Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google Jumping Problem?


  • This topic is locked This topic is locked
10 replies to this topic

#1 Devinispro

Devinispro

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 01 July 2009 - 03:06 PM

For a few days now now I've had this problem where my Google gets redirected and some pages just fail to load, i also cant click on any links in emails so difficult!
it my internet has been going slower in general,

it somehow accessed my Facebook account and sent messages to 160+ people saying click a link all the links i think were broken.. I did a full system scan with SB S&D cleared anything bad. but nothing!

http://www.bleepingcomputer.com/forums/t/237007/google-redirected-help/

I believe it to be the same problem I'm having as "Jumping" also appears and I have been redirected to . I tried the things suggested in that topic and unfortunately they did not work for me; I ran WUS_Fix.exe. nothing...

I'm now posting my own reports in hope that somebody can help me with this problem. Thanks in advance.


and also i dont know if this is related by my external hard drive crashed and it doesnt work any more all the files are missing its seagate 500Gb Free agent




Thank you so much

(devinispro)

Attached Files


Edited by Orange Blossom, 11 February 2013 - 05:28 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 AM

Posted 05 July 2009 - 08:13 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 Devinispro

Devinispro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 05 July 2009 - 10:50 PM

everything takes so long to do on the internet and its not my cable.


again thanks for your help in advance

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 AM

Posted 06 July 2009 - 12:30 AM

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:

* Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
* Copy and paste all logs requested in you reply, Do not attach them unless asked too.
* If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
* Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
* If I do not hear back from you within 5 days of my last post, then this topic will be closed.


Can you please read the instructions I am writing.

unite.jpg


#5 Devinispro

Devinispro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 08 July 2009 - 10:01 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sparky at 2009-07-05 22:43:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 727 MB (1%) free of 76 GB
Total RAM: 1279 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:39 PM, on 7/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Documents and Settings\Sparky\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sparky.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 7925 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-12-03 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-19 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-12-03 185896]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2007-11-15 166304]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-21 29744]
"D-Link Air Utility"=C:\Program Files\D-Link\Air Utility\AirCFG.exe [2003-09-03 3358720]
"ANIWZCSService"=C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe [2003-08-21 32768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-19 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-07-15 4608]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Documents and Settings\Sparky\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Bin\XnaTrans.exe"="C:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Bin\XnaTrans.exe:LocalSubNet:Enabled:XNA Game Studio 2.0 Transport"
"C:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Bin\XnaLiveProxy.exe"="C:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Bin\XnaLiveProxy.exe:LocalSubNet:Enabled:XNA Framework Games for Windows – LIVE"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bac8741-a240-11dc-9eeb-000cf19d1648}]
shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bac8753-a240-11dc-9eeb-000cf19d1648}]
shell\AutoRun\command - G:\Setup.exe


======List of files/folders created in the last 3 months======

2009-07-05 22:43:28 ----D---- C:\rsit
2009-07-05 03:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-05 03:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-05 03:11:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-05 03:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-05 03:09:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-05 03:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-05 03:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-05 03:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-05 03:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-05 03:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-07-05 03:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-05 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-05 03:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-05 03:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-05 03:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-05 03:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-07-05 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-04 13:02:23 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-07-04 12:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-03 00:56:02 ----D---- C:\Program Files\drv
2009-07-01 23:16:39 ----D---- C:\Documents and Settings\Sparky\Application Data\Malwarebytes
2009-07-01 23:16:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-01 23:16:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-01 15:00:05 ----D---- C:\Program Files\Trend Micro
2009-06-30 17:24:02 ----D---- C:\Program Files\sys
2009-06-17 14:23:05 ----A---- C:\WINDOWS\system32\ijjiProcessRestarter.exe
2009-06-16 10:38:00 ----D---- C:\Documents and Settings\Sparky\Application Data\Stamps.com Internet Postage
2009-06-16 10:37:09 ----D---- C:\Documents and Settings\All Users\Application Data\{A8FB99CB-780B-4CA6-A91A-964EDA9D25C0}
2009-06-16 10:36:51 ----D---- C:\Program Files\Stamps.com Internet Postage
2009-06-16 10:30:14 ----D---- C:\Program Files\Common Files\SWF Studio
2009-06-01 21:12:13 ----D---- C:\Documents and Settings\Sparky\Application Data\eMusic
2009-06-01 20:32:23 ----D---- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Pro
2009-05-08 22:48:04 ----D---- C:\Documents and Settings\Sparky\Application Data\SharePod
2009-04-12 00:33:21 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-04-12 00:33:20 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-04-12 00:32:41 ----D---- C:\Program Files\Windows Media Connect 2
2009-04-12 00:32:01 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-04-10 17:26:52 ----D---- C:\Program Files\Tansee iPhone Transfer
2009-04-10 17:17:55 ----D---- C:\Program Files\Tansee iPhone Transfer Contact
2009-04-08 23:09:44 ----D---- C:\Program Files\iPod
2009-04-08 23:09:27 ----D---- C:\Program Files\iTunes
2009-04-08 23:09:27 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 23:08:13 ----D---- C:\Program Files\Bonjour
2009-04-08 23:06:17 ----D---- C:\Program Files\QuickTime
2009-04-08 23:04:26 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

======List of files/folders modified in the last 3 months======

2009-07-05 22:42:38 ----D---- C:\WINDOWS\Prefetch
2009-07-05 22:16:39 ----D---- C:\Program Files\Mozilla Firefox
2009-07-05 21:12:43 ----A---- C:\WINDOWS\GunzLauncher.INI
2009-07-05 21:12:32 ----D---- C:\WINDOWS\system32\drivers
2009-07-05 21:08:51 ----D---- C:\WINDOWS\Temp
2009-07-05 03:24:02 ----D---- C:\WINDOWS\system32
2009-07-05 03:24:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-05 03:21:24 ----D---- C:\WINDOWS
2009-07-05 03:19:35 ----D---- C:\WINDOWS\system32\wbem
2009-07-05 03:19:34 ----D---- C:\WINDOWS\AppPatch
2009-07-05 03:18:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-05 03:13:34 ----HD---- C:\WINDOWS\inf
2009-07-05 03:13:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-05 03:13:26 ----A---- C:\WINDOWS\imsins.BAK
2009-07-05 03:13:14 ----D---- C:\Config.Msi
2009-07-05 03:13:10 ----SHD---- C:\WINDOWS\Installer
2009-07-05 03:12:56 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-05 03:10:36 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-05 03:09:49 ----D---- C:\WINDOWS\WinSxS
2009-07-05 03:09:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-05 03:08:48 ----RSD---- C:\WINDOWS\assembly
2009-07-05 03:03:26 ----D---- C:\WINDOWS\system32\en-US
2009-07-05 03:03:26 ----D---- C:\Program Files\Internet Explorer
2009-07-05 03:02:49 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-03 23:17:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-03 00:56:02 ----RD---- C:\Program Files
2009-07-01 23:20:40 ----D---- C:\INDYDESK
2009-07-01 23:20:40 ----D---- C:\DELL
2009-06-30 21:50:55 ----D---- C:\Documents and Settings\Sparky\Application Data\uTorrent
2009-06-17 14:23:56 ----D---- C:\Documents and Settings\All Users\Application Data\IJJIGame
2009-06-17 14:23:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-16 10:30:14 ----D---- C:\Program Files\Common Files
2009-06-12 15:47:52 ----D---- C:\Documents and Settings\Sparky\Application Data\LimeWire
2009-06-06 09:52:39 ----SD---- C:\Documents and Settings\Sparky\Application Data\Microsoft
2009-06-01 09:51:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-14 15:37:01 ----D---- C:\Program Files\BearShare Applications
2009-05-12 20:48:28 ----A---- C:\WINDOWS\system32\ijjiSetup.exe
2009-05-07 20:37:30 ----D---- C:\Program Files\Windows Media Player
2009-05-07 10:32:35 ----A---- C:\WINDOWS\system32\localspl.dll
2009-04-28 23:56:02 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-28 23:56:02 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-04-28 23:56:01 ----N---- C:\WINDOWS\system32\occache.dll
2009-04-28 23:56:01 ----N---- C:\WINDOWS\system32\mstime.dll
2009-04-28 23:56:01 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-28 23:56:01 ----A---- C:\WINDOWS\system32\url.dll
2009-04-28 23:56:01 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-28 23:56:00 ----N---- C:\WINDOWS\system32\msrating.dll
2009-04-28 23:56:00 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-28 23:56:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-28 23:55:58 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-04-28 23:55:58 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-04-28 23:55:58 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-04-28 23:55:57 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-04-28 23:55:57 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-28 23:55:57 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-28 23:55:56 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-28 23:55:56 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-04-28 23:55:56 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-04-28 23:55:56 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\icardie.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-28 23:55:55 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-28 23:55:55 ----A---- C:\WINDOWS\system32\advpack.dll
2009-04-28 04:05:56 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-28 04:05:56 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-04-25 00:26:23 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-04-15 09:51:25 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-04-12 00:33:01 ----A---- C:\WINDOWS\win.ini
2009-04-12 00:32:24 ----D---- C:\WINDOWS\Help
2009-04-10 17:15:48 ----D---- C:\Documents and Settings\Sparky\Application Data\Apple Computer
2009-04-09 01:06:48 ----D---- C:\WINDOWS\system32\Restore
2009-04-08 23:16:23 ----D---- C:\Program Files\Apple Software Update
2009-04-08 23:14:16 ----SD---- C:\WINDOWS\Tasks
2009-04-08 23:10:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-08 23:09:38 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 drvdrv;drvdrv; \??\C:\Program Files\drv\drv.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 a16u242v;a16u242v; C:\WINDOWS\system32\drivers\a16u242v.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-05-31 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-05-31 20520]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver; C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys [2003-07-17 652288]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 drv;drv; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-19 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 59296]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-21 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-04-26 2870429]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2007-11-15 2124192]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 245664]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.06 2009-07-05 22:43:41

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->Dummy
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Air Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{67BB93E2-60DD-49F5-97CB-3187BAE9D4E6}
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74FCFEA6-7447-4BDB-BFEC-FF195AA62A13}\Setup.exe"
Any Video Converter 2.6.7-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AudioConverter Studio 5.9-->"C:\Program Files\AudioConverter Studio\unins000.exe"
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bryce 5.5c-->C:\WINDOWS\unvise32.exe C:\Program Files\DAZ\Bryce 5.5\Bryce Uninstall.log
CDDB MP3 Tool (remove only)-->"C:\Program Files\CDDBMP3Tool\uninstall.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAZ|Studio 1.5.1.0-->C:\WINDOWS\unvise32.exe C:\Program Files\DAZ\Studio\DAZ Studio Uninstall.log
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Disc2Phone-->MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
eMusic Download Manager 4.1.2-->G:\eMusic Download Manager\uninst.exe
EphPod-->C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
GPL MPEG-1/2 DirectShow Decoder Filter-->MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Gunbound Revolution-->"c:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
Hex Workshop v5-->MsiExec.exe /I{26A373DB-162B-4B6E-A488-0BED0F0FB227}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
ijji - Gunz-->C:\Documents and Settings\Sparky\Desktop\Gunz\Uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImTOO Zune Video Converter-->C:\Program Files\ImTOO\Zune Video Converter 3\Uninstall.exe
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kazaa 3.2.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC8923CA-D7F5-46E4-98BB-E083E6E1C40D}\Setup.exe" -l0x9 --AddRemove
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C# 2005 Express Edition - ENU Service Pack 1 (KB926749)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {B6B0F76A-873E-438E-BC25-6704193DD344} /package {7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}
Microsoft Visual C# 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C# 2005 Express Edition - ENU\setup.exe
Microsoft Visual C# 2005 Express Edition - ENU-->MsiExec.exe /X{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft XNA Framework Redistributable 2.0-->MsiExec.exe /I{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}
Microsoft XNA Game Studio 2.0 (ARP entry)-->MsiExec.exe /I{070B87FB-CD1A-45AA-9E5E-484E5964C6ED}
Microsoft XNA Game Studio 2.0 (Redists)-->MsiExec.exe /I{31EA6FCB-6C53-4BA7-BE88-9BA788899C2C}
Microsoft XNA Game Studio 2.0 (shared components)-->MsiExec.exe /I{C18DA187-6C0D-4B8E-99AE-74D5C588AFB6}
Microsoft XNA Game Studio 2.0 (spacewar)-->MsiExec.exe /I{3432C2AA-BB3E-44B3-B5ED-EF36E0241100}
Microsoft XNA Game Studio 2.0 (xnaliveproxy)-->MsiExec.exe /I{9B96628C-8898-4FED-9612-25631C27AB13}
Microsoft XNA Game Studio 2.0 Documentation-->MsiExec.exe /I{3B5A6E00-2B27-4E1A-8A33-E3A40DEFD4DC}
Microsoft XNA Game Studio 2.0-->c:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Setup\Bootstrapper.exe
Microsoft XNA Game Studio 2.0-->MsiExec.exe /I{C357E2C9-091F-4B12-BB1C-2E7B19112BC4}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Converter Simple-->C:\PROGRA~1\MP3CON~1\UNWISE.EXE C:\PROGRA~1\MP3CON~1\INSTALL.LOG
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Power Tab Librarian-->MsiExec.exe /I{0EEAB659-66AB-4250-BB30-984D92A9AC8C}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
SonicStage 4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony Ericsson PC Suite 3.209.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stamps.com-->"C:\Documents and Settings\All Users\Application Data\{A8FB99CB-780B-4CA6-A91A-964EDA9D25C0}\stamps.exe" REMOVE=TRUE MODIFY=FALSE
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tansee iPhone Transfer Contact v1.0.0.0-->"C:\Program Files\Tansee iPhone Transfer Contact\unins000.exe"
Tansee iPhone Transfer v5.0-->"C:\Program Files\Tansee iPhone Transfer\unins000.exe"
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wisdom-soft AutoScreenRecorder 3.1 Pro-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
Zune Language Pack (ES)-->MsiExec.exe /I{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /I{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->MsiExec.exe /X{FE0256DB-509C-40AC-B888-2543AD4298E6}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: JUSTIN
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 17171
Source Name: Disk
Time Written: 20090630052535.000000-300
Event Type: warning
User:

Computer Name: JUSTIN
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 17170
Source Name: Disk
Time Written: 20090630052534.000000-300
Event Type: warning
User:

Computer Name: JUSTIN
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 17169
Source Name: Disk
Time Written: 20090630052036.000000-300
Event Type: warning
User:

Computer Name: JUSTIN
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 17168
Source Name: Disk
Time Written: 20090630052035.000000-300
Event Type: warning
User:

Computer Name: JUSTIN
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 17167
Source Name: Disk
Time Written: 20090630052034.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: JUSTIN
Event Code: 1
Message:
Record Number: 21
Source Name: nview_info
Time Written: 20090630221904.000000-300
Event Type: error
User:

Computer Name: JUSTIN
Event Code: 1
Message:
Record Number: 20
Source Name: nview_info
Time Written: 20090630221605.000000-300
Event Type: error
User:

Computer Name: JUSTIN
Event Code: 1
Message:
Record Number: 19
Source Name: nview_info
Time Written: 20090630221158.000000-300
Event Type: error
User:

Computer Name: JUSTIN
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3439, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 8
Source Name: Application Hang
Time Written: 20090626164255.000000-300
Event Type: error
User:

Computer Name: JUSTIN
Event Code: 1002
Message: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 7
Source Name: Application Hang
Time Written: 20090625002222.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------



Malwarebytes' Anti-Malware 1.38
Database version: 2360
Windows 5.1.2600 Service Pack 3

7/4/2009 9:11:36 AM
mbam-log-2009-07-04 (09-11-36).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 176290
Time elapsed: 1 hour(s), 13 minute(s), 51 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
c:\WINDOWS\pp10.exe (Worm.KoobFace) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
c:\windows\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\windows\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
c:\windows\system32\lowsec\user.ds.lll (Stolen.data) -> Delete on reboot.
c:\WINDOWS\pp10.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 AM

Posted 09 July 2009 - 05:40 AM

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 Devinispro

Devinispro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 09 July 2009 - 04:39 PM

Im going to use it but i dont belive its going to work.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 AM

Posted 09 July 2009 - 04:41 PM

Why not?

unite.jpg


#9 Devinispro

Devinispro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 09 July 2009 - 07:53 PM

ComboFix 09-07-09.04 - Sparky 07/09/2009 19:23.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.530 [GMT -5:00]
Running from: c:\documents and settings\Sparky\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\123.exe
c:\documents and settings\Sparky\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\sys
c:\windows\cdmxtras
c:\windows\Installer\327975d.msp
c:\windows\Installer\3279773.msp
c:\windows\system32\cache329
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRV
-------\Legacy_SYS
-------\Legacy_SYSDRV
-------\Service_drv


((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-10 00:28 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-10 00:28 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-09 05:05 . 2009-07-09 05:05 -------- d-----w- c:\program files\Safari
2009-07-09 04:54 . 2009-07-09 04:54 -------- d-----w- c:\program files\iPod
2009-07-09 04:54 . 2009-07-09 04:54 -------- d-----w- c:\program files\iTunes
2009-07-09 04:51 . 2009-07-09 04:52 -------- d-----w- c:\program files\QuickTime
2009-07-09 04:32 . 2009-07-09 04:32 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-06 03:43 . 2009-07-06 03:43 -------- d-----w- C:\rsit
2009-07-04 18:21 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-04 18:21 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-04 18:21 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-04 18:21 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-04 18:21 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-04 18:21 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-04 18:21 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-04 18:21 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-04 18:21 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-04 18:02 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-04 18:02 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-03 05:56 . 2009-07-03 05:56 -------- d-----w- c:\program files\drv
2009-07-02 04:16 . 2009-07-02 04:16 -------- d-----w- c:\documents and settings\Sparky\Application Data\Malwarebytes
2009-07-02 04:16 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-02 04:16 . 2009-07-02 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 04:16 . 2009-07-02 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-02 04:16 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-01 20:00 . 2009-07-01 20:00 -------- d-----w- c:\program files\Trend Micro
2009-07-01 03:58 . 2009-07-01 03:58 1 ----a-w- c:\windows\123312sd345fdg.dat
2009-07-01 03:11 . 2009-07-01 03:11 1915520 ----a-w- c:\documents and settings\Sparky\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-17 19:23 . 2009-06-03 22:48 779720 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\PurpleBean.exe
2009-06-17 19:23 . 2008-08-20 15:46 632280 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\PLauncher.exe
2009-06-17 19:23 . 2009-05-27 23:08 591320 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\ExLauncher.exe
2009-06-17 19:23 . 2008-09-04 21:34 112048 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\ijjiPrePLauncher.exe
2009-06-17 19:23 . 2009-05-26 22:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-06-16 15:38 . 2009-06-16 15:53 -------- d-----w- c:\documents and settings\Sparky\Application Data\Stamps.com Internet Postage
2009-06-16 15:37 . 2009-06-16 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{A8FB99CB-780B-4CA6-A91A-964EDA9D25C0}
2009-06-16 15:37 . 2009-02-04 18:02 321108 ----a-w- c:\documents and settings\All Users\Application Data\{A8FB99CB-780B-4CA6-A91A-964EDA9D25C0}\mia.dll
2009-06-16 15:37 . 2009-02-04 18:02 5120077 ----a-w- c:\documents and settings\All Users\Application Data\{A8FB99CB-780B-4CA6-A91A-964EDA9D25C0}\stamps.exe
2009-06-16 15:36 . 2009-06-16 15:53 -------- d-----w- c:\program files\Stamps.com Internet Postage
2009-06-16 15:36 . 2009-06-16 15:38 36 ---ha-w- c:\windows\system32\f9t.dat
2009-06-16 15:36 . 2009-06-16 15:36 -------- d-----w- c:\documents and settings\Sparky\Local Settings\Application Data\Seven Zip
2009-06-16 15:30 . 2009-06-16 15:30 -------- d-----w- c:\program files\Common Files\SWF Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 22:10 . 2007-12-03 06:16 -------- d-----w- c:\documents and settings\Sparky\Application Data\uTorrent
2009-07-09 04:54 . 2007-12-03 06:31 -------- d-----w- c:\program files\Common Files\Apple
2009-07-09 04:49 . 2007-12-03 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-05 08:12 . 2007-12-06 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-04 04:17 . 2009-02-15 18:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-17 19:24 . 2008-03-06 04:52 480688 ----a-w- c:\documents and settings\Sparky\Application Data\ijjigame\ijjistarter2FxB.exe
2009-06-17 19:23 . 2007-12-16 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\IJJIGame
2009-06-12 20:47 . 2007-12-11 05:49 -------- d-----w- c:\documents and settings\Sparky\Application Data\LimeWire
2009-06-05 16:42 . 2009-04-09 04:04 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 16:42 . 2007-12-03 06:31 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-02 02:12 . 2009-06-02 02:12 -------- d-----w- c:\documents and settings\Sparky\Application Data\eMusic
2009-06-02 01:40 . 2009-06-02 01:32 -------- d-----w- c:\program files\Wisdom-soft AutoScreenRecorder 3 Pro
2009-05-31 04:28 . 2009-05-31 04:28 390664 ----a-w- c:\documents and settings\Sparky\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-26 21:59 . 2009-06-02 02:03 51200 ----a-w- c:\documents and settings\Sparky\Application Data\Mozilla\Firefox\Profiles\r7m5yb9x.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
2009-05-26 21:59 . 2009-06-02 02:03 114688 ----a-w- c:\documents and settings\Sparky\Application Data\Mozilla\Firefox\Profiles\r7m5yb9x.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\npmozax.dll
2009-05-14 20:37 . 2009-02-21 07:03 -------- d-----w- c:\program files\BearShare Applications
2009-05-13 01:48 . 2008-03-09 05:04 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-05-11 03:52 . 2009-03-04 00:33 1878984 ----a-w- c:\documents and settings\Sparky\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-01-22 04:04 . 2008-01-22 04:04 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-07-15 4608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-03 185896]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2007-11-16 166304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-22 29744]
"D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-09-03 3358720]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-04 1626112]

c:\documents and settings\Sparky\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Kazaa\\kazaa.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"36160:TCP"= 36160:TCP:limeww
"8085:TCP"= 8085:TCP:*:Disabled:drv

R1 drvdrv;drvdrv;c:\program files\drv\drv.sys [7/3/2009 12:56 AM 9344]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [12/28/2008 1:21 AM 33752]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5/31/2008 9:35 PM 13352]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/21/2008 11:04 PM 29744]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;c:\windows\system32\drivers\PRISMNDS.sys [7/17/2003 1:58 PM 652288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv REG_MULTI_SZ drv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E80E0C06-D0C0-DF43-B7E3-CC52C00095D0}]
c:\windows\system32\Glider 1.5.3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemonsearch.com/
uInternet Connection Wizard,ShellNext = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sparky\Application Data\Mozilla\Firefox\Profiles\r7m5yb9x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - eMusic Customized Web Search
FF - prefs.js: browser.startup.homepage - gmail.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=2&q=
FF - component: c:\documents and settings\Sparky\Application Data\Mozilla\Firefox\Profiles\r7m5yb9x.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\documents and settings\Sparky\Application Data\Mozilla\Firefox\Profiles\r7m5yb9x.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Sparky\Application Data\Mozilla\Firefox\Profiles\r7m5yb9x.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Sparky\Application Data\Mozilla\Firefox\Profiles\r7m5yb9x.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 19:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40A989BD-7025-C982-6898-E96D01152DEB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagcenjhbenfhofdnp"=hex:6a,61,67,70,66,67,67,70,6a,61,67,64,66,6b,6f,70,6e,61,
70,6a,00,f1
"haaikakocmhmipmd"=hex:6a,61,67,70,66,67,67,70,6a,61,67,64,66,6b,6f,70,6e,61,
70,6a,00,00

[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,29,7b,da,f4,cc,88,cf,08,a3,ba,67,cd,b8,e4,69,83,88,e0,84,b0,8e,87,
63,88,3a,20,bb,b9,f9,24,88,66,81,e5,51,71,cd,a8,d6,5e,d4,87,c4,a0,0d,cf,45,\
"??"=hex:29,ac,4b,2a,ca,dc,c1,f1,34,a8,84,71,9b,ff,18,2a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2864)
c:\windows\system32\nview.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-10 19:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 00:38

Pre-Run: 2,018,271,232 bytes free
Post-Run: 2,266,775,552 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

240 --- E O F --- 2009-07-07 19:42






































Thanks for all your help idk if it worked.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 AM

Posted 10 July 2009 - 06:48 PM

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent, Kazaa and Limewire). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\123312sd345fdg.dat
Folder::
c:\program files\drv
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"drv"=-
Driver::
drvdrv
Regnull::
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40A989BD-7025-C982-6898-E96D01152DEB}*]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Edited by syler, 10 July 2009 - 06:50 PM.

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 AM

Posted 15 July 2009 - 06:59 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users