Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack - Redirected to various search engines


  • This topic is locked This topic is locked
12 replies to this topic

#1 creso

creso

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 09 July 2009 - 05:56 PM

Hi, I recently got infected with some sort of browser hijack malware that I am unable to remove. When I search for something on google, sometimes when I click on a result I get redirected to a random search engine site or adware site. Any help would be greatly appreciated. Now for the logs:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Creso at 18:48:27.59 on Thu 07/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2358 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\games\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Creso\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uRun: [BackgroundSwitcher] "c:\program files\johnsadventures.com\john's background switcher\BackgroundSwitcher.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "d:\games\steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-9 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2005-3-22 28672]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-21 1684736]
S3 cpuz130;cpuz130;\??\c:\docume~1\creso\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\creso\locals~1\temp\cpuz130\cpuz_x32.sys [?]

=============== Created Last 30 ================

2009-07-09 18:41 <DIR> --d----- c:\program files\Trend Micro
2009-07-09 17:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-09 17:28 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-09 17:28 <DIR> --d----- c:\docume~1\creso\applic~1\SUPERAntiSpyware.com
2009-07-09 17:27 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-09 17:27 <DIR> --d----- c:\docume~1\creso\applic~1\Malwarebytes
2009-07-09 17:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 17:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-09 16:34 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-09 16:34 <DIR> --d----- c:\program files\Lavasoft
2009-07-09 01:19 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-09 01:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-09 00:52 <DIR> --d----- c:\docume~1\creso\applic~1\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
2009-07-09 00:52 <DIR> --d----- c:\program files\eBay Desktop
2009-07-08 19:36 <DIR> --d----- c:\program files\ColorPic 4.1
2009-07-07 18:14 <DIR> --d----- c:\program files\Paint.NET
2009-07-07 13:27 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-07-07 01:01 <DIR> --d----- c:\program files\UnzipThemAll
2009-07-02 14:03 <DIR> --d----- c:\program files\Patchou
2009-07-01 03:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-30 01:13 <DIR> --d----- c:\program files\OpenAL
2009-06-30 01:12 <DIR> --d----- c:\program files\common files\Futuremark Shared
2009-06-30 01:11 <DIR> --d----- c:\program files\Futuremark
2009-06-29 23:36 <DIR> --d----- c:\program files\THQ
2009-06-29 23:35 <DIR> --d----- c:\program files\AMD
2009-06-29 19:07 <DIR> --d----- c:\program files\ATI Technologies
2009-06-29 18:01 <DIR> --d----- c:\program files\Driver Sweeper
2009-06-29 14:54 <DIR> --d----- c:\program files\RivaTuner v2.24
2009-06-28 23:34 <DIR> --d----- c:\program files\CCleaner
2009-06-28 22:07 <DIR> --d----- c:\program files\iPod
2009-06-28 22:07 <DIR> --d----- c:\program files\iTunes
2009-06-28 22:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-23 13:59 <DIR> --d----- c:\program files\Jacob Hickman
2009-06-22 19:21 <DIR> --d----- c:\program files\AviSynth 2.5
2009-06-22 19:21 <DIR> --d----- c:\program files\eRightSoft
2009-06-22 19:14 <DIR> --d----- c:\program files\Vstplugins
2009-06-22 19:14 <DIR> --d----- c:\program files\Sony
2009-06-22 18:18 <DIR> --d----- c:\program files\Sony Setup
2009-06-17 23:23 <DIR> --d----- c:\program files\QuickPar
2009-06-17 23:08 <DIR> --d----- c:\program files\Microsoft WSE
2009-06-15 19:59 <DIR> --d----- c:\docume~1\creso\applic~1\Costco Photo Viewer US
2009-06-15 17:14 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-06-15 17:14 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-06-13 23:06 <DIR> --dsh--- c:\documents and settings\creso\PrivacIE
2009-06-13 21:55 <DIR> --dsh--- c:\documents and settings\creso\IETldCache

==================== Find3M ====================

2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2009-03-22 12:28 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032220090323\index.dat

============= FINISH: 18:49:51.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:37 AM

Posted 18 July 2009 - 12:24 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 creso

creso
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 22 July 2009 - 03:50 PM

I'm pretty sure I removed the problem (I ran SDFix I think a few days after I made this post) but heres my logs anyway.

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:37 AM

Posted 23 July 2009 - 12:25 AM

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:

* Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
* Copy and paste all logs requested in you reply, Do not attach them unless asked too.
* If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
* Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
* If I do not hear back from you within 5 days of my last post, then this topic will be closed.


Please make sure you read my instruction, repost the logs if you still need my help.

unite.jpg


#5 creso

creso
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 23 July 2009 - 12:54 AM

Malwarebytes' Anti-Malware 1.38
Database version: 2404
Windows 5.1.2600 Service Pack 3

7/18/2009 11:56:22 AM
mbam-log-2009-07-18 (11-56-22).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 210700
Time elapsed: 1 hour(s), 7 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
d:\apps\xilisoft.ipod.to.pc.copy.v1.0.54.1102.incl.keygen-virility\keygen.exe (Malware.Packer) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1b734c65-66cc-429b-b4e0-1f0703918e7c}\rp10\A0003072.exe (Malware.Packer) -> Quarantined and deleted successfully.

info.txt

info.txt logfile of random's system information tool 1.06 2009-07-18 01:42:39

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark06-->"C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -runfromtemp -l0x0009 -removeonly
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArmA2 Uninstall-->D:\games\ArmA 2\UnInstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Battlefield 2™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield Heroes-->"C:\Program Files\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files\EA Games\Battlefield Heroes\Uninstall.xml"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ColorPic-->C:\WINDOWS\ColorPic Uninstaller.exe
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Command & Conquer The First Decade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"C:\Program Files\THQ\Company of Heroes\Uninstall_English.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CPUID CPU-Z 1.51-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Driver Sweeper 1.5.5-->"C:\Program Files\Driver Sweeper\unins000.exe"
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
eBay Desktop-->MsiExec.exe /X{72A819E7-4146-B9EA-1292-C4A77F657B4E}
EVEREST Corporate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes Global Hotkeys-->MsiExec.exe /I{A502304D-38DE-4486-8128-5A3D285717DB}
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
John's Background Switcher 3.6-->C:\Program Files\johnsadventures.com\John's Background Switcher\uninst.exe
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
NewsLeecher v3.9 Final-->"C:\Program Files\NewsLeecher\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Patchou IRC Log Viewer-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Patchou\IRC Log Viewer\Uninst.isu"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Prototype™-->C:\Program Files\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RivaTuner v2.24-->"C:\Program Files\RivaTuner v2.24\uninstall.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sony Vegas Pro 8.0-->MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0009 -removeonly
UnzipThemAll 1.3-->"C:\Program Files\UnzipThemAll\unins000.exe"
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Vegas Movie Studio 9.0-->MsiExec.exe /X{CF58B132-4C67-4E0A-BE3D-8DADB1E32258}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: CRESO-DESKTOP
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromlite-on_dvdrw_shw-160p6s________________ps0a____#5&1d11b849&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.

Record Number: 11742
Source Name: LDMS
Time Written: 20090709201725.000000-240
Event Type: error
User:

Computer Name: CRESO-DESKTOP
Event Code: 1003
Message: Error code 10000050, parameter1 ff266a7f, parameter2 00000000, parameter3 b9e4fdeb, parameter4 00000000.

Record Number: 11739
Source Name: System Error
Time Written: 20090709195817.000000-240
Event Type: error
User:

Computer Name: CRESO-DESKTOP
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromlite-on_dvdrw_shw-160p6s________________ps0a____#5&1d11b849&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.

Record Number: 11719
Source Name: LDMS
Time Written: 20090709195746.000000-240
Event Type: error
User:

Computer Name: CRESO-DESKTOP
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromlite-on_dvdrw_shw-160p6s________________ps0a____#5&1d11b849&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.

Record Number: 11695
Source Name: LDMS
Time Written: 20090709183738.000000-240
Event Type: error
User:

Computer Name: CRESO-DESKTOP
Event Code: 51
Message: An error was detected on device \Device\Harddisk3\D during a paging operation.

Record Number: 11679
Source Name: Disk
Time Written: 20090709163435.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: CRESO-DESKTOP
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03aed6b0.

Record Number: 373
Source Name: Application Error
Time Written: 20090622184719.000000-240
Event Type: error
User:

Computer Name: CRESO-DESKTOP
Event Code: 1517
Message: Windows saved user CRESO-DESKTOP\Creso registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 363
Source Name: Userenv
Time Written: 20090622024410.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CRESO-DESKTOP
Event Code: 1517
Message: Windows saved user CRESO-DESKTOP\Creso registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 350
Source Name: Userenv
Time Written: 20090621023335.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CRESO-DESKTOP
Event Code: 1517
Message: Windows saved user CRESO-DESKTOP\Creso registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 344
Source Name: Userenv
Time Written: 20090620030128.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CRESO-DESKTOP
Event Code: 1002
Message: Hanging application vlc.exe, version 0.9.8.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 333
Source Name: Application Hang
Time Written: 20090618030803.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Creso at 2009-07-22 16:47:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (25%) free of 76 GB
Total RAM: 3071 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:28 PM, on 7/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\WINDOWS\system32\ctfmon.exe
D:\games\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Creso\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\NewsLeecher\newsLeecher.exe
F:\FILES\SETUP\OSE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Creso\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Creso.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [BackgroundSwitcher] "C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\games\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Creso\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5935 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1336601894-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1336601894-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-02 17530368]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-09 520024]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BackgroundSwitcher"=C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [2009-03-09 1093952]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Steam"=D:\games\Steam\Steam.exe [2009-06-14 1217784]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"Google Update"=C:\Documents and Settings\Creso\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\games\Steam\steamapps\bobgreen5s\darwinia demo\darwinia.exe"="D:\games\Steam\steamapps\bobgreen5s\darwinia demo\darwinia.exe:*:Enabled:Darwinia Demo"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Electronic Arts\Red Alert 3\RA3.exe"="C:\Program Files\Electronic Arts\Red Alert 3\RA3.exe:LocalSubNet:Disabled:Command & Conquer™ Red Alert™ 3"
"D:\games\BF2\BF2.exe"="D:\games\BF2\BF2.exe:*:Enabled:Battlefield 2"
"D:\games\Prototype\prototypef.exe"="D:\games\Prototype\prototypef.exe:*:Enabled:Prototype™"
"D:\games\Steam\steamapps\bobgreen5s\counter-strike source\hl2.exe"="D:\games\Steam\steamapps\bobgreen5s\counter-strike source\hl2.exe:*:Enabled:hl2"
"D:\games\Steam\steamapps\bobgreen5s\garrysmod\hl2.exe"="D:\games\Steam\steamapps\bobgreen5s\garrysmod\hl2.exe:*:Enabled:hl2"
"D:\games\Wolfenstein - Enemy Territory\ET.exe"="D:\games\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"D:\games\Steam\steamapps\bobgreen5s\team fortress 2\hl2.exe"="D:\games\Steam\steamapps\bobgreen5s\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe"="C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe"="C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader"
"C:\Documents and Settings\Creso\Local Settings\temp\953cae6d97d3498bb0d955609548e637\RelicDownloader.exe"="C:\Documents and Settings\Creso\Local Settings\temp\953cae6d97d3498bb0d955609548e637\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7198819c-6d99-11de-b5c9-806d6172696f}]
shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83e746fc-59f1-11de-9ebc-0016177389c3}]
shell\AutoRun\command - F:\SETUP.EXE /AUTORUN
shell\configure\command - F:\SETUP.EXE
shell\install\command - F:\SETUP.EXE


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-07-22 14:02:27 ----D---- C:\WINDOWS\LastGood
2009-07-19 03:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-07-18 01:42:24 ----D---- C:\rsit
2009-07-18 01:40:01 ----D---- C:\SDFix
2009-07-17 17:38:40 ----D---- C:\Documents and Settings\Creso\Application Data\Windows Search
2009-07-17 17:35:21 ----HD---- C:\WINDOWS\PIF
2009-07-17 17:34:40 ----D---- C:\Documents and Settings\Creso\Application Data\Windows Desktop Search
2009-07-17 17:34:07 ----D---- C:\Program Files\Windows Desktop Search
2009-07-17 17:34:06 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-07-17 17:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-07-17 17:33:40 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-07-14 20:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-14 20:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-14 20:04:29 ----A---- C:\WINDOWS\imsins.BAK
2009-07-14 20:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-10 19:46:07 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-10 19:41:36 ----D---- C:\Program Files\EA Games
2009-07-10 15:31:04 ----D---- C:\Program Files\Avira
2009-07-10 15:31:04 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-07-10 15:17:42 ----SHD---- C:\RECYCLER
2009-07-10 15:16:18 ----SD---- C:\ComboFix
2009-07-10 15:15:39 ----A---- C:\Copy of ComboFix.txt
2009-07-10 15:15:15 ----D---- C:\WINDOWS\temp
2009-07-10 15:15:14 ----A---- C:\ComboFix.txt
2009-07-10 14:52:37 ----A---- C:\Boot.bak
2009-07-10 14:52:33 ----RASHD---- C:\cmdcons
2009-07-10 14:50:47 ----D---- C:\WINDOWS\ERDNT
2009-07-10 14:19:47 ----D---- C:\Documents and Settings\Creso\Application Data\WinRAR
2009-07-10 13:50:30 ----D---- C:\WINDOWS\ERUNT
2009-07-10 13:48:40 ----D---- C:\WINDOWS\CSC
2009-07-10 13:48:32 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-09 21:40:28 ----D---- C:\Program Files\CPUID
2009-07-09 21:37:54 ----D---- C:\Program Files\Lavalys
2009-07-09 19:17:05 ----D---- C:\Program Files\ATITool
2009-07-09 18:41:43 ----D---- C:\Program Files\Trend Micro
2009-07-09 17:28:14 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-09 17:28:08 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-09 17:28:08 ----D---- C:\Documents and Settings\Creso\Application Data\SUPERAntiSpyware.com
2009-07-09 17:27:55 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-09 17:27:24 ----D---- C:\Documents and Settings\Creso\Application Data\Malwarebytes
2009-07-09 17:27:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-09 17:27:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-09 16:39:20 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-09 16:34:45 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-09 16:34:41 ----D---- C:\Program Files\Lavasoft
2009-07-09 16:34:41 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-09 13:27:12 ----D---- C:\BJPrinter
2009-07-09 13:27:03 ----RA---- C:\WINDOWS\system32\CFFHWUD.DLL
2009-07-09 13:27:02 ----RA---- C:\WINDOWS\system32\UCS32P.DLL
2009-07-09 13:27:02 ----RA---- C:\WINDOWS\system32\MPMASDLL.DLL
2009-07-09 13:27:02 ----RA---- C:\WINDOWS\system32\MPIMGENH.DLL
2009-07-09 13:27:02 ----RA---- C:\WINDOWS\system32\MPASSMON.DLL
2009-07-09 13:27:02 ----RA---- C:\WINDOWS\system32\ITLIB32.DLL
2009-07-09 13:27:02 ----RA---- C:\WINDOWS\system32\CANOIT32.EXE
2009-07-09 01:19:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-09 01:19:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-09 00:52:44 ----D---- C:\Documents and Settings\Creso\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
2009-07-09 00:52:41 ----D---- C:\Program Files\eBay Desktop
2009-07-09 00:52:37 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-08 20:24:57 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2009-07-08 19:36:24 ----D---- C:\Program Files\ColorPic 4.1
2009-07-08 19:36:24 ----A---- C:\WINDOWS\ColorPic Uninstaller.exe
2009-07-07 18:14:55 ----D---- C:\Program Files\Paint.NET
2009-07-07 13:53:19 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-07-07 13:31:54 ----D---- C:\Program Files\Adobe Media Player
2009-07-07 13:28:03 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-07 13:27:47 ----D---- C:\Program Files\Adobe
2009-07-07 13:27:23 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-07-07 13:26:16 ----D---- C:\Program Files\Common Files\Adobe
2009-07-07 01:01:14 ----A---- C:\WINDOWS\system32\unzip32.dll
2009-07-07 01:01:14 ----A---- C:\WINDOWS\system32\unrar.dll
2009-07-07 01:01:14 ----A---- C:\WINDOWS\system32\UNACEV2.DLL
2009-07-07 01:01:13 ----D---- C:\Program Files\UnzipThemAll
2009-07-02 14:03:04 ----D---- C:\Program Files\Patchou
2009-07-02 14:02:51 ----A---- C:\WINDOWS\IsUninst.exe
2009-07-01 14:40:32 ----D---- C:\Documents and Settings\Creso\Application Data\dvdcss
2009-07-01 03:00:19 ----D---- C:\Program Files\MSXML 4.0
2009-06-30 15:55:13 ----D---- C:\Program Files\Notepad++
2009-06-30 15:55:13 ----D---- C:\Documents and Settings\Creso\Application Data\Notepad++
2009-06-30 01:13:11 ----D---- C:\Program Files\OpenAL
2009-06-30 01:13:11 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-06-30 01:13:11 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-06-30 01:12:40 ----D---- C:\WINDOWS\system32\Futuremark
2009-06-30 01:12:40 ----D---- C:\Program Files\Common Files\Futuremark Shared
2009-06-30 01:11:52 ----D---- C:\Program Files\Futuremark
2009-06-29 23:36:05 ----D---- C:\Program Files\THQ
2009-06-29 23:35:13 ----D---- C:\Program Files\AMD
2009-06-29 19:10:58 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-06-29 19:07:58 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-06-29 19:07:39 ----D---- C:\Program Files\ATI Technologies
2009-06-29 18:02:06 ----A---- C:\WINDOWS\WININIT.INI
2009-06-29 18:01:02 ----D---- C:\Program Files\Driver Sweeper
2009-06-29 14:54:48 ----D---- C:\Program Files\RivaTuner v2.24
2009-06-29 13:57:26 ----D---- C:\WINDOWS\RegisteredPackages
2009-06-29 13:57:03 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-06-28 23:34:49 ----D---- C:\Program Files\CCleaner
2009-06-28 22:07:16 ----D---- C:\Program Files\iPod
2009-06-28 22:07:14 ----D---- C:\Program Files\iTunes
2009-06-28 22:07:14 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-28 22:06:12 ----D---- C:\Program Files\QuickTime
2009-06-26 20:14:50 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-06-26 20:14:50 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-06-26 20:14:50 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-06-26 20:14:49 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-06-26 20:14:49 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-06-26 20:14:49 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-06-26 20:14:49 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-06-25 16:46:45 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-06-25 16:46:45 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-06-25 16:46:45 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-06-25 16:46:45 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-06-25 16:46:45 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-06-25 16:46:45 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-06-25 16:46:45 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-06-25 16:46:45 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-06-25 16:46:45 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-06-25 16:46:45 ----N---- C:\WINDOWS\system32\px.dll
2009-06-25 16:46:43 ----D---- C:\Program Files\Winamp
2009-06-25 16:46:43 ----D---- C:\Documents and Settings\Creso\Application Data\Winamp
2009-06-23 13:59:51 ----D---- C:\Program Files\Jacob Hickman

======List of files/folders modified in the last 1 months======

2009-07-22 16:47:14 ----D---- C:\WINDOWS\Prefetch
2009-07-22 16:40:20 ----D---- C:\Documents and Settings\Creso\Application Data\.purple
2009-07-22 14:37:01 ----SHD---- C:\WINDOWS\Installer
2009-07-22 14:02:33 ----HD---- C:\WINDOWS\inf
2009-07-22 14:02:33 ----D---- C:\WINDOWS\system32\DirectX
2009-07-22 14:02:27 ----D---- C:\WINDOWS
2009-07-22 14:02:14 ----D---- C:\WINDOWS\WinSxS
2009-07-22 13:44:31 ----D---- C:\Program Files\SpeedFan
2009-07-22 13:31:49 ----D---- C:\WINDOWS\system32
2009-07-22 13:31:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-22 13:31:04 ----D---- C:\Program Files\Mozilla Firefox
2009-07-22 13:27:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-22 03:09:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-19 19:38:35 ----D---- C:\Documents and Settings\Creso\Application Data\uTorrent
2009-07-18 11:58:08 ----RD---- C:\Program Files
2009-07-18 11:58:08 ----D---- C:\WINDOWS\system32\drivers
2009-07-17 17:53:58 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-17 17:34:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-17 17:34:08 ----D---- C:\WINDOWS\system32\en-US
2009-07-17 17:34:06 ----D---- C:\WINDOWS\system32\wbem
2009-07-17 17:33:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-15 19:36:56 ----SD---- C:\WINDOWS\Tasks
2009-07-14 20:05:44 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-14 20:04:36 ----D---- C:\WINDOWS\Debug
2009-07-10 19:48:21 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-10 19:46:08 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-07-10 18:53:56 ----D---- C:\Program Files\NewsLeecher
2009-07-10 17:25:09 ----SHD---- C:\System Volume Information
2009-07-10 17:25:09 ----D---- C:\WINDOWS\system32\Restore
2009-07-10 15:09:14 ----A---- C:\WINDOWS\system.ini
2009-07-10 15:04:48 ----D---- C:\WINDOWS\AppPatch
2009-07-10 15:04:36 ----D---- C:\Program Files\Common Files
2009-07-10 14:52:38 ----RASH---- C:\boot.ini
2009-07-10 13:53:01 ----D---- C:\WINDOWS\Minidump
2009-07-09 19:58:03 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-09 16:35:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-08 20:29:12 ----D---- C:\Documents and Settings\Creso\Application Data\Adobe
2009-07-08 20:11:44 ----RSD---- C:\WINDOWS\Fonts
2009-07-07 18:15:26 ----RSD---- C:\WINDOWS\assembly
2009-07-07 11:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-29 19:08:09 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-29 19:06:12 ----D---- C:\Documents and Settings\Creso\Application Data\Apple Computer
2009-06-29 13:50:02 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-28 22:07:15 ----D---- C:\Program Files\Common Files\Apple
2009-06-23 14:23:32 ----SD---- C:\Documents and Settings\Creso\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2009-02-03 170496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-04 5045760]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 ULI5261XP;ULi M526X Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 a0qkg6t9;a0qkg6t9; C:\WINDOWS\system32\drivers\a0qkg6t9.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 catchme;catchme; \??\C:\DOCUME~1\Creso\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Creso\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-10 75064]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-07 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-09 1029456]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:37 AM

Posted 23 July 2009 - 01:05 AM

You have posted an old MBAM log, please update it then run another scan and post the results.

unite.jpg


#7 creso

creso
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 23 July 2009 - 07:42 PM

Here ya go:

Malwarebytes' Anti-Malware 1.39
Database version: 2482
Windows 5.1.2600 Service Pack 3

7/23/2009 8:40:57 PM
mbam-log-2009-07-23 (20-40-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 210550
Time elapsed: 1 hour(s), 1 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:37 AM

Posted 24 July 2009 - 06:41 AM

IMPORTANT NOTE: Your scan log results indicate you are using keygens/crack tools.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Post the contents of C:\ComboFix.txt in your next reply.

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Edited by syler, 24 July 2009 - 06:42 AM.

unite.jpg


#9 creso

creso
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 25 July 2009 - 02:34 PM

My Kaspersky scan came up clean but my browser crashed so I couldn't save the log (would run it again except it took 6 hours the first time).

ComboFix 09-07-23.04 - Creso 07/24/2009 14:24.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2383 [GMT -4:00]
Running from: c:\documents and settings\Creso\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://binuser.fileave.com
.
((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.

2009-07-24 01:22 . 2009-07-24 01:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-23 22:16 . 2009-07-23 22:16 -------- d-----w- c:\program files\Google
2009-07-23 18:05 . 2009-07-23 18:05 -------- d-----w- c:\documents and settings\Creso\Application Data\Command & Conquer 3 Kane's Wrath
2009-07-22 23:09 . 2009-07-22 23:09 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-18 05:42 . 2009-07-18 05:42 -------- d-----w- C:\rsit
2009-07-18 05:40 . 2008-11-06 06:03 -------- d-----w- C:\SDFix
2009-07-17 21:38 . 2009-07-17 21:38 -------- d-----w- c:\documents and settings\Creso\Application Data\Windows Search
2009-07-17 21:35 . 2009-07-17 21:35 -------- d--h--w- c:\windows\PIF
2009-07-17 21:34 . 2009-07-22 21:27 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-17 21:34 . 2009-07-17 21:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-17 21:33 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-17 21:33 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-17 21:33 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-07-15 23:36 . 2009-07-18 03:42 -------- d-----w- c:\documents and settings\Creso\Local Settings\Application Data\Temp
2009-07-15 23:36 . 2009-07-23 22:16 -------- d-----w- c:\documents and settings\Creso\Local Settings\Application Data\Google
2009-07-10 23:46 . 2009-07-10 23:46 139152 ----a-w- c:\documents and settings\Creso\Application Data\PnkBstrK.sys
2009-07-10 23:46 . 2009-07-10 23:46 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-10 23:41 . 2009-07-10 23:41 -------- d-----w- c:\program files\EA Games
2009-07-10 23:41 . 2009-06-25 20:36 1291640 ----a-w- c:\documents and settings\Creso\Application Data\Mozilla\Firefox\Profiles\pxfpzkw1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-07-10 23:41 . 2009-06-25 20:36 729088 ----a-w- c:\documents and settings\Creso\Application Data\Mozilla\Firefox\Profiles\pxfpzkw1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-07-10 19:31 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-10 19:31 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-10 19:31 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-10 19:31 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-10 19:31 . 2009-07-10 19:31 -------- d-----w- c:\program files\Avira
2009-07-10 19:31 . 2009-07-10 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-10 18:07 . 2009-07-10 18:07 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-07-10 17:50 . 2009-07-10 17:50 -------- d-----w- c:\windows\ERUNT
2009-07-10 05:24 . 2009-07-10 05:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-10 01:40 . 2009-07-10 01:40 -------- d-----w- c:\program files\CPUID
2009-07-10 01:40 . 2009-03-27 05:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-07-10 01:37 . 2009-07-10 01:37 -------- d-----w- c:\program files\Lavalys
2009-07-09 23:17 . 2009-07-09 23:17 -------- d-----w- c:\program files\ATITool
2009-07-09 22:41 . 2009-07-09 22:41 -------- d-----w- c:\program files\Trend Micro
2009-07-09 21:28 . 2009-07-10 19:10 117760 ----a-w- c:\documents and settings\Creso\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-09 21:28 . 2009-07-09 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-09 21:28 . 2009-07-09 21:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-09 21:28 . 2009-07-09 21:28 -------- d-----w- c:\documents and settings\Creso\Application Data\SUPERAntiSpyware.com
2009-07-09 21:27 . 2009-07-09 21:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-09 21:27 . 2009-07-09 21:27 -------- d-----w- c:\documents and settings\Creso\Application Data\Malwarebytes
2009-07-09 21:27 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 21:27 . 2009-07-23 02:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 21:27 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 21:27 . 2009-07-09 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-09 20:39 . 2009-07-09 20:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-09 20:34 . 2009-07-09 20:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-09 20:34 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-09 20:34 . 2009-07-09 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-09 20:34 . 2009-07-09 20:34 -------- d-----w- c:\program files\Lavasoft
2009-07-09 17:27 . 2009-07-09 17:27 -------- d-----w- C:\BJPrinter
2009-07-09 17:27 . 2001-10-19 19:38 565248 ----a-r- c:\windows\system32\CFFHWUD.DLL
2009-07-09 17:27 . 2001-10-19 19:45 135168 ----a-r- c:\windows\system32\MPMASDLL.DLL
2009-07-09 17:27 . 2001-10-19 19:40 61440 ----a-r- c:\windows\system32\MPASSMON.DLL
2009-07-09 17:27 . 2001-10-19 19:38 118784 ----a-r- c:\windows\system32\MPIMGENH.DLL
2009-07-09 17:27 . 2000-06-07 19:02 323645 ----a-r- c:\windows\system32\UCS32P.DLL
2009-07-09 17:27 . 2000-04-13 12:02 119808 ----a-r- c:\windows\system32\ITLIB32.DLL
2009-07-09 17:27 . 2000-04-13 12:02 45056 ----a-r- c:\windows\system32\CANOIT32.EXE
2009-07-09 17:05 . 2009-07-09 17:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-09 05:19 . 2009-07-09 05:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-09 05:19 . 2009-07-09 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-09 04:52 . 2009-07-09 04:52 -------- d-----w- c:\documents and settings\Creso\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
2009-07-09 04:52 . 2009-07-09 04:52 38208 ----a-w- c:\documents and settings\Creso\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-09 04:52 . 2009-07-09 04:52 -------- d-----w- c:\program files\eBay Desktop
2009-07-09 04:52 . 2009-07-09 04:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-08 23:36 . 2009-07-08 23:36 134122 ----a-w- c:\windows\ColorPic Uninstaller.exe
2009-07-08 23:36 . 2009-07-08 23:36 -------- d-----w- c:\program files\ColorPic 4.1
2009-07-07 22:14 . 2009-07-07 22:15 -------- d-----w- c:\program files\Paint.NET
2009-07-07 22:14 . 2009-07-14 18:24 -------- d-----w- c:\documents and settings\Creso\Local Settings\Application Data\Paint.NET
2009-07-07 17:53 . 2009-07-07 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-07 17:31 . 2009-07-07 17:31 -------- d-----w- c:\program files\Adobe Media Player
2009-07-07 17:30 . 2009-07-07 18:40 -------- d-----w- c:\documents and settings\Creso\Local Settings\Application Data\Adobe
2009-07-07 17:27 . 2009-07-07 17:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-07 17:26 . 2009-07-09 00:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-07 05:01 . 2005-09-16 02:40 160768 ----a-w- c:\windows\system32\unrar.dll
2009-07-07 05:01 . 2005-08-26 06:50 77312 ----a-w- c:\windows\system32\UNACEV2.DLL
2009-07-07 05:01 . 2005-03-01 03:52 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-07-07 05:01 . 2009-07-07 05:01 -------- d-----w- c:\program files\UnzipThemAll
2009-07-02 18:03 . 2009-07-02 18:03 -------- d-----w- c:\program files\Patchou
2009-07-02 18:02 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-07-01 18:40 . 2009-07-23 00:04 -------- d-----w- c:\documents and settings\Creso\Application Data\dvdcss
2009-07-01 07:00 . 2009-07-01 07:00 -------- d-----w- c:\program files\MSXML 4.0
2009-06-30 19:55 . 2009-06-30 19:55 -------- d-----w- c:\documents and settings\Creso\Application Data\Notepad++
2009-06-30 19:55 . 2009-06-30 19:55 -------- d-----w- c:\program files\Notepad++
2009-06-30 05:13 . 2009-06-30 05:13 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-30 05:13 . 2009-06-30 05:13 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-30 05:13 . 2009-06-30 05:13 -------- d-----w- c:\program files\OpenAL
2009-06-30 05:12 . 2009-06-30 05:12 -------- d-----w- c:\windows\system32\Futuremark
2009-06-30 05:12 . 2009-06-30 05:12 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-06-30 05:12 . 2008-09-17 18:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-06-30 05:11 . 2009-06-30 05:11 -------- d-----w- c:\program files\Futuremark
2009-06-30 03:36 . 2009-06-30 03:36 -------- d-----w- c:\program files\THQ
2009-06-30 03:35 . 2007-06-29 18:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2009-06-30 03:35 . 2009-06-30 03:35 -------- d-----w- c:\program files\AMD
2009-06-29 23:10 . 2009-06-29 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-06-29 23:07 . 2009-02-25 19:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-06-29 23:07 . 2009-06-29 23:08 -------- d-----w- c:\program files\ATI Technologies
2009-06-29 22:01 . 2009-06-29 22:01 -------- d-----w- c:\program files\Driver Sweeper
2009-06-29 18:54 . 2009-06-29 18:57 -------- d-----w- c:\program files\RivaTuner v2.24
2009-06-29 03:34 . 2009-06-29 03:34 -------- d-----w- c:\program files\CCleaner
2009-06-29 02:07 . 2009-06-29 02:07 -------- d-----w- c:\program files\iPod
2009-06-29 02:07 . 2009-06-29 02:07 -------- d-----w- c:\program files\iTunes
2009-06-29 02:07 . 2009-06-29 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-29 02:06 . 2009-06-29 02:06 -------- d-----w- c:\program files\QuickTime
2009-06-29 02:04 . 2009-06-29 02:04 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-27 17:03 . 2009-06-27 17:03 -------- d-----w- c:\documents and settings\Creso\Local Settings\Application Data\World in Conflict
2009-06-27 00:23 . 2009-06-27 00:23 -------- d-----w- c:\documents and settings\Creso\Local Settings\Application Data\ArmA 2
2009-06-27 00:14 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-27 00:14 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-27 00:14 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-27 00:14 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-27 00:14 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-27 00:14 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-27 00:14 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 07:08 . 2009-03-21 21:43 -------- d-----w- c:\documents and settings\Creso\Application Data\.purple
2009-07-24 06:52 . 2009-03-22 06:25 -------- d-----w- c:\documents and settings\Creso\Application Data\uTorrent
2009-07-23 02:57 . 2009-03-28 01:50 -------- d-----w- c:\program files\SpeedFan
2009-07-17 21:53 . 2009-03-21 05:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 23:48 . 2009-06-15 20:45 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-10 23:48 . 2009-06-15 20:45 189640 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-10 23:46 . 2009-06-15 20:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-10 22:53 . 2009-03-21 16:44 -------- d-----w- c:\program files\NewsLeecher
2009-07-09 00:24 . 2009-03-21 16:39 13104 ----a-w- c:\documents and settings\Creso\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 23:06 . 2009-03-22 22:42 -------- d-----w- c:\documents and settings\Creso\Application Data\Apple Computer
2009-06-29 17:50 . 2009-03-21 06:42 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-29 02:07 . 2009-03-22 22:40 -------- d-----w- c:\program files\Common Files\Apple
2009-06-25 20:47 . 2009-06-25 20:46 -------- d-----w- c:\documents and settings\Creso\Application Data\Winamp
2009-06-25 20:47 . 2009-06-25 20:46 -------- d-----w- c:\program files\Winamp
2009-06-23 17:59 . 2009-06-23 17:59 -------- d-----w- c:\program files\Jacob Hickman
2009-06-22 23:28 . 2009-06-22 23:28 -------- d-----w- c:\documents and settings\Creso\Application Data\Publish Providers
2009-06-22 23:28 . 2009-06-22 23:28 -------- d-----w- c:\documents and settings\Creso\Application Data\Sony
2009-06-22 23:26 . 2009-06-22 23:14 -------- d-----w- c:\program files\Sony
2009-06-22 23:21 . 2009-06-22 23:21 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-22 23:21 . 2009-06-22 23:21 -------- d-----w- c:\program files\eRightSoft
2009-06-22 23:14 . 2009-06-22 23:14 -------- d-----w- c:\program files\Vstplugins
2009-06-22 23:14 . 2009-06-22 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-06-22 23:12 . 2009-06-22 23:12 -------- d-----w- c:\program files\MSBuild
2009-06-22 23:12 . 2009-06-22 23:12 64200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-22 23:09 . 2009-06-22 23:09 -------- d-----w- c:\program files\Reference Assemblies
2009-06-22 23:08 . 2009-06-22 23:07 52770576 ----a-w- c:\documents and settings\Creso\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-06-22 23:07 . 2009-06-22 23:07 -------- d-----w- c:\documents and settings\Creso\Application Data\Sony Setup
2009-06-22 23:07 . 2009-06-22 22:18 -------- d-----w- c:\program files\Sony Setup
2009-06-18 07:23 . 2009-06-13 07:06 -------- d-----w- c:\documents and settings\Creso\Application Data\gtk-2.0
2009-06-18 03:23 . 2009-06-18 03:23 -------- d-----w- c:\program files\QuickPar
2009-06-18 03:08 . 2009-06-18 03:08 10134 ----a-r- c:\documents and settings\Creso\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-18 03:08 . 2009-06-18 03:08 -------- d-----w- c:\program files\Microsoft WSE
2009-06-16 17:40 . 2009-06-15 21:14 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-16 14:36 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 23:59 . 2009-06-15 23:59 -------- d-----w- c:\documents and settings\Creso\Application Data\Costco Photo Viewer US
2009-06-15 21:15 . 2009-03-22 21:57 -------- d-----w- c:\documents and settings\Creso\Application Data\DAEMON Tools Lite
2009-06-15 21:14 . 2009-06-15 21:14 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-12 17:54 . 2009-03-22 21:57 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-05 15:42 . 2009-03-22 22:41 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-03-22 22:41 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 19:09 . 2004-08-04 00:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:15 . 2004-08-04 00:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 19:12 . 2009-03-21 16:53 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2004-08-04 00:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-17 20:15 . 2009-03-21 05:52 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-07-23 22:16 . 2009-07-23 22:16 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 09:06 . 2009-06-22 23:21 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-06-22 23:21 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-06-22 23:21 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackgroundSwitcher"="c:\program files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2009-03-09 1093952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="d:\games\Steam\Steam.exe" [2009-06-14 1217784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\Creso\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-09 520024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-23 30192]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-02 17530368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\games\\Steam\\steamapps\\bobgreen5s\\darwinia demo\\darwinia.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\games\\BF2\\BF2.exe"=
"d:\\games\\Prototype\\prototypef.exe"=
"d:\\games\\Steam\\steamapps\\bobgreen5s\\counter-strike source\\hl2.exe"=
"d:\\games\\Steam\\steamapps\\bobgreen5s\\garrysmod\\hl2.exe"=
"d:\\games\\Wolfenstein - Enemy Territory\\ET.exe"=
"d:\\games\\Steam\\steamapps\\bobgreen5s\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/9/2009 4:35 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2009 3:31 PM 108289]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [3/22/2005 9:36 PM 28672]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/21/2009 12:53 PM 1684736]
S3 cpuz130;cpuz130;\??\c:\docume~1\Creso\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Creso\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7/9/2009 9:40 PM 12672]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/23/2009 6:16 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:35]

2009-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1336601894-839522115-1003Core.job
- c:\documents and settings\Creso\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 23:36]

2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1336601894-839522115-1003UA.job
- c:\documents and settings\Creso\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 23:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Creso\Application Data\Mozilla\Firefox\Profiles\pxfpzkw1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#General
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Creso\Application Data\Mozilla\Firefox\Profiles\pxfpzkw1.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Creso\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-24 14:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\documents and settings\Creso\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-07-24 14:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-24 18:40
ComboFix2.txt 2009-07-10 19:15

Pre-Run: 19,474,419,712 bytes free
Post-Run: 19,741,241,344 bytes free

358 --- E O F --- 2009-07-19 07:00

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:37 AM

Posted 26 July 2009 - 05:01 PM

Hi,

Can you tell me what problems you are currently having, if any, are you still getting browser redirects?

Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator
  • Alow it to run when you get a Security Warning
  • A black Command Windows will open saying: "Please Wait..."
  • It will now begin to scan, please be paitent. The scan should not take more than 2 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter.txt
  • Please post the contents of that log in your next reply along with a new Hijackthis log.

unite.jpg


#11 creso

creso
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 26 July 2009 - 05:10 PM

As of now I'm not getting any browser redirects, I just posted the logs to make sure I was clean.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:37 AM

Posted 26 July 2009 - 06:52 PM

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Posted Image

Next

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates is always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer is
succeptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not block
outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants.
Here are some free firewalls I would recomend, only install one of these.

Zone Alarm
comodo Note: Only Install the Firewall as a standalone if you already have an AntiVirus installed on your computer.

After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.

Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.
Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Tutorials on using these programs can be found below:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :)
Syler

unite.jpg


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:37 AM

Posted 27 July 2009 - 04:57 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users