Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE: Antivirus System Pro / freddy49


  • Please log in to reply
10 replies to this topic

#1 smhelums

smhelums

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 04 July 2009 - 05:38 PM

I believe the virus got loaded through my daughter's Facebook account. I seem to have fixed the problem with the Antivirus System Pro ( it was bringing up all the anti virus messages and then navigating to porn sites in IE!). I removed the sysguard.exe and a couple other items that I found in my registry and on my computer. I couldn't find most of the files that the instructions told me to remove.

After booting back up, the problem with Antivirus seemed to be gone, however, there is still a freddy49.exe worm running. When my daughter tries to login to her Facebook account, IE immediately closes and sometimes another application on my computer opens.

I downloaded HiJackThis from Trend Micro and ran the analyzer. Here is the output file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:36 PM, on 7/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\WinZip\WZQKPICK.EXE
K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\WINDOWS\TEMP\KL99C3.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\freddy49.exe
C:\WINDOWS\Explorer.EXE
K:\download\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ardmore.mediacomtoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 surety.microsoft.com
O1 - Hosts: 209.44.111.62 aware-protect.com
O1 - Hosts: 209.44.111.62 www.aware-protect.com
O1 - Hosts: 211.95.78.66 amofbanking.
O1 - Hosts: 211.95.78.66 telebanking.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: BHO - {8567EDFA-408C-43e9-B929-4C25C04F5003} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Flitterbug - {1402DF89-8043-44E9-AFE8-CB3DB644EF7D} - C:\Program Files\Flitterbug Toolbar\Flitterbug.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [sysfbtray] c:\windows\freddy49.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2 Driver] smsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 USB2 Driver] smsc.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Win32 USB2 Driver] smsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 USB2 Driver] smsc.exe (User 'Default user')
O4 - Startup: Anapod Manager.lnk = K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094003700406
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Win32 USB2 Driver (Microsoft Config) - Unknown owner - C:\WINDOWS\System32\smsc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

--
End of file - 11804 bytes


Any ideas on what else I need to do to fix this? I want to delete her Facebook account, or at least change her password, but it won't let me on my desktop. I have a laptop, but I don't want to risk infecting it. Please help.

Thanks,
Susan

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 09 July 2009 - 12:42 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 smhelums

smhelums
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 11 July 2009 - 11:07 PM

Thanks for the help. Here are the 4 log files.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.38
Database version: 2408
Windows 5.1.2600 Service Pack 3

7/11/2009 3:50:49 PM
mbam-log-2009-07-11 (15-50-49).txt

Scan type: Full Scan (C:\|K:\|)
Objects scanned: 332053
Time elapsed: 2 hour(s), 23 minute(s), 23 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 8
Files Infected: 31

Memory Processes Infected:
C:\WINDOWS\ld12.exe (Worm.KoobFace) -> Unloaded process successfully.
C:\WINDOWS\freddy49.exe (Worm.KoobFace) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8ceb3db-c293-415e-a2ee-8325c2cb9ded} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8ceb3db-c293-415e-a2ee-8325c2cb9ded} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win32 USB2 Driver (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win32 USB2 Driver (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Win32 USB2 Driver (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Settings (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\AV9 (Rogue.AntiVirus2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\ld12.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy49.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\documents and settings\Susan\local settings\temporary internet files\Content.IE5\VBB2QA4P\fb.49[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00032200 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00045C45.bmp (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00045D30.bmp (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00045DFB.bmp (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\0BA3958F.bin (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\0BA396B8.bin (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\0BA397B2.bin (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\6199B03E (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\files.ini (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\History\search (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Settings\settings.dat (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Settings\settings.htm (Adware.MyWay) -> Quarantined and deleted successfully.
c:\windows\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\windows\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\jmmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101465752.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bf5087.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\smsc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

#4 smhelums

smhelums
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 11 July 2009 - 11:11 PM

RSIT log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Susan at 2009-07-11 15:59:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 664 MB (2%) free of 38 GB
Total RAM: 1278 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:45 PM, on 7/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\WinZip\WZQKPICK.EXE
K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\WINDOWS\TEMP\AVBDC0.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Susan\Desktop\RSIT.exe
K:\download\HiJackThis\Susan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mediacomtoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 surety.microsoft.com
O1 - Hosts: 209.44.111.62 aware-protect.com
O1 - Hosts: 209.44.111.62 www.aware-protect.com
O1 - Hosts: 211.95.78.66 amofbanking.
O1 - Hosts: 211.95.78.66 telebanking.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Flitterbug - {1402DF89-8043-44E9-AFE8-CB3DB644EF7D} - C:\Program Files\Flitterbug Toolbar\Flitterbug.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2 Driver] smsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 USB2 Driver] smsc.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Win32 USB2 Driver] smsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 USB2 Driver] smsc.exe (User 'Default user')
O4 - Startup: Anapod Manager.lnk = K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094003700406
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\jayomeni.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Win32 USB2 Driver (Microsoft Config) - Unknown owner - C:\WINDOWS\System32\smsc.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

--
End of file - 11093 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2003-03-16 711168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1402DF89-8043-44E9-AFE8-CB3DB644EF7D} - Flitterbug - C:\Program Files\Flitterbug Toolbar\Flitterbug.dll [2003-09-07 266240]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-22 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-22 126976]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2009-02-17 718120]
"POINTER"=point32.exe []
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2007-04-07 249856]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Microsoft Works Update Detection"=???\WkDetect.exe []
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"PowerBar"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-03-30 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [2001-08-09 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [2001-08-23 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfotoNow USB Detection]
C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL [2002-11-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-11-07 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [2003-05-22 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-05-30 868352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2004-02-25 665088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-01 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
C:\Program Files\TiVo\Desktop\TiVoNotify.exe [2007-08-06 375808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
C:\Program Files\TiVo\Desktop\TiVoServer.exe [2007-08-06 1492480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [2007-08-06 1192960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-12-11 151597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2008.lnk]
C:\WINDOWS\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2007-12-16 1718]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
C:\PROGRA~1\BRODER~1\PRINTM~1\PMremind.exe [2001-12-11 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2004-12-27 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2000-06-29 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Susan\Start Menu\Programs\Startup
Anapod Manager.lnk - K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\jayomeni.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-22 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\jayomeni.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\SYSTEM32\mmc.exe"="C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe"="C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe:*:Disabled:Bejeweled2"
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service"
"C:\Program Files\TiVo\Desktop\TiVoServer.exe"="C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service"
"C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe"="C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe:*:Enabled:Anapod Xtreamer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"K:\LimeWire\LimeWire.exe"="K:\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe"="C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Disabled:Jasc Paint Shop Photo Album Application"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealOne Player"
"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe"="C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:LocalSubNet:Disabled:TiVo Beacon Service"
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe"="C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Disabled:TiVo Desktop User Interface"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"
"K:\Program Files\Red Chair Software\Anapod Explorer\ANAMGR.EXE"="K:\Program Files\Red Chair Software\Anapod Explorer\ANAMGR.EXE:*:Enabled:Anapod Xtreamer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-07-11 15:59:35 ----D---- C:\rsit
2009-07-11 12:03:40 ----D---- C:\Documents and Settings\Susan\Application Data\Malwarebytes
2009-07-11 12:03:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-11 12:03:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-11 12:00:10 ----D---- C:\WINDOWS\ERDNT
2009-07-11 11:59:44 ----D---- C:\Program Files\ERUNT
2009-07-09 14:19:51 ----A---- C:\WINDOWS\DCEBoot.exe
2009-07-04 15:17:31 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-06-11 03:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 03:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-05-25 20:59:15 ----D---- C:\Documents and Settings\Susan\Application Data\Canon
2009-05-11 20:38:08 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-05-11 20:37:50 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-05-10 15:03:57 ----A---- C:\WINDOWS\system32\CNMLM8U.DLL
2009-05-09 01:14:52 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
2009-05-08 17:46:45 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-04-17 03:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 03:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 03:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 03:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 03:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 16:01:31 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-12 17:41:14 ----D---- C:\Documents and Settings\Susan\Application Data\Sony Corporation
2009-04-12 17:38:21 ----D---- C:\Program Files\Sony
2009-04-12 17:36:54 ----D---- C:\Documents and Settings\Susan\Application Data\InstallShield

======List of files/folders modified in the last 3 months======

2009-07-11 15:55:12 ----D---- C:\WINDOWS\Temp
2009-07-11 15:53:52 ----D---- C:\Program Files\lg_fwupdate
2009-07-11 15:53:50 ----A---- C:\WINDOWS\lgfwup.ini
2009-07-11 15:53:32 ----SD---- C:\WINDOWS\Tasks
2009-07-11 15:53:32 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2009-07-11 15:52:20 ----D---- C:\WINDOWS\SYSTEM32
2009-07-11 15:52:19 ----RD---- C:\Program Files
2009-07-11 15:52:19 ----D---- C:\WINDOWS\system32\DRIVERS
2009-07-11 15:51:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-11 15:51:41 ----D---- C:\WINDOWS\Prefetch
2009-07-11 15:50:48 ----D---- C:\WINDOWS
2009-07-11 15:26:04 ----D---- C:\WINDOWS\system32\WBEM
2009-07-11 06:58:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-09 17:46:49 ----SHD---- C:\Config.Msi
2009-07-09 14:19:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-08 17:20:28 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-06 13:49:40 ----SHD---- C:\WINDOWS\Installer
2009-07-06 13:49:23 ----D---- C:\Program Files\Safari
2009-07-04 23:13:21 ----D---- C:\WINDOWS\system32\Restore
2009-07-04 15:17:38 ----HD---- C:\WINDOWS\INF
2009-07-04 15:16:35 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-01 22:26:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-30 13:58:23 ----D---- C:\Documents and Settings\Susan\Application Data\Apple Computer
2009-06-11 15:46:59 ----A---- C:\WINDOWS\cfgall.ini
2009-06-11 03:07:25 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 03:07:17 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-06-11 03:06:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 03:03:14 ----D---- C:\WINDOWS\system32\en-US
2009-06-11 03:03:14 ----D---- C:\Program Files\Internet Explorer
2009-06-01 11:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-20 14:37:49 ----A---- C:\tmuninst.ini
2009-05-17 22:18:02 ----D---- C:\Documents and Settings\Susan\Application Data\Vso
2009-05-17 19:51:15 ----D---- C:\MyWorks
2009-05-14 20:14:48 ----D---- C:\WINDOWS\system32\Macromed
2009-05-10 15:11:34 ----D---- C:\WINDOWS\system32\FxsTmp
2009-05-10 14:54:25 ----D---- C:\WINDOWS\Media
2009-05-10 14:54:14 ----D---- C:\WINDOWS\TWAIN_32
2009-05-07 10:32:35 ----A---- C:\WINDOWS\system32\localspl.dll
2009-04-28 23:56:02 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-28 23:56:02 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-04-28 23:56:01 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-28 23:56:01 ----A---- C:\WINDOWS\system32\url.dll
2009-04-28 23:56:01 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-28 23:56:01 ----A---- C:\WINDOWS\system32\occache.dll
2009-04-28 23:56:01 ----A---- C:\WINDOWS\system32\mstime.dll
2009-04-28 23:56:00 ----A---- C:\WINDOWS\system32\msrating.dll
2009-04-28 23:56:00 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-28 23:56:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-28 23:55:58 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-04-28 23:55:58 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-04-28 23:55:58 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-04-28 23:55:57 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-28 23:55:57 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-04-28 23:55:57 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\icardie.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-28 23:55:55 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-28 23:55:55 ----A---- C:\WINDOWS\system32\advpack.dll
2009-04-28 04:05:56 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-04-28 04:05:56 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-25 00:26:23 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-04-17 03:18:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 03:13:12 ----D---- C:\WINDOWS\AppPatch
2009-04-15 09:51:25 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-04-12 17:40:30 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-08-28 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-28 2560]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-05-30 259072]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-05-30 146560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-05-30 118409]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-02-17 76304]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-05-30 213120]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-05-30 21737]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-22 807998]
R3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\system32\DRIVERS\IPFilter.sys [2002-04-11 11136]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-05-23 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-11-07 335888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-05-30 22713]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2009-02-17 918824]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 TivoBeacon2;TiVo Beacon; C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2007-08-06 864768]
R2 tmlisten;OfficeScan NT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2009-02-17 988456]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 Microsoft Config;Win32 USB2 Driver; C:\WINDOWS\System32\smsc.exe -netsvcs []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 TmPfw;OfficeScanNT Personal Firewall; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [2009-02-17 488768]
S3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2009-02-15 652552]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-01 152984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


RSIT info.txt:

info.txt logfile of random's system information tool 1.06 2009-07-11 15:59:51

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu" -c"C:\WINDOWS\StiRegstEng.dll"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
01November05-->C:\Program Files\01November05\uninstall.exe
02September04-->C:\Program Files\02September04\uninstall.exe
03January04-->C:\Program Files\03January04\uninstall.exe
03September04-->C:\Program Files\03September04\uninstall.exe
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
ACDSee-->C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\Install.log
Algebra 2 7.0-->"C:\WINDOWS\Algebra 2\uninstall.exe" "/U:C:\Program Files\Homeworkhelp.com\Algebra 2\irunin.xml"
Anapod CopyGear (remove only)-->"C:\Program Files\Red Chair Software\Shared\anagear_uninst.exe"
Anapod Explorer (remove only)-->"K:\Program Files\Red Chair Software\Anapod Explorer\uninst.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\SETUP.EXE" -l0x9 -uninst
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x9
Avery DesignPro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\Setup.exe" -l0x9 -uninst
Avery Wizard 2.1 for Microsoft® Word 2002-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL1.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Borders, Corners and More-->C:\PCHUGW~1\UNWISE.EXE C:\PCHUGW~1\Install.log
Broadcom Management Programs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Brush Lettering Software-->C:\EKSUCC~1\BRUSHL~1\UNWISE.EXE C:\EKSUCC~1\BRUSHL~1\INSTALL.LOG
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities Easy-PhotoPrint-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities PhotoStitch 3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities ZoomBrowser EX-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
Click'N Design 3D (V5)-->C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
Color Me Kids-->C:\PCHUGW~1\UNWISE.EXE C:\PCHUGW~1\Install.log
Combine PagePrintables Vol. 1 and Vol. 2-->C:\PAGEPR~2\UNWISE.EXE C:\PAGEPR~2\INSTALL.LOG
Compatibility Pack for the 2007 Office system (Beta)-->MsiExec.exe /X{30120000-0020-0409-0000-0000000FF1CE}
Cook-ie Crumbs-->C:\PCHUGW~1\UNWISE.EXE C:\PCHUGW~1\Install.log
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Creative Delights Companion-->C:\PROGRA~1\LDSUPR~1\UNWISE.EXE C:\PROGRA~1\LDSUPR~1\INSTALL.LOG
Creative Lettering Combo-->C:\CKBROW~1\UNWISE.EXE C:\CKBROW~1\INSTALL.LOG
Creative Memories Memory Manager 2-->MsiExec.exe /I{20AE84B6-5BD6-4BE4-84F0-9104A84647E0}
Creative Memories StoryBook Creator-->MsiExec.exe /I{61FB6755-AFAF-4629-BD46-387F4BD3097C}
Cut & Copy for Computer CD Clip Art-->C:\DJInkers\DJUninst.EXE C:\DJInkers\INSTALL.LOG
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DS21Patch-->MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
DVDFab Platinum 3.0.4.0 Ghosthunter release-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"
Easy CD & DVD Creator 6-->MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON PERF 1670 Guide-->C:\Program Files\epson\guide\perf1670_e\uninstall.exe
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}\setup.exe" -l0x9 MyUninstall
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Family Frenzy-->C:\PCHUGW~1\UNWISE.EXE C:\PCHUGW~1\Install.log
Flitterbug Toolbar v.1.0-->"C:\Program Files\Flitterbug Toolbar\unins000.exe"
FotoFusionV4-->C:\WINDOWS\FotoFusionV4 Uninstaller.exe
Geometry 7.0-->"C:\WINDOWS\Geometry\uninstall.exe" "/U:C:\Program Files\Homeworkhelp.com\Geometry\irunin.xml"
Get Framed-->C:\PCHUGW~1\UNWISE.EXE C:\PCHUGW~1\Install.log
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hallmark Card Studio 2008-->MsiExec.exe /X{747A6A10-DA58-48C2-A1F0-C15514419C8A}
HijackThis 2.0.2-->"K:\download\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo Imaging Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
InterVideo XPack (DVD Only)-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LD Supreme Update (5.2.4.2)-->C:\PROGRA~1\LDSUPR~1\UNWISE.EXE C:\PROGRA~1\LDSUPR~1\INSTALL.LOG
LD Supreme Web (5.2.4.2)-->C:\PROGRA~1\LDSUPR~1\UNWISE.EXE C:\PROGRA~1\LDSUPR~1\INSTALL.LOG
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
LimeWire 4.12.11-->"K:\LimeWire\uninstall.exe"
LUMIX Simple Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Publishing 2001-->MsiExec.exe /I{15D9EB74-998E-4A04-B468-51C2E7B32182}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Plus! for Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Publisher 98-->C:\Program Files\Microsoft Office\Office\Setup\Setup.exe /m
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Movie Converter V2 (remove only)-->C:\Program Files\Movie Converter V2\uninst.exe -c
MSN & Yahoo Message Archive Viewer 2.0-->"C:\Program Files\MYMA Decoder and Viewer\unins000.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetMeeting Resource Kit 3.0-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\nmrk.inf,NMRK.Remove
OfotoNow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2875A5F5-E613-4F99-9B47-8882C9DD24A5}\Setup.exe" -l0x9 anything
OLYMPUS Master 2-->MsiExec.exe /X{0815D55A-5EFF-4E1B-8C04-7035E914D90D}
OLYMPUS muvee theaterPack-->MsiExec.exe /X{EC047FA6-E83D-4326-9195-E7D306C5B9A2}
PagePrintables Vol. 2-->C:\PAGEPR~2\UNWISE.EXE C:\PAGEPR~2\INSTALL.LOG
PagePrintables-->C:\PAGEPR~1\UNWISE.EXE C:\PAGEPR~1\INSTALL.LOG
pcCrafter - Toolbar-->regsvr32 /u /s "C:\Program Files\Flitterbug Toolbar\Flitterbug.dll"
pcHugBug Browser Deluxe-->C:\PCHUGW~1\PCHUGB~1\UNWISE.EXE C:\PCHUGW~1\PCHUGB~1\INSTALL.LOG
pcHugWare AutoUpdater-->C:\PCHUGW~1\AUTOUP~1\UNWISE.EXE C:\PCHUGW~1\AUTOUP~1\INSTALL.LOG
Philips RUSH Audio Player (128 MB)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2B28CEE-4FA1-4D9E-BECD-CDA064AFB7CD}\Setup.exe" -l0x9
PHOTOfunSTUDIO -viewer--->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\Setup.exe" -l0x9 Package
PhotoSite AlbumBuilder-->C:\Program Files\Homestead\PhotoSite AlbumBuilder\hkuninst.exe -path C:\Program Files\Homestead\PhotoSite AlbumBuilder
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Picture Package Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x0009 -removeonly
Poems for Posterity-->C:\PCHUGW~1\UNWISE.EXE C:\PCHUGW~1\Install.log
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Presto! BizCard 4.1 Eng-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu"
PrintMaster 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A304FDE-F4E3-446D-AA0D-31425C897B71}\setup.exe" -l0x9 anything
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Remember When-->C:\PCHUGW~1\UNWISE.EXE C:\PCHUGW~1\Install.log
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{C5C649A8-1D21-4C83-9B08-7B3752E580F4}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Scrapbook Factory Deluxe 3.0-->MsiExec.exe /X{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Snowman Collection-->MsiExec.exe /I{76DC71B9-B81D-47C9-8A99-96251356DE28}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Spy Sweeper-->C:\WINDOWS\unSpySweeper.exe
Super Yahoo Messenger Archive Decoder-->"C:\Program Files\Super Yahoo Messenger Archive Decoder\uninstall.exe"
TiVo Desktop 2.5-->MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26}
Trend Micro OfficeScan Client-->"C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
Universal Media Player-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LocalAutorun\Uninst.isu"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta)-->MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
Wal-Mart Music Downloads Store-->MsiExec.exe /I{7EE454FB-531E-47F9-BA45-ED65496EEB09}
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
WordPerfect Office 11-->MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}

======Hosts File======

127.0.0.1 localhost
::1 localhost
209.44.111.62 surety.microsoft.com
209.44.111.62 aware-protect.com
209.44.111.62 www.aware-protect.com
211.95.78.66 amofbanking.
211.95.78.66 telebanking.

======Security center information======

AV: Trend Micro OfficeScan Antivirus
FW: Trend Micro OfficeScan Enterprise Client Firewall (disabled)
FW: Trend Micro Personal Firewall (disabled)

======System event log======

Computer Name: HELUMS
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 47196
Source Name: W32Time
Time Written: 20090516124140.000000-300
Event Type: warning
User:

Computer Name: HELUMS
Event Code: 6161
Message: The document Warrior Schedule 2009.xls owned by Susan failed to print on printer Canon MP470 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 262144. Number of bytes printed: 50216. Total number of pages in the document: 10. Number of pages printed: 0. Client machine: \\HELUMS. Win32 error code returned by the print processor: 13 (0xd).

Record Number: 47185
Source Name: Print
Time Written: 20090515215104.000000-300
Event Type: error
User: HELUMS\Susan

Computer Name: HELUMS
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 47173
Source Name: W32Time
Time Written: 20090515095509.000000-300
Event Type: warning
User:

Computer Name: HELUMS
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000D5656C364. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 47169
Source Name: Dhcp
Time Written: 20090515071932.000000-300
Event Type: warning
User:

Computer Name: HELUMS
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000D5656C364. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 47165
Source Name: Dhcp
Time Written: 20090515024918.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: HELUMS
Event Code: 1002
Message: Hanging application PhoebeLE.exe, version 1.10.11.54, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 59613
Source Name: Application Hang
Time Written: 20081206212224.000000-360
Event Type: error
User:

Computer Name: HELUMS
Event Code: 1002
Message: Hanging application pspa.exe, version 4.0.0.3, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 59035
Source Name: Application Hang
Time Written: 20081124203107.000000-360
Event Type: error
User:

Computer Name: HELUMS
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16735, faulting module flash9f.ocx, version 9.0.124.0, fault address 0x00079065.

Record Number: 58983
Source Name: Application Error
Time Written: 20081123190805.000000-360
Event Type: error
User:

Computer Name: HELUMS
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 58697
Source Name: Application Hang
Time Written: 20081117211430.000000-360
Event Type: error
User:

Computer Name: HELUMS
Event Code: 1002
Message: Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 58599
Source Name: Application Hang
Time Written: 20081115201812.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\MICROS~4\Office;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

GAMERS result:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-11 23:00:25
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.15 ----

? xbzcbof.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 12 July 2009 - 02:24 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

------------------------------------------------------------------------------------------------------------------

NOTE: IMPORTANT! To other lurkers who see this topic, if you ever want to use ComboFix, please have a look at below tutorial.. You have been warned!

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 smhelums

smhelums
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 12 July 2009 - 04:11 PM

Thanks again for the help!

Combofix Log:

ComboFix 09-07-12.01 - Susan 07/12/2009 15:30.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.777 [GMT -5:00]
Running from: c:\documents and settings\Susan\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {AE19DB24-98F0-42D8-95F0-C06DBEF73CBC}
FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {AE19DB24-98F0-42D8-95F0-C06DBEF73CBC}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\Installer\5ae87.msi
c:\windows\system32\drivers\fad.sys
c:\windows\system32\P2P Networking
c:\windows\system32\P2P Networking\Cache\Database\index256.dbb
K:\Autorun.inf

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD


((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-12 20:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-12 20:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-11 20:59 . 2009-07-12 04:03 -------- d-----w- C:\rsit
2009-07-11 17:03 . 2009-07-11 17:03 -------- d-----w- c:\documents and settings\Susan\Application Data\Malwarebytes
2009-07-11 17:03 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 17:03 . 2009-07-11 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 17:03 . 2009-07-11 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 17:03 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 16:59 . 2009-07-11 16:59 -------- d-----w- c:\program files\ERUNT
2009-07-09 19:19 . 2009-07-09 20:34 10752 ----a-w- c:\windows\DCEBoot.exe
2009-07-04 20:16 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-07-04 16:53 . 2009-07-04 16:53 1 ----a-w- c:\windows\123312sd345fdg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 20:41 . 2006-07-26 23:04 -------- d-----w- c:\program files\lg_fwupdate
2009-07-12 12:59 . 2006-12-26 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-06 18:49 . 2009-01-20 01:33 -------- d-----w- c:\program files\Safari
2009-07-05 00:07 . 2007-12-17 01:26 51640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-04 20:17 . 2009-07-04 20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-04 20:17 . 2009-07-04 20:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-30 18:58 . 2007-05-29 03:19 -------- d-----w- c:\documents and settings\Susan\Application Data\Apple Computer
2009-05-26 01:59 . 2009-05-26 01:59 -------- d-----w- c:\documents and settings\Susan\Application Data\Canon
2009-05-18 03:18 . 2007-05-24 03:29 -------- d-----w- c:\documents and settings\Susan\Application Data\Vso
2009-05-09 23:25 . 2009-05-09 23:25 174244 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-09 06:14 . 2009-05-09 06:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 06:14 . 2009-05-09 06:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 2002-08-29 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2004-02-06 23:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2002-08-29 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-06-25 05:24 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2004-10-01 20:00 . 2006-07-26 22:54 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2002-08-29 11:00 . 2002-08-29 11:00 94784 -csh--w- c:\windows\TWAIN.DLL
2008-04-14 00:12 . 2002-08-29 11:00 50688 --sh--w- c:\windows\twain_32.dll
2009-03-25 02:55 . 2006-08-27 14:41 168 --sh--r- c:\windows\SYSTEM32\CCB023EFA2.sys
2009-03-25 02:55 . 2006-08-19 20:44 3350 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
2008-04-14 00:11 . 2002-08-29 11:00 1028096 --sha-w- c:\windows\SYSTEM32\mfc42.dll
2008-04-14 00:12 . 2002-08-29 11:00 57344 --sha-w- c:\windows\SYSTEM32\msvcirt.dll
2008-04-14 00:12 . 2002-08-29 11:00 343040 --sha-w- c:\windows\SYSTEM32\msvcrt.dll
2008-04-14 00:12 . 2002-08-29 11:00 11776 --sh--w- c:\windows\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="???\WkDetect.exe" [?]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-02-17 718120]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-04-07 249856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

c:\documents and settings\Susan\Start Menu\Programs\Startup\
Anapod Manager.lnk - k:\program files\Red Chair Software\Anapod Explorer\anamgr.exe [2007-12-27 1076276]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-8-11 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-11 525664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2008.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2008.lnk
backup=c:\windows\pss\Event Planner Reminder 2008.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"k:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"k:\\Program Files\\Red Chair Software\\Anapod Explorer\\ANAMGR.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"28887:TCP"= 28887:TCP:Trend Micro OfficeScan Listener

R2 NwSapAgent;SAP Agent;c:\windows\System32\svchost.exe -k netsvcs [8/29/2002 6:00 AM 14336]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [8/6/2007 11:12 AM 864768]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [11/9/2005 9:34 PM 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/9/2005 9:34 PM 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\SYSTEM32\DRIVERS\TM_CFW.sys [4/1/2008 10:47 PM 335888]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2/17/2009 11:36 PM 33752]
S3 TmPfw;OfficeScanNT Personal Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [12/12/2008 2:57 PM 488768]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [12/12/2008 2:57 PM 652552]
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

2009-07-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-26 23:54]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PowerBar - (no file)
HKLM-Run-POINTER - point32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mediacomtoday.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 15:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3908)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Trend Micro\OfficeScan Client\NTRtScan.exe
c:\program files\Trend Micro\OfficeScan Client\TmListen.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\temp\AC47B0.EXE
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Microsoft Hardware\Mouse\point32.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-12 15:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-12 20:55

Pre-Run: 1,575,948,288 bytes free
Post-Run: 2,313,510,912 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

208 --- E O F --- 2009-07-12 19:34


HiJackThis Log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:27 PM, on 7/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\TEMP\AC47B0.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\WinZip\WZQKPICK.EXE
K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
K:\download\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mediacomtoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Flitterbug - {1402DF89-8043-44E9-AFE8-CB3DB644EF7D} - C:\Program Files\Flitterbug Toolbar\Flitterbug.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Anapod Manager.lnk = K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094003700406
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

--
End of file - 10107 bytes

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 12 July 2009 - 04:34 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\123312sd345fdg.dat
c:\windows\temp\AC47B0.EXE

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 smhelums

smhelums
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 14 July 2009 - 08:49 PM

ComboFix log file:

ComboFix 09-07-14.05 - Susan 07/14/2009 19:12.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.841 [GMT -5:00]
Running from: c:\documents and settings\Susan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Susan\Desktop\CFScript.txt
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {AE19DB24-98F0-42D8-95F0-C06DBEF73CBC}
FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {AE19DB24-98F0-42D8-95F0-C06DBEF73CBC}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

FILE ::
"c:\windows\123312sd345fdg.dat"
"c:\windows\temp\AC47B0.EXE"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\123312sd345fdg.dat

.
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-12 20:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-12 20:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-11 20:59 . 2009-07-12 04:03 -------- d-----w- C:\rsit
2009-07-11 17:03 . 2009-07-11 17:03 -------- d-----w- c:\documents and settings\Susan\Application Data\Malwarebytes
2009-07-11 17:03 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 17:03 . 2009-07-11 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 17:03 . 2009-07-11 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 17:03 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 16:59 . 2009-07-11 16:59 -------- d-----w- c:\program files\ERUNT
2009-07-09 19:19 . 2009-07-09 20:34 10752 ----a-w- c:\windows\DCEBoot.exe
2009-07-04 20:16 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 00:30 . 2006-07-26 23:04 -------- d-----w- c:\program files\lg_fwupdate
2009-07-14 15:01 . 2006-12-26 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-06 18:49 . 2009-01-20 01:33 -------- d-----w- c:\program files\Safari
2009-07-05 00:07 . 2007-12-17 01:26 51640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-04 20:17 . 2009-07-04 20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-04 20:17 . 2009-07-04 20:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-30 18:58 . 2007-05-29 03:19 -------- d-----w- c:\documents and settings\Susan\Application Data\Apple Computer
2009-05-26 01:59 . 2009-05-26 01:59 -------- d-----w- c:\documents and settings\Susan\Application Data\Canon
2009-05-18 03:18 . 2007-05-24 03:29 -------- d-----w- c:\documents and settings\Susan\Application Data\Vso
2009-05-09 23:25 . 2009-05-09 23:25 174244 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-09 06:14 . 2009-05-09 06:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 06:14 . 2009-05-09 06:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 2002-08-29 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2004-02-06 23:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2002-08-29 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2004-10-01 20:00 . 2006-07-26 22:54 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2002-08-29 11:00 . 2002-08-29 11:00 94784 -csh--w- c:\windows\TWAIN.DLL
2008-04-14 00:12 . 2002-08-29 11:00 50688 --sh--w- c:\windows\twain_32.dll
2009-03-25 02:55 . 2006-08-27 14:41 168 --sh--r- c:\windows\SYSTEM32\CCB023EFA2.sys
2009-03-25 02:55 . 2006-08-19 20:44 3350 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
2008-04-14 00:11 . 2002-08-29 11:00 1028096 --sha-w- c:\windows\SYSTEM32\mfc42.dll
2008-04-14 00:12 . 2002-08-29 11:00 57344 --sha-w- c:\windows\SYSTEM32\msvcirt.dll
2008-04-14 00:12 . 2002-08-29 11:00 343040 --sha-w- c:\windows\SYSTEM32\msvcrt.dll
2008-04-14 00:12 . 2002-08-29 11:00 11776 --sh--w- c:\windows\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-12_20.41.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 00:27 . 2009-02-17 16:20 296224 c:\windows\temp\DW9232.EXE
+ 2009-07-14 22:50 . 2009-07-14 22:50 176128 c:\windows\ERDNT\AutoBackup\7-14-2009\Users\00000002\UsrClass.dat
+ 2009-07-14 22:50 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\7-14-2009\ERDNT.EXE
+ 2009-07-13 12:57 . 2009-07-13 12:57 167936 c:\windows\ERDNT\AutoBackup\7-13-2009\Users\00000002\UsrClass.dat
+ 2009-07-13 12:57 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\7-13-2009\ERDNT.EXE
+ 2009-07-12 20:43 . 2009-07-12 20:43 167936 c:\windows\ERDNT\AutoBackup\7-12-2009\Users\00000002\UsrClass.dat
+ 2009-07-12 20:43 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\7-12-2009\ERDNT.EXE
+ 2009-07-14 22:50 . 2009-07-14 22:50 7577600 c:\windows\ERDNT\AutoBackup\7-14-2009\Users\00000001\NTUSER.DAT
+ 2009-07-13 12:57 . 2009-07-13 12:57 7577600 c:\windows\ERDNT\AutoBackup\7-13-2009\Users\00000001\NTUSER.DAT
+ 2009-07-12 20:43 . 2009-07-12 20:43 7577600 c:\windows\ERDNT\AutoBackup\7-12-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="???\WkDetect.exe" [?]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-02-17 718120]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-04-07 249856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

c:\documents and settings\Susan\Start Menu\Programs\Startup\
Anapod Manager.lnk - k:\program files\Red Chair Software\Anapod Explorer\anamgr.exe [2007-12-27 1076276]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-8-11 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-11 525664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2008.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2008.lnk
backup=c:\windows\pss\Event Planner Reminder 2008.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"k:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"k:\\Program Files\\Red Chair Software\\Anapod Explorer\\ANAMGR.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"28887:TCP"= 28887:TCP:Trend Micro OfficeScan Listener

R2 NwSapAgent;SAP Agent;c:\windows\System32\svchost.exe -k netsvcs [8/29/2002 6:00 AM 14336]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [8/6/2007 11:12 AM 864768]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [11/9/2005 9:34 PM 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/9/2005 9:34 PM 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\SYSTEM32\DRIVERS\TM_CFW.sys [4/1/2008 10:47 PM 335888]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2/17/2009 11:36 PM 33752]
S3 TmPfw;OfficeScanNT Personal Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [12/12/2008 2:57 PM 488768]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [12/12/2008 2:57 PM 652552]
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

2009-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-26 23:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mediacomtoday.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 19:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(600)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Trend Micro\OfficeScan Client\NTRtScan.exe
c:\program files\Trend Micro\OfficeScan Client\TmListen.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\temp\DW9232.EXE
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-15 19:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 00:43
ComboFix2.txt 2009-07-12 20:56

Pre-Run: 2,457,513,984 bytes free
Post-Run: 2,508,001,280 bytes free

200 --- E O F --- 2009-07-12 19:34

HiJackThis Log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:16 PM, on 7/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\TEMP\DW9232.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\WinZip\WZQKPICK.EXE
K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\explorer.exe
K:\download\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mediacomtoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Flitterbug - {1402DF89-8043-44E9-AFE8-CB3DB644EF7D} - C:\Program Files\Flitterbug Toolbar\Flitterbug.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Anapod Manager.lnk = K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094003700406
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

--
End of file - 9970 bytes

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 15 July 2009 - 12:51 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 smhelums

smhelums
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 16 July 2009 - 08:24 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=bfb4bc71ae4be04c97d8d9662594a1b7
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-17 01:09:18
# local_time=2009-07-16 08:09:18 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=224235
# found=6
# cleaned=6
# scan_time=8919
C:\Program Files\LumaPix\FotoFusionV4\collage.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2055\A0150467.exe a variant of Win32/Kryptik.WY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2060\A0151798.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ib.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\unast.exe a variant of Win32/TrojanDownloader.VB.AH trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\AST.exe a variant of Win32/TrojanDownloader.VB.AH trojan (deleted - quarantined) 00000000000000000000000000000000 C

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 17 July 2009 - 02:23 AM

Looks good to me.. Lets do some cleanup...


Please download OTCl and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users