/13/2008 5:02:12 AM Files deleted: 0
12/13/2008 5:02:12 AM Files moved: 0
12/13/2008 5:05:58 AM Engine version = 5.3.00
12/13/2008 5:05:58 AM DAT version = 5462
12/13/2008 5:05:58 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 5:05:58 AM Names of viruses that EXTRA.DAT can detect = None
12/13/2008 11:08:15 AM Engine version = 5.3.00
12/13/2008 11:08:15 AM DAT version = 5462
12/13/2008 11:08:15 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 11:08:15 AM Names of viruses that EXTRA.DAT can detect = None

12/13/2008 11:14:29 AM Statistics:
12/13/2008 11:14:29 AM Files scanned: 1
12/13/2008 11:14:29 AM Files detected: 0
12/13/2008 11:14:29 AM Files cleaned: 0
12/13/2008 11:14:29 AM Files deleted: 0
12/13/2008 11:14:29 AM Files moved: 0
12/13/2008 11:34:17 AM Engine version = 5.3.00
12/13/2008 11:34:17 AM DAT version = 5462
12/13/2008 11:34:17 AM Number of virus signatures in EXTRA.DAT = None
12/13/2008 11:34:17 AM Names of viruses that EXTRA.DAT can detect = None

12/13/2008 1:14:49 PM Statistics:
12/13/2008 1:14:49 PM Files scanned: 16
12/13/2008 1:14:49 PM Files detected: 0
12/13/2008 1:14:49 PM Files cleaned: 0
12/13/2008 1:14:49 PM Files deleted: 0
12/13/2008 1:14:49 PM Files moved: 0
12/13/2008 1:25:35 PM Engine version = 5.3.00
12/13/2008 1:25:35 PM DAT version = 5462
12/13/2008 1:25:35 PM Number of virus signatures in EXTRA.DAT = None
12/13/2008 1:25:35 PM Names of viruses that EXTRA.DAT can detect = None

12/13/2008 1:42:32 PM Statistics:
12/13/2008 1:42:32 PM Files scanned: 0
12/13/2008 1:42:32 PM Files detected: 0
12/13/2008 1:42:32 PM Files cleaned: 0
12/13/2008 1:42:32 PM Files deleted: 0
12/13/2008 1:42:32 PM Files moved: 0
12/13/2008 7:46:57 PM Engine version = 5.3.00
12/13/2008 7:46:57 PM DAT version = 5462
12/13/2008 7:46:57 PM Number of virus signatures in EXTRA.DAT = None
12/13/2008 7:46:57 PM Names of viruses that EXTRA.DAT can detect = None
12/13/2008 8:00:01 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury svchost.exe F:\WINDOWS\system32\yaI53AvI.exe Downloader-BKA (Trojan)
12/13/2008 9:09:01 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury mbam.exe F:\System Volume Information\_restore{E569EC0B-DED7-4A13-A5A8-D5E9D46839EC}\RP546\A0060832.exe Downloader-BKA (Trojan)
12/13/2008 9:20:22 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury mbam.exe F:\WINDOWS\system32\TDSSirxy.dll FakeAlert-AG.gen.a (Trojan)
12/13/2008 9:20:33 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury mbam.exe F:\WINDOWS\system32\TDSSktpa.dll Generic.dx (Trojan)
12/13/2008 9:20:34 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury mbam.exe F:\WINDOWS\system32\TDSSyavu.dll FakeAlert-AG.gen.a (Trojan)

12/13/2008 9:35:14 PM Statistics:
12/13/2008 9:35:14 PM Files scanned: 118229
12/13/2008 9:35:14 PM Files detected: 7
12/13/2008 9:35:14 PM Files cleaned: 0
12/13/2008 9:35:14 PM Files deleted: 7
12/13/2008 9:35:14 PM Files moved: 0
12/13/2008 9:38:47 PM Engine version = 5.3.00
12/13/2008 9:38:47 PM DAT version = 5462
12/13/2008 9:38:47 PM Number of virus signatures in EXTRA.DAT = None
12/13/2008 9:38:47 PM Names of viruses that EXTRA.DAT can detect = None

12/13/2008 9:48:06 PM Statistics:
12/13/2008 9:48:06 PM Files scanned: 4724
12/13/2008 9:48:06 PM Files detected: 0
12/13/2008 9:48:06 PM Files cleaned: 0
12/13/2008 9:48:06 PM Files deleted: 0
12/13/2008 9:48:06 PM Files moved: 0
12/13/2008 9:51:39 PM Engine version = 5.3.00
12/13/2008 9:51:39 PM DAT version = 5462
12/13/2008 9:51:39 PM Number of virus signatures in EXTRA.DAT = None
12/13/2008 9:51:39 PM Names of viruses that EXTRA.DAT can detect = None

12/13/2008 10:45:13 PM Statistics:
12/13/2008 10:45:13 PM Files scanned: 17553
12/13/2008 10:45:13 PM Files detected: 0
12/13/2008 10:45:13 PM Files cleaned: 0
12/13/2008 10:45:13 PM Files deleted: 0
12/13/2008 10:45:13 PM Files moved: 0
12/13/2008 10:48:50 PM Engine version = 5.3.00
12/13/2008 10:48:50 PM DAT version = 5462
12/13/2008 10:48:50 PM Number of virus signatures in EXTRA.DAT = None
12/13/2008 10:48:50 PM Names of viruses that EXTRA.DAT can detect = None

12/14/2008 12:20:42 AM Statistics:
12/14/2008 12:20:42 AM Files scanned: 25448
12/14/2008 12:20:42 AM Files detected: 0
12/14/2008 12:20:42 AM Files cleaned: 0
12/14/2008 12:20:42 AM Files deleted: 0
12/14/2008 12:20:42 AM Files moved: 0
12/17/2008 2:46:24 PM Engine version = 5.3.00
12/17/2008 2:46:24 PM DAT version = 5462
12/17/2008 2:46:24 PM Number of virus signatures in EXTRA.DAT = None
12/17/2008 2:46:24 PM Names of viruses that EXTRA.DAT can detect = None

12/17/2008 3:05:46 PM Statistics:
12/17/2008 3:05:46 PM Files scanned: 3174
12/17/2008 3:05:46 PM Files detected: 0
12/17/2008 3:05:46 PM Files cleaned: 0
12/17/2008 3:05:46 PM Files deleted: 0
12/17/2008 3:05:46 PM Files moved: 0
2008-12-17 15:09 Engine version = 5.3.00
2008-12-17 15:09 DAT version = 5462
2008-12-17 15:09 Number of virus signatures in EXTRA.DAT = None
2008-12-17 15:09 Names of viruses that EXTRA.DAT can detect = None
2008-12-17 17:31 Deleted NT AUTHORITY\SYSTEM svchost.exe F:\System Volume Information\_restore{E569EC0B-DED7-4A13-A5A8-D5E9D46839EC}\RP546\A0060833.dll FakeAlert-AG.gen.a (Trojan)
2008-12-17 18:40 Deleted NT AUTHORITY\SYSTEM svchost.exe F:\System Volume Information\_restore{E569EC0B-DED7-4A13-A5A8-D5E9D46839EC}\RP546\A0060834.dll Generic.dx (Trojan)
2008-12-17 19:39 Deleted NT AUTHORITY\SYSTEM svchost.exe F:\System Volume Information\_restore{E569EC0B-DED7-4A13-A5A8-D5E9D46839EC}\RP546\A0060835.dll FakeAlert-AG.gen.a (Trojan)

2008-12-18 14:35 Statistics:
2008-12-18 14:35 Files scanned: 126737
2008-12-18 14:35 Files detected: 3
2008-12-18 14:35 Files cleaned: 0
2008-12-18 14:35 Files deleted: 3
2008-12-18 14:35 Files moved: 0
12/18/2008 5:13:13 PM Engine version = 5.3.00
12/18/2008 5:13:13 PM DAT version = 5462
12/18/2008 5:13:13 PM Number of virus signatures in EXTRA.DAT = None
12/18/2008 5:13:13 PM Names of viruses that EXTRA.DAT can detect = None

12/18/2008 11:44:08 PM Statistics:
12/18/2008 11:44:08 PM Files scanned: 98354
12/18/2008 11:44:08 PM Files detected: 0
12/18/2008 11:44:08 PM Files cleaned: 0
12/18/2008 11:44:08 PM Files deleted: 0
12/18/2008 11:44:08 PM Files moved: 0
12/18/2008 11:47:39 PM Engine version = 5.3.00
12/18/2008 11:47:39 PM DAT version = 5462
12/18/2008 11:47:39 PM Number of virus signatures in EXTRA.DAT = None
12/18/2008 11:47:39 PM Names of viruses that EXTRA.DAT can detect = None
12/19/2008 1:08:58 AM Engine version = 5.3.00
12/19/2008 1:08:58 AM DAT version = 5468
12/19/2008 1:08:58 AM Number of virus signatures in EXTRA.DAT = None
12/19/2008 1:08:58 AM Names of viruses that EXTRA.DAT can detect = None

12/19/2008 8:59:52 AM Statistics:
12/19/2008 8:59:52 AM Files scanned: 100659
12/19/2008 8:59:52 AM Files detected: 0
12/19/2008 8:59:52 AM Files cleaned: 0
12/19/2008 8:59:52 AM Files deleted: 0
12/19/2008 8:59:52 AM Files moved: 0
12/19/2008 9:01:22 AM Engine version = 5.3.00
12/19/2008 9:01:22 AM DAT version = 5468
12/19/2008 9:01:22 AM Number of virus signatures in EXTRA.DAT = None
12/19/2008 9:01:22 AM Names of viruses that EXTRA.DAT can detect = None

12/19/2008 10:24:04 PM Statistics:
12/19/2008 10:24:04 PM Files scanned: 33525
12/19/2008 10:24:04 PM Files detected: 0
12/19/2008 10:24:04 PM Files cleaned: 0
12/19/2008 10:24:04 PM Files deleted: 0
12/19/2008 10:24:04 PM Files moved: 0
12/19/2008 10:25:31 PM Engine version = 5.3.00
12/19/2008 10:25:31 PM DAT version = 5468
12/19/2008 10:25:31 PM Number of virus signatures in EXTRA.DAT = None
12/19/2008 10:25:31 PM Names of viruses that EXTRA.DAT can detect = None
12/19/2008 11:00:31 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury mbam.exe F:\System Volume Information\_restore{E569EC0B-DED7-4A13-A5A8-D5E9D46839EC}\RP546\A0060820.sys Generic BackDoor (Trojan)
12/19/2008 11:00:52 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury mbam.exe F:\System Volume Information\_restore{E569EC0B-DED7-4A13-A5A8-D5E9D46839EC}\RP549\A0062130.dll Vundo (Trojan)

12/20/2008 1:37:35 AM Statistics:
12/20/2008 1:37:35 AM Files scanned: 76335
12/20/2008 1:37:35 AM Files detected: 2
12/20/2008 1:37:35 AM Files cleaned: 0
12/20/2008 1:37:35 AM Files deleted: 2
12/20/2008 1:37:35 AM Files moved: 0
12/20/2008 1:41:11 AM Engine version = 5.3.00
12/20/2008 1:41:11 AM DAT version = 5468
12/20/2008 1:41:11 AM Number of virus signatures in EXTRA.DAT = None
12/20/2008 1:41:11 AM Names of viruses that EXTRA.DAT can detect = None

12/20/2008 3:05:40 AM Statistics:
12/20/2008 3:05:40 AM Files scanned: 32845
12/20/2008 3:05:40 AM Files detected: 0
12/20/2008 3:05:40 AM Files cleaned: 0
12/20/2008 3:05:40 AM Files deleted: 0
12/20/2008 3:05:40 AM Files moved: 0
12/20/2008 3:09:47 AM Engine version = 5.3.00
12/20/2008 3:09:47 AM DAT version = 5468
12/20/2008 3:09:47 AM Number of virus signatures in EXTRA.DAT = None
12/20/2008 3:09:47 AM Names of viruses that EXTRA.DAT can detect = None

12/20/2008 10:40:58 AM Statistics:
12/20/2008 10:40:58 AM Files scanned: 16104
12/20/2008 10:40:58 AM Files detected: 0
12/20/2008 10:40:58 AM Files cleaned: 0
12/20/2008 10:40:58 AM Files deleted: 0
12/20/2008 10:40:58 AM Files moved: 0
12/20/2008 10:44:30 AM Engine version = 5.3.00
12/20/2008 10:44:30 AM DAT version = 5468
12/20/2008 10:44:30 AM Number of virus signatures in EXTRA.DAT = None
12/20/2008 10:44:30 AM Names of viruses that EXTRA.DAT can detect = None

12/20/2008 10:48:50 AM Statistics:
12/20/2008 10:48:50 AM Files scanned: 501
12/20/2008 10:48:50 AM Files detected: 0
12/20/2008 10:48:50 AM Files cleaned: 0
12/20/2008 10:48:50 AM Files deleted: 0
12/20/2008 10:48:50 AM Files moved: 0
12/21/2008 2:41:25 PM Engine version = 5.3.00
12/21/2008 2:41:25 PM DAT version = 5468
12/21/2008 2:41:25 PM Number of virus signatures in EXTRA.DAT = None
12/21/2008 2:41:25 PM Names of viruses that EXTRA.DAT can detect = None
12/21/2008 2:44:59 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury SDFix.exe F:\SDFix\catchme.exe Generic.dx (Trojan)
12/21/2008 2:44:59 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury SDFix.exe F:\SDFix\apps\Cghtme.exe Generic.dx (Trojan)

12/21/2008 2:47:02 PM Statistics:
12/21/2008 2:47:02 PM Files scanned: 1604
12/21/2008 2:47:02 PM Files detected: 2
12/21/2008 2:47:02 PM Files cleaned: 0
12/21/2008 2:47:02 PM Files deleted: 2
12/21/2008 2:47:02 PM Files moved: 0
12/21/2008 3:07:01 PM Engine version = 5.3.00
12/21/2008 3:07:01 PM DAT version = 5468
12/21/2008 3:07:01 PM Number of virus signatures in EXTRA.DAT = None
12/21/2008 3:07:01 PM Names of viruses that EXTRA.DAT can detect = None
12/21/2008 3:07:51 PM Cleaned F:\SDFix\apps\Cghtme.exe Generic.dx (Trojan)
12/21/2008 3:44:24 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury mbam.exe F:\SDFix\catchme.exe Generic.dx (Trojan)

12/21/2008 6:14:24 PM Statistics:
12/21/2008 6:14:24 PM Files scanned: 79170
12/21/2008 6:14:24 PM Files detected: 2
12/21/2008 6:14:24 PM Files cleaned: 0
12/21/2008 6:14:24 PM Files deleted: 1
12/21/2008 6:14:24 PM Files moved: 0
12/22/2008 9:46:03 AM Engine version = 5.3.00
12/22/2008 9:46:03 AM DAT version = 5468
12/22/2008 9:46:03 AM Number of virus signatures in EXTRA.DAT = None
12/22/2008 9:46:03 AM Names of viruses that EXTRA.DAT can detect = None

12/22/2008 9:53:31 AM Statistics:
12/22/2008 9:53:31 AM Files scanned: 1006
12/22/2008 9:53:31 AM Files detected: 0
12/22/2008 9:53:31 AM Files cleaned: 0
12/22/2008 9:53:31 AM Files deleted: 0
12/22/2008 9:53:31 AM Files moved: 0
12/22/2008 9:57:06 AM Engine version = 5.3.00
12/22/2008 9:57:06 AM DAT version = 5468
12/22/2008 9:57:06 AM Number of virus signatures in EXTRA.DAT = None
12/22/2008 9:57:06 AM Names of viruses that EXTRA.DAT can detect = None
12/22/2008 10:42:58 AM Deleted NT AUTHORITY\SYSTEM svchost.exe F:\System Volume Information\_restore{E569EC0B-DED7-4A13-A5A8-D5E9D46839EC}\RP563\A0069425.exe Generic.dx (Trojan)
12/22/2008 11:30:25 AM Deleted NT AUTHORITY\SYSTEM svchost.exe F:\System Volume Information\_restore{E569EC0B-DED7-4A13-A5A8-D5E9D46839EC}\RP563\A0069434.exe Generic.dx (Trojan)

12/23/2008 1:44:31 AM Statistics:
12/23/2008 1:44:31 AM Files scanned: 12580
12/23/2008 1:44:31 AM Files detected: 2
12/23/2008 1:44:31 AM Files cleaned: 0
12/23/2008 1:44:31 AM Files deleted: 2
12/23/2008 1:44:31 AM Files moved: 0
12/23/2008 1:46:59 AM Engine version = 5.3.00
12/23/2008 1:46:59 AM DAT version = 5468
12/23/2008 1:46:59 AM Number of virus signatures in EXTRA.DAT = None
12/23/2008 1:46:59 AM Names of viruses that EXTRA.DAT can detect = None
12/23/2008 2:05:04 AM Engine version = 5.3.00
12/23/2008 2:05:04 AM DAT version = 5472
12/23/2008 2:05:04 AM Number of virus signatures in EXTRA.DAT = None
12/23/2008 2:05:04 AM Names of viruses that EXTRA.DAT can detect = None

12/23/2008 2:08:13 AM Statistics:
12/23/2008 2:08:13 AM Files scanned: 7127
12/23/2008 2:08:13 AM Files detected: 0
12/23/2008 2:08:13 AM Files cleaned: 0
12/23/2008 2:08:13 AM Files deleted: 0
12/23/2008 2:08:13 AM Files moved: 0
12/23/2008 2:11:58 AM Engine version = 5.3.00
12/23/2008 2:11:58 AM DAT version = 5472
12/23/2008 2:11:58 AM Number of virus signatures in EXTRA.DAT = None
12/23/2008 2:11:58 AM Names of viruses that EXTRA.DAT can detect = None

12/23/2008 2:14:43 AM Statistics:
12/23/2008 2:14:43 AM Files scanned: 553
12/23/2008 2:14:43 AM Files detected: 0
12/23/2008 2:14:43 AM Files cleaned: 0
12/23/2008 2:14:43 AM Files deleted: 0
12/23/2008 2:14:43 AM Files moved: 0
12/23/2008 10:52:43 AM Engine version = 5.3.00
12/23/2008 10:52:43 AM DAT version = 5472
12/23/2008 10:52:43 AM Number of virus signatures in EXTRA.DAT = None
12/23/2008 10:52:43 AM Names of viruses that EXTRA.DAT can detect = None

12/23/2008 10:59:10 AM Statistics:
12/23/2008 10:59:10 AM Files scanned: 742
12/23/2008 10:59:10 AM Files detected: 0
12/23/2008 10:59:10 AM Files cleaned: 0
12/23/2008 10:59:10 AM Files deleted: 0
12/23/2008 10:59:10 AM Files moved: 0
12/23/2008 11:03:21 AM Engine version = 5.3.00
12/23/2008 11:03:21 AM DAT version = 5472
12/23/2008 11:03:21 AM Number of virus signatures in EXTRA.DAT = None
12/23/2008 11:03:21 AM Names of viruses that EXTRA.DAT can detect = None

12/23/2008 11:09:50 AM Statistics:
12/23/2008 11:09:50 AM Files scanned: 870
12/23/2008 11:09:50 AM Files detected: 0
12/23/2008 11:09:50 AM Files cleaned: 0
12/23/2008 11:09:50 AM Files deleted: 0
12/23/2008 11:09:50 AM Files moved: 0
12/23/2008 11:12:09 AM Engine version = 5.3.00
12/23/2008 11:12:09 AM DAT version = 5472
12/23/2008 11:12:09 AM Number of virus signatures in EXTRA.DAT = None
12/23/2008 11:12:09 AM Names of viruses that EXTRA.DAT can detect = None
12/23/2008 1:24:51 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury mbam.exe F:\C_DIR\exmucmf.exe Generic Dropper.bw (Trojan)
12/23/2008 1:53:39 PM Deleted CHANDRANSU-NEW\Chandransu Choudhury mbam.exe F:\System Volume Information\_restore{E569EC0B-DED7-4A13-A5A8-D5E9D46839EC}\RP1\A0000014.exe Generic Dropper.bw (Trojan)

I did disabled and enabled system restore before anti-virus prompted this...

Let me know what I need to do next.

Thanks,
-CC

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:09 PM

Posted 24 December 2008 - 10:19 AM

Before I posted the message I moved all files from c:\ to C_DIR and formatted the C:\.

I'm not sure what this accomplished. You just moved any infected files to a different location.


Disable System Restore and keep it disabled.
Run a virus scan and remove whatever it finds.
Then re-enable System Restore.


How is your computer behaving?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 nasatopgun

nasatopgun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 25 December 2008 - 04:23 PM

Hi Sam,

both the c: and F: drives had my pictures and images etc. I copied them to an external hard drive and was cleaning the c: so that I could keep all my persona content on C:. I was in the process of re-installing windows on my machine.

Anyways: Here is the log from the anti-virus. I haven't started my system restore yet:

12/24/2008 10:16:07 AM Engine version =5300
12/24/2008 10:16:07 AM DAT version =5473
12/24/2008 10:16:07 AM Number of virus signatures in EXTRA.DAT =None
12/24/2008 10:16:07 AM Names of viruses that EXTRA.DAT can detect =None
12/24/2008 10:16:03 AM Scan Started CHANDRANSU-NEW\Chandransu Choudhury NewRun
12/24/2008 10:28:46 AM Not scanned (The file is encrypted) f:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchPixieBar.zip\sbRecovery.reg
12/24/2008 10:32:30 AM Not scanned (The file is encrypted) f:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-13-2008 - 13-14-09.SBU\{05283913-8FB1-47D9-B073-F1DC14742BD6}
12/24/2008 10:32:31 AM Not scanned (The file is encrypted) f:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-13-2008 - 13-41-39.SBU\{8F545962-EB34-4F0B-B85C-55CB204C128C}
12/24/2008 10:32:31 AM Not scanned (The file is encrypted) f:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-13-2008 - 22-44-25.SBU\{95AD8F61-0EBB-4600-9DC2-C5EFC0FD175E}
12/24/2008 10:32:31 AM Not scanned (The file is encrypted) f:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-13-2008 - 23-57-15.SBU\backup.db
12/24/2008 10:32:31 AM Not scanned (The file is encrypted) f:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-18-2008 - 00-31-34.SBU\backup.db
12/24/2008 10:32:32 AM Not scanned (The file is encrypted) f:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-18-2008 - 23-43-35.SBU\backup.db
12/24/2008 10:32:32 AM Not scanned (The file is encrypted) f:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-19-2008 - 08-58-55.SBU\backup.db
12/24/2008 10:32:32 AM Not scanned (The file is encrypted) f:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-19-2008 - 22-23-00.SBU\backup.db
12/24/2008 10:32:32 AM Not scanned (The file is encrypted) f:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-20-2008 - 10-40-23.SBU\{767690B8-B282-4D20-854C-CB9FB9D54885}
12/24/2008 10:32:33 AM Not scanned (The file is encrypted) f:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-21-2008 - 18-13-34.SBU\backup.db
12/24/2008 10:32:33 AM Not scanned (The file is encrypted) f:\Documents and Settings\Chandransu Choudhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-23-2008 - 11-55-58.SBU\{B30D47B0-2AC6-4296-B043-2E48183023F8}
12/24/2008 11:43:07 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080218100027.zip\0
12/24/2008 11:43:08 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080220024841.zip\0
12/24/2008 11:43:08 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080224220343.zip\0
12/24/2008 11:43:08 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080309023332.zip\0
12/24/2008 11:43:08 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080329181335.zip\0
12/24/2008 11:43:08 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080412041907.zip\0
12/24/2008 11:43:08 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080607233058.zip\0
12/24/2008 11:43:08 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080612053232.zip\0
12/24/2008 11:43:09 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080618042222.zip\0
12/24/2008 11:43:09 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080628191053.zip\0
12/24/2008 11:43:09 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080909070258.zip\0
12/24/2008 11:43:09 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080909071717.zip\0
12/24/2008 11:43:09 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080914041312.zip\0
12/24/2008 11:43:09 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20080922051830.zip\0
12/24/2008 11:43:09 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20081116073408.zip\0
12/24/2008 11:43:09 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20081128053327.zip\0
12/24/2008 11:43:09 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20081213073641.zip\0
12/24/2008 11:43:10 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20081213110402.zip\0
12/24/2008 11:43:10 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20081213112538.zip\0
12/24/2008 11:43:10 AM Not scanned (The file is encrypted) f:\Program Files\CA Yahoo! Anti-Spy\Quarantine\20081213123136.zip\0
12/24/2008 12:11:38 PM Deleted f:\Qoobox\Quarantine\F\WINDOWS\system32\urqQklKd.dll.vir Vundo(Trojan)
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Scan Summary
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Processes scanned : 53
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Processes detected : 0
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Processes cleaned : 0
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Boot sectors scanned : 3
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Boot sectors detected: 0
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Boot sectors cleaned : 0
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Files scanned : 70813
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Files with detections: 1
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury File detections : 1
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Files cleaned : 0
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Files moved : 0
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Files deleted : 1
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Files not scanned : 35
12/24/2008 1:36:03 PM Scan Summary CHANDRANSU-NEW\Chandransu Choudhury Run time : 3:20:00
12/24/2008 1:36:03 PM Scan Complete CHANDRANSU-NEW\Chandransu Choudhury NewRun

My machine is ok. However, I am not sure if all the worms,trojans etc. are completely gone.

The MalwareByte's and SuperAntiSpyware doesn't identify any infected files, registry items etc.

Thanks,
-CC

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:09 PM

Posted 25 December 2008 - 07:15 PM

That scan comes up clean. If your other scans are coming up clean also that's a good indicator.
I would just use the computer as you normally would for a couple and see how it behaves. Let me know how things seem to be working for you and we'll pick it up from there.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 nasatopgun

nasatopgun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 28 December 2008 - 07:00 PM

Hi Sam,

Thanks Much!

Let me start using and then see. Hey BTW, the StopZilla scan shows SDFix anf RSIT as Trojans. It aslo idnetfied another Trojan in the Registry called Conhook.AG under hkey\software\microsoft\windows\currentversion\explorer\browsersettings

Is there a way to clean this? Neither MalwareByte's nor Superantispyware could detect this.

Please let me know

Regards,
-CC

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:09 PM

Posted 29 December 2008 - 09:36 AM

I've never been a big fan of Stopzilla, too many false positives. SDFix and RSIT can just be deleted now that we're done with them. They're not infected. As far as the registry entry that it detected, it can't remove it?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 nasatopgun

nasatopgun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 30 December 2008 - 05:51 AM

Thanks!!!

I haven't purchased the StopZilla. Not sure how I can delete the registry entry. None of the other anti-virus, anti-spywar able to identify the same.

Anyways, let me do some more research.

Regards,
-CC

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:09 PM

Posted 30 December 2008 - 10:48 AM

I don't think it's anything that you need to be real concerned about, but if you post here exactly what Stopzilla is finding we can remove it manually.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 nasatopgun

nasatopgun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 31 December 2008 - 01:24 AM

Hi Sam,

Attached is the image of StopZilla scan results.
I was not able to find the log file or the registry id from the scan.

Let me if this can be removed using OTMoveIt3.

Regards
-CC

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users