Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches redirected


  • This topic is locked This topic is locked
9 replies to this topic

#1 shadhawke

shadhawke

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 12 February 2009 - 12:58 AM

When I click on the results of a google search, the site I am directed to is not the correct page. It is usually some other random obscure search engine or website. Once, it was the Chinese Sex Museum website!! I have run AVG, avast!, Malwarebytes Anti-Malware, Spybot and Super Anti Spyware. They all come up clean. I'm fairly useful with computers, but I'm at a loss. I tried Hijack This, but I decided to stop and ask for help before I damage something beyond repair. I've already reinstalled my OS once. I really don't want to do it again. Thanks for any help I can get.

Attached Files



BC AdBot (Login to Remove)

 


#2 shadhawke

shadhawke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 15 February 2009 - 01:20 AM

Here is the DDS.txt file.

Attached Files

  • Attached File  DDS.txt   20.66KB   7 downloads


#3 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:38 AM

Posted 20 February 2009 - 12:06 PM

Hello shadhawke :thumbup2: Welcome to the BC HijackThis Log and Analysis forum. I apologize for the delay however we are all volunteers and it gets very busy around here. I will be assisting you from here on out.


I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.







Please perform the following:



Do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.









Please do not post this as an attachment but rather put it in the window. I will be reposting one of your logs in another post after this one. The reason for this is it makes it easier for us to study them.


I also need to know if one of the sites you are being redirected to is goored.com. You can also advise me if you remember the names of any other sites you are being sent to.


Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:38 AM

Posted 20 February 2009 - 12:08 PM

DDS (Ver_09-02-01.01) - NTFSx86
Run by Tim at 21:47:13.87 on Wed 02/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.834 [GMT -8:00]

AV: avast! antivirus 4.8.1335 [VPS 090211-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ltmsg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Tim\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Tim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mStart Page = hxxp://www.yahoo.com
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F02FABCB-92DD-475A-98AF-14217BD50746} - No File
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SansaDispatch] c:\documents and settings\tim\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LTWinModem1] ltmsg.exe 9
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [EPSON Stylus Photo R340 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AudioHQ] c:\program files\creative\sblive\audiohq\AHQTB.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195984140281
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196013506500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\7bsjwg0x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-29 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-1-29 353680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-29 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-29 138680]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-29 352920]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S0 cnkzjhtw;cnkzjhtw;c:\windows\system32\drivers\mbefayfj.sys --> c:\windows\system32\drivers\mbefayfj.sys [?]
S0 iomgndhc;iomgndhc;c:\windows\system32\drivers\amhfhjik.sys --> c:\windows\system32\drivers\amhfhjik.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-29 254040]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S4 UMNDEOA;UMNDEOA;c:\docume~1\tim\locals~1\temp\umndeoa.exe --> c:\docume~1\tim\locals~1\temp\UMNDEOA.exe [?]

=============== Created Last 30 ================

2009-02-11 21:38 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0
2009-02-11 19:47 16,516 a------- c:\windows\system32\BMXStateBkp-{00000002-00000000-00000008-00001102-00000002-80221102}.rfx
2009-02-11 19:47 16,516 a------- c:\windows\system32\BMXState-{00000002-00000000-00000008-00001102-00000002-80221102}.rfx
2009-02-11 19:47 24 a------- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000008-00001102-00000002-80221102}.dat
2009-02-11 19:47 24 a------- c:\windows\system32\DVCState-{00000002-00000000-00000008-00001102-00000002-80221102}.dat
2009-02-11 19:12 3,373,917 a------- c:\windows\{00000002-00000000-00000008-00001102-00000002-80221102}.BAK
2009-02-11 19:12 3,373,917 a------- c:\windows\{00000002-00000000-00000008-00001102-00000002-80221102}.CDF
2009-02-11 19:11 25,200 a------- c:\windows\system32\BMXCtrlState-{00000002-00000000-00000008-00001102-00000002-80221102}.rfx
2009-02-11 19:11 25,200 a------- c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000008-00001102-00000002-80221102}.rfx
2009-02-11 19:10 90,112 -------- c:\windows\Updreg.EXE
2009-02-11 19:10 84,992 -------- c:\windows\system32\SFCVRT32.DLL
2009-02-11 19:10 53,552 -------- c:\windows\CTCCW.DLL
2009-02-11 19:10 24,976 -------- c:\windows\CTRES.DLL
2009-02-11 19:10 231 -------- c:\windows\AC3API.INI
2009-02-11 19:10 1,048,576 -------- c:\windows\system32\SFMAN.DAT
2009-02-11 19:10 82,432 -------- c:\windows\system32\CTWFLT32.DLL
2009-02-11 19:10 26,768 -------- c:\windows\system32\CTL3D.DLL
2009-02-11 16:30 715 a------- c:\windows\aolback.exe.lnk
2009-02-11 16:30 <DIR> --d----- c:\program files\common files\aolback
2009-02-11 16:29 <DIR> --d----- c:\program files\Viewpoint
2009-02-11 16:29 1,499,136 a------- c:\windows\system32\shdocvw.bak
2009-02-11 16:29 <DIR> --d----- C:\My Music
2009-02-11 16:28 <DIR> --d----- c:\program files\common files\Real
2009-02-08 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-08 21:47 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-08 21:47 <DIR> --d----- c:\docume~1\tim\applic~1\SUPERAntiSpyware.com
2009-02-04 20:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-04 20:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 20:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-03 16:10 188,960 a------- c:\windows\system32\WINGDE.DLL
2009-02-03 16:10 92,208 a------- c:\windows\system32\WING.DLL
2009-02-03 16:10 12,800 a------- c:\windows\system32\WING32.DLL
2009-02-03 16:10 6,736 a------- c:\windows\system32\WINGDIB.DRV
2009-02-03 16:10 5,024 a------- c:\windows\system32\WINGPAL.WND
2009-02-03 16:10 200,192 a------- c:\windows\RRM46.pls
2009-02-03 16:08 <DIR> --d----- c:\program files\Connection Wizard
2009-02-02 16:56 <DIR> --d----- c:\documents and settings\tim\My Documentsffg
2009-01-29 21:51 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-01-29 21:02 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-01-29 21:02 1,080 a------- c:\windows\system32\settings.sfm
2009-01-29 21:00 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-01-29 21:00 <DIR> --d----- c:\program files\Zone Labs
2009-01-29 21:00 348,371 a------- c:\windows\system32\vsconfig.xml
2009-01-29 20:51 149,504 -------- c:\windows\system32\MFCANS32.DLL
2009-01-29 20:51 108,032 -------- c:\windows\system32\MFCUIA32.DLL
2009-01-29 20:51 <DIR> --d----- c:\windows\system32\Defaults
2009-01-29 20:50 <DIR> --d----- c:\windows\system32\Data
2009-01-29 19:18 <DIR> --d----- c:\docume~1\tim\applic~1\DAEMON Tools Pro
2009-01-29 19:17 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-01-29 19:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-01-29 18:39 <DIR> --d----- c:\docume~1\tim\applic~1\DAEMON Tools Lite
2009-01-28 20:27 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-01-28 20:27 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-28 20:27 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-28 20:27 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-28 20:27 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-28 20:19 <DIR> --d----- c:\program files\Microsoft
2009-01-28 20:09 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-28 20:08 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-28 20:07 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-01-28 20:07 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-28 20:07 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-28 20:07 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-28 20:07 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-28 20:07 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-28 20:07 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-28 20:07 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-01-28 20:06 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-28 20:04 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-28 19:26 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-01-28 19:26 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-01-28 19:26 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-01-28 19:26 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-01-28 19:26 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-28 19:26 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-01-28 19:26 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-01-28 19:26 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-28 19:26 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-01-28 18:51 1,306,624 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-01-28 18:51 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-01-28 18:51 380,416 -------- c:\windows\system32\irprops.cpl
2009-01-28 18:49 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-01-28 18:37 19,569 a------- c:\windows\003586_.tmp
2009-01-28 18:22 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-01-28 18:22 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-01-28 18:22 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-01-28 18:20 99,328 ac------ c:\windows\system32\dllcache\srusd.dll
2009-01-28 18:19 198,144 ac------ c:\windows\system32\dllcache\nv3.sys
2009-01-28 18:18 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-01-28 18:17 455,296 ac------ c:\windows\system32\dllcache\fusbbase.sys
2009-01-28 18:16 27,164 ac------ c:\windows\system32\dllcache\ce3n5.sys
2009-01-27 21:00 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2009-01-27 20:59 480,256 ac------ c:\windows\system32\dllcache\cintsetp.exe
2009-01-27 20:56 65,536 a------- c:\windows\system32\icwphbk.dll
2009-01-27 20:56 73,728 a------- c:\windows\system32\icwdial.dll
2009-01-27 20:56 81,920 a------- c:\windows\system32\isign32.dll
2009-01-27 20:56 274,432 a------- c:\windows\system32\inetcfg.dll
2009-01-27 20:56 40,960 ac------ c:\windows\system32\dllcache\trialoc.dll
2009-01-27 20:56 61,440 ac------ c:\windows\system32\dllcache\icwres.dll
2009-01-27 20:56 73,728 ac------ c:\windows\system32\dllcache\icwtutor.exe
2009-01-27 20:56 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-01-27 20:50 56,320 a------- c:\windows\system32\servdeps.dll
2009-01-27 20:49 141,312 a------- c:\windows\system32\sessmgr.exe
2009-01-27 20:49 147,968 a------- c:\windows\system32\rdchost.dll
2009-01-27 20:49 40,960 ac------ c:\windows\system32\dllcache\tscupgrd.exe
2009-01-27 20:49 40,960 a------- c:\windows\system32\tscupgrd.exe
2009-01-27 20:49 295,424 a------- c:\windows\system32\termsrv.dll
2009-01-27 20:49 87,176 a------- c:\windows\system32\rdpwsx.dll
2009-01-27 20:49 19,968 a------- c:\windows\system32\rdpsnd.dll
2009-01-27 20:49 62,976 a------- c:\windows\system32\rdpclip.exe
2009-01-27 20:49 11,264 a------- c:\windows\system32\icaapi.dll
2009-01-27 20:49 38,912 a------- c:\windows\system32\cfgbkend.dll
2009-01-27 20:49 427,008 a------- c:\windows\system32\msdtcprx.dll
2009-01-27 20:49 625,664 a------- c:\windows\system32\catsrvut.dll
2009-01-27 20:49 1,267,200 a------- c:\windows\system32\comsvcs.dll
2009-01-27 20:47 58,880 a------- c:\windows\system32\licwmi.dll
2009-01-27 20:42 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-01-27 20:42 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-01-27 20:41 60,032 a------- c:\windows\system32\drivers\usbaudio.sys
2009-01-27 20:40 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-01-27 20:38 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-01-27 20:38 <DIR> --d----- c:\windows\NV9801524.TMP
2009-01-27 20:37 607,360 a------- c:\windows\system32\drivers\ltmdmnt.sys
2009-01-27 20:32 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-01-27 20:32 196,224 a------- c:\windows\system32\drivers\rdpdr.sys
2009-01-27 12:22 0 a------- c:\windows\MEMORY.DMP
2009-01-26 21:00 <DIR> --d----- c:\program files\Support Tools
2009-01-26 20:34 2,816 a------- c:\windows\gkokajzv
2009-01-26 17:20 <DIR> --d----- c:\program files\Nick Jr. Arcade
2009-01-24 10:15 2,816 a------- c:\windows\malware.bad
2009-01-24 09:59 <DIR> a-dshr-- C:\cmdcons
2009-01-23 15:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\gamelab
2009-01-23 15:56 <DIR> --d----- c:\program files\LEGO Fever
2009-01-22 16:53 <DIR> --d----- c:\program files\LEGO Software
2009-01-22 07:06 <DIR> --d----- c:\windows\system32\Adobe
2009-01-19 20:55 14,608 a------- c:\windows\system32\iviaspi.sys
2009-01-18 17:41 <DIR> --d----- c:\program files\Microsoft Money 2007
2009-01-18 13:25 <DIR> --d----- c:\docume~1\tim\applic~1\Family Lawyer
2009-01-18 13:23 <DIR> --d----- c:\program files\MySoftware
2009-01-15 17:21 <DIR> --d----- c:\program files\LEGO Company

==================== Find3M ====================

2009-02-10 20:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-29 21:00 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-01-29 18:39 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-01-26 21:00 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-02 21:28 726,008 a------- c:\documents and settings\tim\gotomypc_437.exe
2008-12-22 15:15 413,696 a------- c:\windows\system32\wrap_oal.dll
2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-06 21:25 4,096 a------- c:\windows\d3dx.dat
2008-11-14 14:45 248,344 a------- c:\windows\system32\Prounstl.exe

============= FINISH: 21:47:59.57 ===============
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 shadhawke

shadhawke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 21 February 2009 - 10:59 AM

Here is the Kapersky Log. It came back clean, mostly. I'm pretty sure Mirc isn't a virus. It's just an IRC chat program.
Some of the websites are www.searchclickbut.com, www.portfolio.com, www.blackberry.com, www.search.lycos.com and www.chinesesexmuseum.com. It doesn't happen on every search result. It happens on about every third result that I click on. I appreciate any help you can give me. Thanks. :thumbup2:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, February 21, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, February 21, 2009 02:05:08
Records in database: 1823859
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 152878
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 06:51:39


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

The selected area was scanned.

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:38 AM

Posted 22 February 2009 - 09:59 AM

OK, we can get started now. Let's do the following:



We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy






Please download GooredFix and save it to your Desktop.Please double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.









We need to enable Spybot S&D's "TeaTimer"
Now that we're done with the fix, we should reenable TeaTimer.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click on Posted Image
  • Click on Posted Image
  • Check this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


When completed please provide the following:
  • Gooredfix text
  • Both RSIT logs

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 shadhawke

shadhawke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 22 February 2009 - 05:28 PM

Here is the Goored fix log. It ran really fast.

GooredFix v1.91 by jpshortstuff
Log created at 14:00 on 22/02/2009 running Option #2 (Tim)
Firefox version 3.0.6 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{504E810A-511A-4570-AF9E-53BAD34F90BE}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"


Here is the RSIT logs.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Tim at 2009-02-22 14:01:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 119 GB (76%) free of 156 GB
Total RAM: 1535 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:54 PM, on 2/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ltmsg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Tim\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Money 2007\MNYCoreFiles\mnybbsvc.exe
C:\Documents and Settings\Tim\Desktop\RSIT.exe
C:\Program Files\trend micro\Tim.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Tim\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-57989841-1177238915-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Laura')
O4 - HKUS\S-1-5-21-57989841-1177238915-725345543-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Laura')
O4 - HKUS\S-1-5-21-57989841-1177238915-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Laura')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195984140281
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196013506500
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9372 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
C:\WINDOWS\tasks\NSSstub.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"LTWinModem1"=ltmsg.exe 9 []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"EPSON Stylus Photo R340 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE [2005-04-26 98304]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AudioHQ"=C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE [2000-05-11 205312]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-11-13 981904]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-10 148888]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe [2005-02-25 212992]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"SansaDispatch"=C:\Documents and Settings\Tim\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe [2009-01-02 79872]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-01-15 1830128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108751
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-02-22 14:02:04 ----D---- C:\Program Files\trend micro
2009-02-22 14:01:58 ----D---- C:\rsit
2009-02-15 14:25:50 ----D---- C:\Documents and Settings\Tim\Application Data\Intuit
2009-02-15 14:23:55 ----D---- C:\Program Files\Common Files\AnswerWorks 5.0
2009-02-15 14:18:35 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2009-02-15 14:18:34 ----D---- C:\Program Files\Common Files\Intuit
2009-02-15 14:18:10 ----D---- C:\Program Files\TurboTax
2009-02-11 19:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 19:12:02 ----A---- C:\WINDOWS\{00000002-00000000-00000008-00001102-00000002-80221102}.BAK
2009-02-11 19:10:29 ----N---- C:\WINDOWS\Updreg.EXE
2009-02-11 19:10:28 ----N---- C:\WINDOWS\system32\SFCVRT32.DLL
2009-02-11 19:10:28 ----N---- C:\WINDOWS\CTRES.DLL
2009-02-11 19:10:28 ----N---- C:\WINDOWS\CTCCW.DLL
2009-02-11 19:10:28 ----N---- C:\WINDOWS\AC3API.INI
2009-02-11 19:10:27 ----N---- C:\WINDOWS\system32\CTWFLT32.DLL
2009-02-11 19:10:27 ----N---- C:\WINDOWS\system32\CTL3D.DLL
2009-02-11 19:09:54 ----A---- C:\WINDOWS\system32\Emu10kx.ini
2009-02-11 19:09:54 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-02-11 19:09:54 ----A---- C:\WINDOWS\INRES.DLL
2009-02-11 19:09:52 ----A---- C:\WINDOWS\system32\SFMS32.DLL
2009-02-11 19:09:52 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-02-11 19:09:52 ----A---- C:\WINDOWS\system32\REGPLIB.EXE
2009-02-11 19:09:52 ----A---- C:\WINDOWS\system32\PIAPROXY.DLL
2009-02-11 19:09:52 ----A---- C:\WINDOWS\system32\OPENAL32.DLL
2009-02-11 19:09:52 ----A---- C:\WINDOWS\system32\KILLAPPS.EXE
2009-02-11 19:09:52 ----A---- C:\WINDOWS\system32\KILL.INI
2009-02-11 19:09:52 ----A---- C:\WINDOWS\system32\EAXAC3.DLL
2009-02-11 19:09:52 ----A---- C:\WINDOWS\system32\CTSPKHLP.DLL
2009-02-11 19:09:52 ----A---- C:\WINDOWS\system32\CTSBLFX.DLL
2009-02-11 19:09:52 ----A---- C:\WINDOWS\READREG.EXE
2009-02-11 19:09:52 ----A---- C:\WINDOWS\PSCONV.EXE
2009-02-11 19:09:52 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-02-11 19:09:52 ----A---- C:\WINDOWS\DEVREG.DLL
2009-02-11 19:09:52 ----A---- C:\WINDOWS\CTDCRES.DLL
2009-02-11 19:09:51 ----A---- C:\WINDOWS\system32\CTOSUSER.DLL
2009-02-11 19:09:51 ----A---- C:\WINDOWS\system32\CTHELPER.EXE
2009-02-11 19:09:51 ----A---- C:\WINDOWS\system32\CTEMUPIA.DLL
2009-02-11 19:09:51 ----A---- C:\WINDOWS\system32\CTDPROXY.DLL
2009-02-11 19:09:51 ----A---- C:\WINDOWS\system32\CTDEVCON.DLL
2009-02-11 19:09:51 ----A---- C:\WINDOWS\system32\CTASIO.DLL
2009-02-11 19:09:51 ----A---- C:\WINDOWS\system32\CTAGENT.DLL
2009-02-11 19:09:51 ----A---- C:\WINDOWS\system32\COMMONFX.DLL
2009-02-11 19:09:51 ----A---- C:\WINDOWS\system32\AC3API.DLL
2009-02-11 19:09:51 ----A---- C:\WINDOWS\system32\a3d.dll
2009-02-11 16:30:17 ----A---- C:\WINDOWS\aolback.exe.lnk
2009-02-11 16:30:09 ----D---- C:\Program Files\Common Files\aolback
2009-02-11 16:29:47 ----D---- C:\Program Files\Viewpoint
2009-02-11 16:29:43 ----A---- C:\WINDOWS\system32\shdocvw.bak
2009-02-11 16:29:24 ----D---- C:\My Music
2009-02-11 16:28:55 ----D---- C:\Program Files\Common Files\Real
2009-02-10 20:03:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-10 20:03:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-10 20:03:09 ----A---- C:\WINDOWS\system32\java.exe
2009-02-08 21:48:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-08 21:47:51 ----D---- C:\Program Files\SUPERAntiSpyware
2009-02-08 21:47:51 ----D---- C:\Documents and Settings\Tim\Application Data\SUPERAntiSpyware.com
2009-02-08 20:54:54 ----A---- C:\WINDOWS\SpaceForce - Rogue Universe Setup Log.txt
2009-02-07 09:48:35 ----SHD---- C:\RECYCLER
2009-02-07 08:59:16 ----A---- C:\ComboFix.txt
2009-02-07 08:50:53 ----D---- C:\WINDOWS\temp
2009-02-04 20:27:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-03 16:10:32 ----A---- C:\WINDOWS\system32\WINGDE.DLL
2009-02-03 16:10:32 ----A---- C:\WINDOWS\system32\WING32.DLL
2009-02-03 16:10:32 ----A---- C:\WINDOWS\system32\WING.DLL
2009-02-03 16:08:56 ----D---- C:\Program Files\Connection Wizard
2009-01-29 21:51:30 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-01-29 21:51:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-01-29 21:51:28 ----D---- C:\Program Files\Alwil Software
2009-01-29 21:00:49 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-01-29 21:00:48 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-01-29 21:00:48 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-01-29 21:00:43 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-01-29 21:00:42 ----D---- C:\Program Files\Zone Labs
2009-01-29 21:00:42 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-01-29 21:00:42 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-01-29 21:00:42 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-01-29 21:00:42 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-01-29 20:59:49 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-01-29 20:59:49 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-01-29 20:59:49 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-01-29 20:51:13 ----N---- C:\WINDOWS\system32\MFCUIA32.DLL
2009-01-29 20:51:13 ----N---- C:\WINDOWS\system32\MFCANS32.DLL
2009-01-29 20:51:12 ----D---- C:\WINDOWS\system32\Defaults
2009-01-29 20:50:36 ----D---- C:\WINDOWS\system32\Data
2009-01-29 19:29:49 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-29 19:18:53 ----D---- C:\Documents and Settings\Tim\Application Data\DAEMON Tools Pro
2009-01-29 19:18:53 ----D---- C:\Documents and Settings\Tim\Application Data\DAEMON Tools
2009-01-29 19:17:58 ----D---- C:\Program Files\DAEMON Tools Lite
2009-01-29 19:10:08 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-01-29 18:39:34 ----D---- C:\Documents and Settings\Tim\Application Data\DAEMON Tools Lite
2009-01-28 20:27:11 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-28 20:19:18 ----D---- C:\Program Files\Microsoft
2009-01-28 18:58:57 ----D---- C:\WINDOWS\Prefetch
2009-01-28 18:37:24 ----A---- C:\WINDOWS\003586_.tmp
2009-01-28 18:35:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-27 20:57:53 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-27 20:57:34 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-01-27 20:57:33 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-01-27 20:57:31 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-01-27 20:57:30 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-01-27 20:57:27 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-01-27 20:57:27 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-01-27 20:57:10 ----A---- C:\WINDOWS\system32\inetres.dll
2009-01-27 20:56:58 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-01-27 20:56:57 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-01-27 20:56:55 ----A---- C:\WINDOWS\system32\isign32.dll
2009-01-27 20:56:54 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-01-27 20:52:54 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-01-27 20:52:52 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-01-27 20:52:50 ----A---- C:\WINDOWS\system32\srclient.dll
2009-01-27 20:52:49 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-01-27 20:52:49 ----A---- C:\WINDOWS\system32\msconf.dll
2009-01-27 20:52:49 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-01-27 20:52:49 ----A---- C:\WINDOWS\system32\ils.dll
2009-01-27 20:52:44 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-01-27 20:52:42 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-01-27 20:52:34 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-01-27 20:52:21 ----A---- C:\WINDOWS\system32\SET1C6.tmp
2009-01-27 20:52:21 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-01-27 20:52:21 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-01-27 20:50:28 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-01-27 20:50:26 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-01-27 20:50:23 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-01-27 20:50:20 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-01-27 20:50:18 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-01-27 20:50:15 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-01-27 20:50:11 ----N---- C:\WINDOWS\system32\wuaueng.dll
2009-01-27 20:50:11 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-01-27 20:50:11 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-01-27 20:50:11 ----A---- C:\WINDOWS\system32\spider.exe
2009-01-27 20:50:09 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-01-27 20:50:07 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-01-27 20:50:05 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-01-27 20:50:03 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-01-27 20:50:01 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-01-27 20:49:59 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-01-27 20:49:57 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-01-27 20:49:55 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-01-27 20:49:53 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-01-27 20:49:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-01-27 20:49:30 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-01-27 20:49:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-01-27 20:49:27 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-01-27 20:49:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-01-27 20:49:23 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-01-27 20:49:13 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-01-27 20:49:03 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-01-27 20:47:09 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-01-27 20:40:49 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-01-27 20:38:19 ----D---- C:\WINDOWS\NV9801524.TMP
2009-01-27 20:35:16 ----A---- C:\WINDOWS\pnplog.txt
2009-01-27 20:31:55 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-27 20:31:55 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-27 20:31:54 ----A---- C:\WINDOWS\system32\storprop.dll
2009-01-27 20:31:32 ----RA---- C:\WINDOWS\SETCE.tmp
2009-01-27 20:31:29 ----RA---- C:\WINDOWS\SETB9.tmp
2009-01-27 20:29:31 ----A---- C:\WINDOWS\setuplog.txt
2009-01-26 21:00:57 ----D---- C:\Program Files\Support Tools
2009-01-26 17:20:47 ----D---- C:\Program Files\Nick Jr. Arcade
2009-01-24 10:56:20 ----D---- C:\WINDOWS\Minidump
2009-01-24 09:59:40 ----SH---- C:\Boot.bak
2009-01-24 09:59:35 ----RASHD---- C:\cmdcons
2009-01-24 09:53:15 ----D---- C:\WINDOWS\ERDNT
2009-01-23 22:37:28 ----A---- C:\WINDOWS\system32\0b0c3466-.txt
2009-01-23 15:57:18 ----D---- C:\Documents and Settings\All Users\Application Data\gamelab
2009-01-23 15:56:45 ----D---- C:\Program Files\LEGO Fever

======List of files/folders modified in the last 1 months======

2009-02-22 14:02:04 ----RD---- C:\Program Files
2009-02-22 09:48:56 ----D---- C:\WINDOWS\Internet Logs
2009-02-21 22:39:30 ----D---- C:\WINDOWS\system32\NtmsData
2009-02-21 21:32:20 ----D---- C:\games
2009-02-21 20:54:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-21 20:22:35 ----D---- C:\Program Files\Mozilla Firefox
2009-02-19 14:23:41 ----D---- C:\Program Files\LEGO Software
2009-02-19 14:21:17 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-18 20:42:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-16 07:19:17 ----D---- C:\Program Files\Common Files\SupportSoft
2009-02-16 07:19:16 ----D---- C:\Documents and Settings\Tim\Application Data\Motive
2009-02-16 06:36:22 ----D---- C:\WINDOWS\repair
2009-02-16 06:27:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-15 20:59:37 ----D---- C:\WINDOWS\system32
2009-02-15 20:58:27 ----D---- C:\Documents and Settings\Tim\Application Data\AdobeUM
2009-02-15 15:54:17 ----SHD---- C:\WINDOWS\Installer
2009-02-15 15:54:17 ----SHD---- C:\Config.Msi
2009-02-15 15:03:23 ----RSD---- C:\WINDOWS\assembly
2009-02-15 15:03:20 ----D---- C:\WINDOWS\WinSxS
2009-02-15 14:23:55 ----D---- C:\Program Files\Common Files
2009-02-15 14:21:31 ----RSD---- C:\WINDOWS\Fonts
2009-02-14 21:22:16 ----D---- C:\WINDOWS
2009-02-14 21:19:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-14 21:19:38 ----D---- C:\WINDOWS\system32\drivers
2009-02-14 21:19:37 ----HD---- C:\WINDOWS\inf
2009-02-14 21:19:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-14 11:22:01 ----D---- C:\Program Files\Registry Mechanic
2009-02-11 21:43:46 ----D---- C:\Documents and Settings\Tim\Application Data\Uniblue
2009-02-11 21:43:46 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-02-11 19:44:37 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-11 19:44:34 ----A---- C:\WINDOWS\imsins.BAK
2009-02-11 19:44:24 ----D---- C:\Program Files\Internet Explorer
2009-02-11 19:44:15 ----D---- C:\WINDOWS\ie7updates
2009-02-11 19:20:03 ----D---- C:\repair
2009-02-11 19:14:38 ----D---- C:\Program Files\Real
2009-02-11 19:09:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-11 18:56:19 ----A---- C:\WINDOWS\win.ini
2009-02-11 18:55:59 ----A---- C:\WINDOWS\msoffice.ini
2009-02-11 18:52:31 ----A---- C:\WINDOWS\WININIT.INI
2009-02-11 16:29:44 ----D---- C:\Program Files\Common Files\aol
2009-02-10 20:02:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-08 21:47:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-08 19:12:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-08 13:28:45 ----D---- C:\Program Files\The Learning Company
2009-02-07 21:57:37 ----SHD---- C:\System Volume Information
2009-02-07 21:57:37 ----D---- C:\WINDOWS\system32\Restore
2009-02-07 09:48:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-07 09:03:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-07 08:55:41 ----A---- C:\WINDOWS\system.ini
2009-02-07 08:52:10 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-07 08:52:04 ----D---- C:\WINDOWS\system32\config
2009-02-07 08:49:54 ----D---- C:\WINDOWS\AppPatch
2009-02-07 08:14:56 ----D---- C:\Program Files\FlashGet
2009-02-03 16:58:36 ----D---- C:\Program Files\IBM and Crayola
2009-02-03 15:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-31 14:22:00 ----D---- C:\Documents and Settings\Tim\Application Data\SystemRequirementsLab
2009-01-31 10:36:52 ----D---- C:\Documents and Settings\Tim\Application Data\Adobe
2009-01-29 21:00:53 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-01-29 20:58:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-29 19:29:26 ----D---- C:\Program Files\Windows Media Player
2009-01-29 18:56:19 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2009-01-29 06:39:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-28 21:51:46 ----D---- C:\WINDOWS\system32\wbem
2009-01-28 20:40:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-28 20:28:50 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-28 20:28:46 ----D---- C:\WINDOWS\system32\en-US
2009-01-28 20:19:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-28 20:16:51 ----D---- C:\Program Files\Messenger
2009-01-28 19:35:37 ----D---- C:\WINDOWS\Help
2009-01-28 19:32:37 ----HDC---- C:\WINDOWS\ie7
2009-01-28 19:14:11 ----D---- C:\WINDOWS\Debug
2009-01-28 19:13:03 ----D---- C:\WINDOWS\security
2009-01-28 18:59:52 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-28 18:59:50 ----D---- C:\WINDOWS\system32\Com
2009-01-28 18:57:57 ----D---- C:\WINDOWS\system32\Setup
2009-01-28 18:52:46 ----RASH---- C:\boot.ini
2009-01-28 18:51:06 ----D---- C:\WINDOWS\ime
2009-01-28 18:49:59 ----D---- C:\WINDOWS\system32\npp
2009-01-28 18:49:59 ----D---- C:\WINDOWS\mui
2009-01-28 18:49:59 ----D---- C:\Program Files\Movie Maker
2009-01-28 18:49:58 ----D---- C:\WINDOWS\srchasst
2009-01-28 18:49:58 ----D---- C:\WINDOWS\msagent
2009-01-28 18:49:57 ----D---- C:\Program Files\NetMeeting
2009-01-28 18:49:56 ----D---- C:\Program Files\Windows NT
2009-01-28 18:49:56 ----D---- C:\Program Files\Outlook Express
2009-01-28 18:49:55 ----D---- C:\Program Files\Common Files\System
2009-01-28 18:49:48 ----D---- C:\WINDOWS\system32\usmt
2009-01-28 18:49:48 ----D---- C:\WINDOWS\system32\oobe
2009-01-28 18:49:47 ----D---- C:\WINDOWS\system
2009-01-28 18:49:06 ----RD---- C:\WINDOWS\Web
2009-01-28 18:48:54 ----RASH---- C:\NTDETECT.COM
2009-01-28 18:35:24 ----D---- C:\WINDOWS\EHome
2009-01-27 21:05:14 ----D---- C:\WINDOWS\nview
2009-01-27 20:58:34 ----D---- C:\WINDOWS\system32\ias
2009-01-27 20:57:58 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-27 20:57:47 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-27 20:31:46 ----SH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-27 12:24:43 ----D---- C:\WINDOWS\Media
2009-01-27 12:24:39 ----D---- C:\WINDOWS\twain_32
2009-01-27 12:24:15 ----D---- C:\WINDOWS\system32\icsxml
2009-01-27 12:23:31 ----D---- C:\WINDOWS\system32\1033
2009-01-27 12:22:02 ----D---- C:\WINDOWS\Driver Cache
2009-01-24 12:15:05 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-11-13 353680]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 emu10k;Creative SB Live! Value (WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2002-03-12 777984]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-11-07 7168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmxp.sys [2001-12-04 659905]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-05-09 31680]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 msqpdxserv.sys;msqpdxserv.sys; C:\WINDOWS\system32\drivers\msqpdxlixxujdk.sys []
S3 a3kxzzzc;a3kxzzzc; C:\WINDOWS\system32\drivers\a3kxzzzc.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
S3 PciCon;PciCon; \??\E:\PciCon.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2002-08-29 30208]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-11-13 2405776]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UMNDEOA;UMNDEOA; C:\DOCUME~1\Tim\LOCALS~1\Temp\UMNDEOA.exe []

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-02-22 14:06:02

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adventures in Typing with Timon and Pumbaa-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1D8269-A50C-4C1E-88D6-1B6E1320FEE8}\setup.exe" -l0x9 Adventures in Typing with Timon and Pumbaa
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arthur's Pet Chase-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Arthur\Arthur's Pet Chase\Uninstall.xml"
AudioHQ-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bob the Builder Can Do Zoo - 1.01-->"C:\games\Bob the Builder Can Do Zoo - 1.01\Uninstall.exe" "C:\games\Bob the Builder Can Do Zoo - 1.01\install.log" -u
BS Hacker Unlimited (remove only)-->"C:\games\BS Hacker Unlimited\Uninstall.exe"
Caillou® Magic Playhouse™-->C:\Program Files\The Learning Company\Caillou® Magic Playhouse™\uninstall.exe
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Chutes and Ladders-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\Chutes\DeIsL1.isu"
Clifford Phonics-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}\Setup.exe" -l0x9
clrmamepro-->d:\clrmamepro\uninstall.exe
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative Surround Mixer-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SurMixer.isu"
DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
Disney's Winnie the Pooh Preschool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09E26120-0322-11D5-B231-0050DACD394D}\setup.exe" Uninstall
Dora's Carnival 2: Boardwalk Adventure-->C:\PROGRA~1\NICKJR~1.ARC\DORA'S~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\DORA'S~1\INSTALL.LOG
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVDXCopy Xpress 3.0.0-->"C:\Program Files\321Studios\Xpress\uninstall.exe"
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON SPR340 User's Guide-->C:\Program Files\epson\guide\spr340_e\uninstall.exe
Fisher-Price® - Discovery Farm-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Fisher-Price\FPFarm\DeIsL1.isu"
Fisher-Price® - Toddler-->C:\WINDOWS\UNINST.EXE
Fisher-Price® Ready for Preschool-->C:\WINDOWS\uninst.exe -fC:\Preschool\DeIsL1.isu
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
GetDataBack for NTFS-->"d:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "d:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u
Go, Diego, Go!: Safari Rescue-->C:\PROGRA~1\NICKJR~1.ARC\GO_DIE~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\GO_DIE~1\INSTALL.LOG
Green Eggs and Ham-->C:\WINDOWS\uninst.exe -fC:\Lvg_Bks\DeIsL1.isu
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Icewind Dale II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{588C135F-0B15-4A02-8F2D-04697BE2904E}\setup.exe" -l0x9
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
InstallShield Tuner 6.0.1 For Adobe Acrobat-->MsiExec.exe /X{E32FC3D8-D106-425E-9F9E-8BE6E2E79AC9}
Intel® Network Connections 13.4.22.0-->MsiExec.exe /i{999104C6-AC4B-43D3-B8E2-125C0EEA9A71} ARPREMOVE=1
Java™ 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JumpStart Numbers-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSNumberUn.exe
Kid Phonics-->C:\WINDOWS\UnKid.exe
LEGO Fever (remove only)-->"C:\Program Files\LEGO Fever\Uninstall.exe"
Little People® Discovery Airport-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\FPAirportUn.exe
Lucent Win Modem-->C:\WINDOWS\system32\ltremove.exe -s
Magic 3D Coloring Book Amazing Animals-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM and Crayola\Amazing Animals\Uninst.isu"
Magic 3D Coloring Book-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM and Crayola\Magic 3D\Uninst.isu"
Magic ISO Maker v5.5 (build 0261)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Make A Masterpiece™-->C:\WINDOWS\uninst.exe -f"C:\Program Files\IBM and Crayola\Make A Masterpiece\DeIsL1.isu"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matrix-ks-->"C:\Program Files\KellySoftware\Matrix-ks\Uninstall.exe" "C:\Program Files\KellySoftware\Matrix-ks\install.log"
Meet Blue's Baby Brother-->C:\PROGRA~1\NICKJR~1.ARC\MEETBL~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\MEETBL~1\INSTALL.LOG
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Money 2007-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MyAttorney Home And Business-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}
Nero PhotoShow Express-->"C:\Program Files\Nero\data\Xtras\Uninstall.exe"
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NetZero For Riverdeep-->MsiExec.exe /X{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}
NVIDIA Drivers-->C:\WINDOWS\System32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.29-->MsiExec.exe /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Operation-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\Operation\DeIsL1.isu"
Pajama Sam Life is Rough When You Lose Your Stuff-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{56C632F1-E684-4033-8390-1C39A1719B01}
Pdf995 (installed by TaxCut)-->C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut)-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Reader Rabbit Math Ages 4-6-->C:\Program Files\The Learning Company\Reader Rabbit Math Ages 4-6\uninstal.exe
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Sanse Playlister Ver1.5-->"C:\Program Files\Sanse Playlister\unins000.exe"
Scholastic's I SPY Junior-->C:\PROGRA~1\SCHOLA~1\ISPYJU~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYJU~1\INSTALL.LOG
ScummVM 0.11.1-->"d:\ScummVM\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
Sound Blaster Live! Web 2K/XP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
Space Hack (remove only)-->"C:\games\SpaceHack\Uninstall.exe"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stamp ID3 Tag Editor-->C:\Program Files\NCH Swift Sound\Stamp\uninst.exe
Strong Bad - Strong Bad Episode 1 - Homestar Ruiner-->C:\Games\Strong Bad\Uninstall Episode 1 - Homestar Ruiner.exe
Summoner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E6D0C78E-11C1-11D5-AAC7-006008A1F6E4}\setup.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TaxCut California 2007-->MsiExec.exe /X{5FF4A578-4588-4ACF-8317-7191FC45F3E1}
TaxCut Premium + State 2007-->MsiExec.exe /X{663E217E-FC26-4249-9E8E-F190CD63E737}
The Cat in the Hat-->C:\WINDOWS\uninst.exe -fc:\lvg_bks\DeIsL2.isu
The Print Shop 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DD1FE66-5536-41E3-B786-70068887B3F4}\setup.exe" anything
Tonka Search and Rescue-->C:\HASBRO\TONKA_SR\SR_DEL95.EXE
TONKA TOWN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73C7AD71-747F-4CCF-BD37-E3AE7C532C99}\SETUP.EXE" -l0x9
TurboTax 2008 wcaiper-->MsiExec.exe /I{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM-->MsiExec.exe /I{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 MFC (x86) WinSXS MSM-->MsiExec.exe /I{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM-->MsiExec.exe /I{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Support Tools-->MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090220-0]
FW: ZoneAlarm Firewall

System event log

Computer Name: HAL
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
gkokajzv

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090127153734.000000-480
Event Type: error
User:

Computer Name: HAL
Event Code: 5
Message: Adapter Intel® PRO/100 M Network Connection: Adapter Link Up

Record Number: 4
Source Name: E100B
Time Written: 20090127153713.000000-480
Event Type: information
User:

Computer Name: HAL
Event Code: 1001
Message: The computer has rebooted from a bugcheck. The bugcheck was:
0x10000050 (0xe67fe000, 0x00000000, 0xf767c8d6, 0x00000001).
A dump was saved in: C:\WINDOWS\Minidump\Mini012709-01.dmp.

Record Number: 3
Source Name: Save Dump
Time Written: 20090127153659.000000-480
Event Type: information
User:

Computer Name: HAL
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20090127153656.000000-480
Event Type: information
User:

Computer Name: HAL
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090127153656.000000-480
Event Type: information
User:

Application event log

Computer Name: HAL
Event Code: 0
Message:
Record Number: 7725
Source Name: MSCamSvc
Time Written: 20090129210355.000000-480
Event Type: information
User:

Computer Name: HAL
Event Code: 0
Message:
Record Number: 7724
Source Name: MSCamSvc
Time Written: 20090129210355.000000-480
Event Type: information
User:

Computer Name: HAL
Event Code: 11728
Message: Product: VC 9.0 Runtime -- Configuration completed successfully.

Record Number: 7723
Source Name: MsiInstaller
Time Written: 20090129205949.000000-480
Event Type: information
User: HAL\Tim

Computer Name: HAL
Event Code: 302
Message: MsnMsgr (3412) \\.\C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Messenger\jarvistim@aol.com\SharingMetadata\Working\database_7E00_3033_2F_F0B7\dfsr.db: The database engine has successfully completed recovery steps.

Record Number: 7722
Source Name: ESENT
Time Written: 20090129205409.000000-480
Event Type: information
User:

Computer Name: HAL
Event Code: 301
Message: MsnMsgr (3412) \\.\C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Messenger\jarvistim@aol.com\SharingMetadata\Working\database_7E00_3033_2F_F0B7\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Messenger\jarvistim@aol.com\SharingMetadata\Working\database_7E00_3033_2F_F0B7\fsr.log.

Record Number: 7721
Source Name: ESENT
Time Written: 20090129205408.000000-480
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Intel\DMIX;C:\Program Files\Support Tools
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------


It seems to have worked. My searches seem to be going where they should!! Thanks a lot!! How did you get so smart? :) :thumbup2: :step4:

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:38 AM

Posted 22 February 2009 - 05:40 PM

I don't know about being all that smart, but I have done lots and lots of studying. We have an excellent Malware school here with a lot of great people to work with. Also a lot of great program writers make their tools available to us.

I am glad things are better. :thumbup2: I want to look over your logs and then let my coach do the same so I will get back to you by tomorrow with any last things which could be of assistance.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:38 AM

Posted 23 February 2009 - 11:54 AM

Everything is looking good from what I see now. I would suggest you take off the older versions of Java which are still showing on your computer and I have listed below. Older versions can at times be exploited by Malware so it's just good housekeeping.



Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}


Additional instructions can be found here if needed




We need to do the same for Adobe Reader:

Please uninstall older version of Adobe Reader before installing the latest version

* Click Start
* Control Panel
* Double clicking on Add/Remove Programs
* Locate older version of Adobe Reader and click on Change/Remove to uninstall it
* Click HERE to download the latest version of Adobe Acrobat Reader.
* Select your Windows version and click onDownload. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
* Close your Internet browser and open it again.





The following will remove Gooredfix for you:

Click Start >> Run and then copy/paste the following into the box and hit Enter:
"%userprofile%\Desktop\GooredFix.exe" /uninstall
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.










Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    Restart
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once, and not on a regular basis
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date



If you have any other questions or issues feel free to ask as I will be checking back on this topic.



Other than that if there is nothing else I can do for you then I wish you good luck in the future and thank you for using our forum. :thumbup2:


thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#10 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:38 AM

Posted 27 February 2009 - 08:42 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users