Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Yahoo and Google searches being redirected


  • This topic is locked This topic is locked
9 replies to this topic

#1 LitlElvis

LitlElvis

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 07 August 2009 - 03:47 PM

Moderator "boopme" reqested me to post a DDS log in reference to my post in "Am I infected, what do I do?\search results being redirected to Toseeka website"

FYI, the *.scr file extension of the DDS download is also associated with AutoCadLT software, I had to go into "file types" and re-associate the SCR file extension to "sreen saver" for the DDS program to run.

DDS.txt report is below, Attach.txt is attached.


Topic referenced is here: http://www.bleepingcomputer.com/forums/t/246561/search-results-redirected-to-toseeka-website/ ~ OB


DDS (Ver_09-07-30.01) - NTFSx86
Run by Brett at 13:35:56.56 on Fri 08/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.447 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brett\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
uPolicies-explorer: NoSMMyDocs = 1 (0x1)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-6-4 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-4 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2009-6-4 144704]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-4 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-4 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-4 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-4 33832]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-4 40488]
S0 Winjb47;Winjb47;c:\windows\system32\drivers\winjb47.sys --> c:\windows\system32\drivers\Winjb47.sys [?]
S0 Winxw28;Winxw28;c:\windows\system32\drivers\winxw28.sys --> c:\windows\system32\drivers\Winxw28.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 0279611244178975mcinstcleanup;McAfee Application Installer Cleanup (0279611244178975);c:\docume~1\brett\locals~1\temp\027961~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\brett\locals~1\temp\027961~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 MessengerSharedAccess;Messenger MessengerSharedAccess; srv --> srv [?]
S4 WZCSVCBITS;Wireless Zero Configuration WZCSVCBITS; srv --> srv [?]

=============== Created Last 30 ================

2009-08-05 15:07 --d----- c:\documents and settings\brett\DoctorWeb
2009-08-04 13:27 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-04 13:27 --d----- c:\program files\SUPERAntiSpyware
2009-08-04 13:27 --d----- c:\docume~1\brett\applic~1\SUPERAntiSpyware.com
2009-08-04 13:27 --d----- c:\program files\common files\Wise Installation Wizard
2009-08-03 14:07 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 14:07 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-03 14:07 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 11:42 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-02 21:09 -cd----- c:\windows\system32\dllcache\cache
2009-08-02 21:04 219,648 a------- c:\windows\PEV.exe
2009-08-02 19:48 18,643 a------- c:\windows\system32\feco.sys
2009-08-02 19:48 17,964 a------- c:\windows\system32\vijotogi.scr
2009-08-02 19:48 15,971 a------- c:\windows\fulu._sy
2009-08-02 19:48 15,598 a------- c:\windows\tena.lib
2009-08-02 19:48 15,138 a------- c:\program files\common files\ewezomyti.sys
2009-08-02 19:48 13,403 a------- c:\windows\nyqyr.dll
2009-08-02 19:48 13,247 a------- c:\windows\system32\ysewi.db
2009-08-02 19:48 11,628 a------- c:\program files\common files\jonuqyroka.dll
2009-07-28 17:51 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 17:51 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-25 08:17 994,924 a------- C:\100_0250.JPG
2009-07-13 20:50 --d----- C:\Nissan Sport Magazine

==================== Find3M ====================

2009-08-05 19:31 18,429 a------- c:\windows\wininit.tmp
2009-08-03 11:42 410,984 a------- c:\windows\system32\deploytk.dll
2009-08-02 19:48 15,559 a------- c:\program files\common files\picixydona.lib
2009-08-02 19:48 15,556 a------- c:\program files\common files\ajycuje._sy
2009-08-02 19:48 14,498 a------- c:\program files\common files\agotuzyno._sy
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll

============= FINISH: 13:36:38.34 ===============

Attached Files


Edited by Orange Blossom, 07 August 2009 - 09:00 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:29 PM

Posted 17 August 2009 - 10:53 AM

Hello, LitlElvis.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.

We need to run RSIT
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • Log.txt
  • info.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 LitlElvis

LitlElvis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 18 August 2009 - 11:41 PM

No problem with a delayed repsonse, thanks for helping, the redirecting problem does still persist...

log.txt file below:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Brett at 2009-08-18 21:37:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 276 GB (92%) free of 300 GB
Total RAM: 1022 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:18 PM, on 8/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Brett\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Brett.exe

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1095789284-351503178-590498886-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jen')
O4 - HKUS\S-1-5-21-1095789284-351503178-590498886-1006\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Jen')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 4511 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-03 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-03 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-07-19 94208]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-07-19 114688]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-19 77824]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-06-17 139264]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-22 339968]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-03 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-10-08 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-08-09 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-03 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2005-01-14 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\AcroTray.exe [2001-10-11 82026]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVCBITS"=2
"VzFw"=2
"VzCdbSvc"=2
"Vcsw"=3
"VAIOMediaPlatform-Mobile-Gateway"=3
"VAIOMediaPlatform-IntegratedServer-UPnP"=3
"VAIOMediaPlatform-IntegratedServer-HTTP"=3
"VAIOMediaPlatform-IntegratedServer-AppServer"=3
"VAIO Entertainment TV Device Arbitration Service"=3
"SPTISRV"=3
"Sony TVTA Manager"=2
"Sony TV Tuner Manager"=2
"Sony TV Tuner Controller"=2
"SonicStageMonitoring"=2
"Image Converter video recording monitor for VAIO Entertainment"=2
"PACSPTISVR"=2
"ose"=3
"MSCSPTISRV"=2
"MessengerSharedAccess"=2
"Lavasoft Ad-Aware Service"=2
"idsvc"=3
"Bonjour Service"=2
"Apple Mobile Device"=2
"0279611244178975mcinstcleanup"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-19 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjb47.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxw28.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjb47.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winxw28.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMMyDocs"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Westwood\RA2\mph.exe"="C:\Westwood\RA2\mph.exe:*:Disabled:mph"
"C:\Westwood\RA2\game.exe"="C:\Westwood\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Sony\Click to DVD 2\CtoDvd.exe"="C:\Program Files\Sony\Click to DVD 2\CtoDvd.exe:*:Enabled:Click to DVD"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:LocalSubNet:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-08-18 21:37:09 ----D---- C:\rsit
2009-08-04 15:20:34 ----A---- C:\RootRepeal report 08-04-09 (15-20-34).txt
2009-08-04 15:16:03 ----A---- C:\RootRepeal report 08-04-09 (15-16-03).txt
2009-08-04 13:27:47 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-04 13:27:37 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-04 13:27:37 ----D---- C:\Documents and Settings\Brett\Application Data\SUPERAntiSpyware.com
2009-08-04 13:27:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-03 14:07:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-03 11:42:25 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-03 11:42:25 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-03 11:42:25 ----A---- C:\WINDOWS\system32\java.exe
2009-08-02 21:18:39 ----SHD---- C:\RECYCLER
2009-08-02 21:09:59 ----A---- C:\ComboFix.txt
2009-08-02 21:04:45 ----A---- C:\WINDOWS\PEV.exe
2009-08-02 19:48:23 ----A---- C:\WINDOWS\nyqyr.dll
2009-08-02 19:48:23 ----A---- C:\Program Files\Common Files\jonuqyroka.dll

======List of files/folders modified in the last 1 months======

2009-08-18 21:37:15 ----D---- C:\WINDOWS\Prefetch
2009-08-18 21:37:10 ----D---- C:\WINDOWS\Temp
2009-08-18 20:55:20 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2009-08-18 18:16:06 ----D---- C:\New Folder
2009-08-18 17:29:45 ----D---- C:\WINDOWS\Registration
2009-08-18 17:29:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-18 17:29:17 ----D---- C:\WINDOWS
2009-08-18 10:39:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-14 10:38:55 ----A---- C:\WINDOWS\wininit.ini
2009-08-12 17:35:59 ----HD---- C:\WINDOWS\inf
2009-08-12 17:35:28 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-10 20:04:51 ----D---- C:\Applications
2009-08-09 17:39:02 ----D---- C:\Nissan Sport Magazine
2009-08-08 14:01:32 ----A---- C:\WINDOWS\wininit.tmp
2009-08-08 07:16:37 ----D---- C:\Program Files\Oberon Media
2009-08-07 13:55:44 ----D---- C:\BDE
2009-08-05 15:09:39 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-04 15:15:41 ----D---- C:\WINDOWS\system32\drivers
2009-08-04 13:27:44 ----SHD---- C:\WINDOWS\Installer
2009-08-04 13:27:37 ----RD---- C:\Program Files
2009-08-04 13:27:16 ----D---- C:\Program Files\Common Files
2009-08-03 11:42:25 ----D---- C:\WINDOWS\system32
2009-08-03 11:42:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-03 11:41:30 ----D---- C:\Program Files\Java
2009-08-03 11:13:56 ----RASH---- C:\boot.ini
2009-08-03 11:13:56 ----A---- C:\WINDOWS\win.ini
2009-08-03 11:13:56 ----A---- C:\WINDOWS\system.ini
2009-08-02 21:51:05 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-08-02 21:50:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-02 21:09:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-02 21:08:43 ----D---- C:\WINDOWS\ERDNT
2009-08-02 21:07:26 ----D---- C:\WINDOWS\AppPatch
2009-08-02 20:55:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-02 20:13:33 ----D---- C:\WINDOWS\Drivers
2009-07-29 05:10:19 ----D---- C:\Program Files\Internet Explorer
2009-07-25 20:03:24 ----RSD---- C:\WINDOWS\Fonts
2009-07-20 09:20:46 ----D---- C:\Pic's
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 06:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-08 1270540]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-22 1034752]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-02 20648]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 smrt;Sony MPEG RealTime encoder board; C:\WINDOWS\system32\DRIVERS\smrt.sys [2004-08-05 788736]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-07-18 1019064]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\Brett\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-03-31 180736]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-19 1049180]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IAANTMon;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-06-17 86140]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-03 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-06-03 69632]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 0279611244178975mcinstcleanup;McAfee Application Installer Cleanup (0279611244178975); C:\DOCUME~1\Brett\LOCALS~1\Temp\027961~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S4 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 32768]
S4 MessengerSharedAccess;Messenger MessengerSharedAccess; srv []
S4 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-06-07 53337]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-06-07 53337]
S4 SonicStageMonitoring;SonicStageMonitoring; C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe [2005-03-11 135168]
S4 Sony TV Tuner Controller;Sony TV Tuner Controller; C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe [2003-08-13 118784]
S4 Sony TV Tuner Manager;Sony TV Tuner Manager; C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe [2003-08-13 94208]
S4 Sony TVTA Manager;Sony TVTA Manager; C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe [2003-08-13 106496]
S4 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-06-07 69718]
S4 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-06-15 73728]
S4 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2005-06-07 1851392]
S4 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-06-07 57344]
S4 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2005-06-07 770048]
S4 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2005-06-07 188416]
S4 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-06-15 270336]
S4 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-06-15 167936]
S4 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-06-15 135168]
S4 WZCSVCBITS;Wireless Zero Configuration WZCSVCBITS; srv []

-----------------EOF-----------------

info.txt below:

info.txt logfile of random's system information tool 1.06 2009-08-18 21:37:21

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->Dummy
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems PCI Soft Modem-->agrsmdel
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD LT 2002-->MsiExec.exe /I{5783F2D7-0109-0409-0000-0060B0CE6BBA}
Boggle (remove only)-->"C:\Program Files\AOL Games\Boggle\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Click to DVD 2.0.03 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.4.10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
Command & Conquer Red Alert 2-->C:\Westwood\RA2\Uninstll.EXE
CONNECT-->"C:\Program Files\Sony\CONNECT\unwise.exe" /A "C:\Program Files\Sony\CONNECT\install.log" Uninstall CONNECT
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Image Converter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29999594-B540-4C88-A8D3-C99CA43809FC}\Setup.exe" /UNINSTALL
Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0409 -INTELUNINST
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel® PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft FrontPage 98-->"C:\Program Files\Microsoft FrontPage\bin\fpuninst.exe" C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Microsoft FrontPage\DeIsL2.isu"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (VAIO_VEDB)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
OpenMG Metadata Extractor for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B953606-000E-491C-B74D-78ECFDD520A0}\setup.exe" -l0x9
OpenMG Secure Module 4.2.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{849ABF1A-6AE3-45E1-B260-D5447B2F29F5} UNINSTALL
Paint.NET v3.22-->MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
Roxio DigitalMedia Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio DigitalMedia Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio DigitalMedia Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SonicStage 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SonicStage Mastering Studio Audio Filter Custom Preset-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}\setup.exe" -l0x9
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony MP4 Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly
Sony TV Tuner Library 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}\setup.exe" -l0x9 UNINSTALL
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Home & Business 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VAIO Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E993095-28F2-4060-9101-99C1FD1195C0}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\setup.exe" -l0x9
VAIO Light Flo Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}\setup.exe" -l0x9
VAIO Long Battery Life Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}\setup.exe" -l0x9
VAIO Media 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Registration Tool 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL
VAIO Original Screen Saver VAIO Scene SD Normal Contents-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71249EFF-EFAB-48A0-B967-630F4E70BBC3}\setup.exe" -l0x9
VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.exe" -l0x9
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Support Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82081533-F045-469E-BD53-F16839E445C3}\setup.exe" -l0x9 -removeonly
VAIO Survey Standalone-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO Update 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See KB886612 for more information]-->C:\WINDOWS\$NtUninstallKB886612$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895198-->C:\WINDOWS\$NtUninstallKB895198$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe, [2009-06-02]
F2 - REG:system.ini: UserInit=userinit.exe [2009-06-02]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe, [2009-06-02]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-06-06]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-06-06]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 [2009-06-06]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esupport.sony.com/perl/swu-download...=YES&VU=YES [2009-06-06]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-06-06]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-06-06]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! [2009-06-06]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-06-06]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe, [2009-06-06]
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-06]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-06]
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe [2009-06-06]
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-06]
O23 - Service: Wireless Zero Configuration WZCSVCBITS (WZCSVCBITS) - Unknown owner - .exe (file missing) [2009-06-06]
O23 - Service: Wireless Zero Configuration WZCSVCBITS (WZCSVCBITS) - Unknown owner - .exe (file missing) [2009-06-06]
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing) [2009-06-06]
O4 - HKLM\..\Run: [advap32] "C:\DOCUME~1\Brett\LOCALS~1\Temp\loader.exe" /r [2009-06-06]
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [2009-06-06]
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html [2009-06-07]
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html [2009-06-07]
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm [2009-06-07]
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople [2009-06-07]
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html [2009-06-07]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 [2009-06-07]
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html [2009-06-07]
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html [2009-06-07]
O23 - Service: McAfee Application Installer Cleanup (0279611244178975) (0279611244178975mcinstcleanup) - Unknown owner - C:\DOCUME~1\Brett\LOCALS~1\Temp\027961~1.EXE (file missing) [2009-06-11]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab [2009-07-02]
O4 - HKLM\..\Run: [Home Antivirus 2010] "C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe" /hide [2009-08-02]
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab [2009-08-02]
O23 - Service: McAfee Application Installer Cleanup (0279611244178975) (0279611244178975mcinstcleanup) - Unknown owner - C:\DOCUME~1\Brett\LOCALS~1\Temp\027961~1.EXE (file missing) [2009-08-02]
O20 - AppInit_DLLs: cru629.dat [2009-08-02]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-08-02]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-08-02]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-08-02]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: BDE1
Event Code: 7
Message: The device, \Device\CdRom1, has a bad block.

Record Number: 21069
Source Name: Cdrom
Time Written: 20090627080533.000000-420
Event Type: error
User:

Computer Name: BDE1
Event Code: 7
Message: The device, \Device\CdRom1, has a bad block.

Record Number: 21068
Source Name: Cdrom
Time Written: 20090627080525.000000-420
Event Type: error
User:

Computer Name: BDE1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 21066
Source Name: W32Time
Time Written: 20090627031205.000000-420
Event Type: warning
User:

Computer Name: BDE1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 21024
Source Name: W32Time
Time Written: 20090626073605.000000-420
Event Type: warning
User:

Computer Name: BDE1
Event Code: 10001
Message: Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%233"
Happened while starting this command:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

Record Number: 21016
Source Name: DCOM
Time Written: 20090625185042.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: BDE1
Event Code: 19011
Message:
Record Number: 24
Source Name: MSSQL$VAIO_VEDB
Time Written: 20090528173407.000000-420
Event Type: warning
User:

Computer Name: BDE1
Event Code: 19011
Message:
Record Number: 16
Source Name: MSSQL$VAIO_VEDB
Time Written: 20090528071054.000000-420
Event Type: warning
User:

Computer Name: BDE1
Event Code: 19011
Message:
Record Number: 9
Source Name: MSSQL$VAIO_VEDB
Time Written: 20090527065507.000000-420
Event Type: warning
User:

Computer Name: BDE1
Event Code: 1002
Message: Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 7
Source Name: Application Hang
Time Written: 20090527043146.000000-420
Event Type: error
User:

Computer Name: BDE1
Event Code: 19011
Message:
Record Number: 2
Source Name: MSSQL$VAIO_VEDB
Time Written: 20090526191343.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:29 PM

Posted 19 August 2009 - 04:04 AM

Hi!

It appears that Combofix has been run on your system. Please post the results of C:\Combofix.txt. If it is not present, please do NOT run Combofix again.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 LitlElvis

LitlElvis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 20 August 2009 - 11:15 PM

Before I started the troubleshooting with BleepingComputer.com, in a fit of rage I did run Combofix as my "newb" attempt to rid my computer of a rash of problems. After it didn't fix the redirect problem, I knew I needed someone else's help to figure this out. I have not run it again though. Here's the log below:

ComboFix 09-08-01.09 - Brett 08/02/2009 21:05.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.659 [GMT -7:00]
Running from: c:\documents and settings\Brett\Desktop\combofix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\HomeAntivirus2010.lnk
c:\documents and settings\Jen\Local Settings\Temporary Internet Files\icytefyx.pif
c:\documents and settings\Jen\Local Settings\Temporary Internet Files\jajim.bin
c:\documents and settings\Jen\Local Settings\Temporary Internet Files\uvixima.scr
c:\windows\braviax.exe
c:\windows\Installer\WinRMSrv.msi
c:\windows\system32\braviax.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\wisdstr.exe


.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 02:48 . 2009-08-03 02:48 18643 ----a-w- c:\windows\system32\feco.sys
2009-08-03 02:48 . 2009-08-03 02:48 17964 ----a-w- c:\windows\system32\vijotogi.scr
2009-08-03 02:48 . 2009-08-03 02:48 15138 ----a-w- c:\program files\Common Files\ewezomyti.sys
2009-08-03 02:48 . 2009-08-03 02:48 15006 ----a-w- c:\documents and settings\Jen\Local Settings\Application Data\funagokuxu.dll
2009-08-03 02:48 . 2009-08-03 02:48 13897 ----a-w- c:\documents and settings\Jen\Application Data\rojajatexi.bat
2009-08-03 02:48 . 2009-08-03 02:48 13403 ----a-w- c:\windows\nyqyr.dll
2009-08-03 02:48 . 2009-08-03 02:48 11982 ----a-w- c:\documents and settings\Jen\Local Settings\Application Data\levy.com
2009-08-03 02:48 . 2009-08-03 02:48 11628 ----a-w- c:\program files\Common Files\jonuqyroka.dll
2009-08-03 02:48 . 2009-08-03 02:56 -------- d-----w- c:\program files\HomeAntivirus2010
2009-07-29 00:51 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 00:51 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-14 03:50 . 2009-07-24 18:49 -------- d-----w- C:\Nissan Sport Magazine
2009-07-08 02:47 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-07-08 02:47 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-08 02:47 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-07-08 02:47 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 02:48 . 2009-08-03 02:48 15559 ----a-w- c:\program files\Common Files\picixydona.lib
2009-08-03 02:48 . 2009-08-03 02:48 15556 ----a-w- c:\program files\Common Files\ajycuje._sy
2009-08-03 02:48 . 2009-08-03 02:48 14498 ----a-w- c:\program files\Common Files\agotuzyno._sy
2009-08-02 01:33 . 2008-05-16 14:30 18184 ----a-w- c:\windows\wininit.tmp
2009-07-11 22:59 . 2009-06-20 23:00 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-07-11 22:59 . 2009-06-20 22:59 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-07-11 22:59 . 2009-06-20 22:59 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-07-04 23:00 . 2009-06-20 23:00 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-07-04 23:00 . 2009-06-20 23:00 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-07-04 23:00 . 2009-06-20 23:00 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-07-04 23:00 . 2009-06-20 22:59 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-07-04 23:00 . 2009-06-03 02:52 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-07-04 22:59 . 2009-06-03 02:51 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-07-04 22:59 . 2009-06-03 02:51 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-07-04 22:59 . 2009-06-20 22:59 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-07-04 22:59 . 2009-06-20 22:59 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-07-04 22:59 . 2009-06-20 22:59 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-07-04 22:59 . 2009-06-20 22:59 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-07-04 22:59 . 2009-06-20 22:59 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-07-04 22:59 . 2009-06-20 22:59 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-07-04 22:59 . 2009-06-20 22:59 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-07-03 17:09 . 2005-08-18 20:20 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-21 18:24 . 2008-09-28 16:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-21 17:22 . 2009-06-21 17:22 -------- d-----w- c:\program files\Oberon Media
2009-06-16 14:36 . 2005-08-18 20:20 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-08-18 20:20 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 02:26 . 2008-09-12 00:39 -------- d-----w- c:\program files\szjbbff
2009-06-12 02:07 . 2009-06-12 02:07 -------- d-----w- c:\documents and settings\Brett\Application Data\Malwarebytes
2009-05-07 15:32 . 2005-08-18 20:20 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 17:26 . 2009-05-06 17:26 1915520 ----a-w- c:\documents and settings\Jen\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
.

------- Sigcheck -------

[-] 2004-08-10 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 3959E18A00FECECFB7A8E1D4AE0F93E7 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 3959E18A00FECECFB7A8E1D4AE0F93E7 c:\windows\system32\ws2_32.dll
[-] 2008-04-14 00:12 82432 3959E18A00FECECFB7A8E1D4AE0F93E7 c:\windows\system32\dllcache\ws2_32.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-10 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-06_15.05.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-03 03:56 . 2009-08-03 03:56 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
+ 2009-08-03 03:56 . 2009-08-03 03:56 16384 c:\windows\Temp\Perflib_Perfdata_314.dat
+ 2009-06-05 01:30 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-03-08 11:31 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 11:31 . 2009-03-08 11:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2005-08-18 20:29 . 2004-08-10 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2009-07-04 15:23 . 2009-07-04 15:23 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2005-08-18 20:20 . 2009-03-08 11:33 25600 c:\windows\system32\jsproxy.dll
+ 2005-08-18 20:20 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-12 02:07 . 2009-05-26 20:20 40160 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2009-06-12 02:07 . 2009-05-26 20:19 19096 c:\windows\system32\drivers\mbam.sys
+ 2009-06-11 11:35 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 11:33 . 2009-03-08 11:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 11:33 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
- 2005-08-18 20:34 . 2009-06-06 12:56 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-18 20:34 . 2009-08-03 00:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-18 20:34 . 2009-06-06 12:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-18 20:34 . 2009-08-03 00:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-18 20:34 . 2009-08-03 00:49 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-18 20:34 . 2009-06-06 12:56 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-08 01:28 . 2007-11-08 01:28 22016 c:\windows\Installer\fa4bd.msp
+ 2007-11-08 01:32 . 2007-11-08 01:32 74240 c:\windows\Installer\fa4b9.msp
+ 2007-11-08 01:21 . 2007-11-08 01:21 24576 c:\windows\Installer\fa4b6.msp
+ 2008-06-22 23:28 . 2008-06-22 23:28 86528 c:\windows\Installer\da4db.msi
+ 2009-03-20 02:35 . 2009-03-20 02:35 19456 c:\windows\Installer\652d4.msp
+ 2009-04-11 18:35 . 2009-04-11 18:35 20992 c:\windows\Installer\652be.msi
+ 2009-04-11 18:35 . 2009-04-11 18:35 52736 c:\windows\Installer\652ba.msi
+ 2009-04-11 18:35 . 2009-04-11 18:35 60928 c:\windows\Installer\652b6.msi
+ 2009-04-11 18:35 . 2009-04-11 18:35 32256 c:\windows\Installer\652b2.msi
+ 2009-04-11 18:33 . 2009-04-11 18:33 22528 c:\windows\Installer\652aa.msi
+ 2008-05-16 15:37 . 2009-07-16 18:42 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-05-16 15:37 . 2009-07-16 18:42 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-05-16 15:37 . 2009-07-16 18:42 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-05-16 15:37 . 2009-07-16 18:42 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-05-16 15:37 . 2009-07-16 18:42 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-05-16 15:37 . 2009-07-16 18:42 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-07-29 12:10 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-29 12:10 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-29 12:10 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-06-11 11:45 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-11 11:45 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2005-08-18 20:20 . 2004-08-10 12:00 66048 c:\windows\I386\WINNT32.MSI
+ 2005-08-18 20:21 . 2005-03-17 18:29 28672 c:\windows\Drivers\ATI Unified Driver\BIN\atiicdxx.msi
+ 2009-06-11 11:43 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2009-06-11 11:43 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2009-06-11 11:45 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll
+ 2009-06-11 11:45 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll
+ 2009-06-11 11:45 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969897-IE8\update\spcustom.dll
+ 2009-06-11 11:45 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969897-IE8\spmsg.dll
+ 2009-06-11 11:35 . 2009-04-30 21:22 12800 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\xpshims.dll
+ 2009-06-11 11:35 . 2009-04-30 21:22 25600 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\jsproxy.dll
+ 2009-06-11 11:43 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2009-06-11 11:43 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2009-06-11 11:45 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2009-06-11 11:45 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2005-08-18 20:20 . 2004-08-10 12:00 4224 c:\windows\system32\dllcache\beep.sys
+ 2008-01-18 15:13 . 2008-01-18 15:13 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat
+ 2008-01-18 15:13 . 2008-01-18 15:13 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2008-05-16 15:37 . 2009-07-16 18:42 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-08-18 20:19 . 2004-08-10 12:00 2589 c:\windows\I386\RUNW32.BAT
+ 2005-08-18 20:20 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2005-08-18 20:20 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
- 2007-07-31 02:18 . 2008-10-16 22:06 208744 c:\windows\system32\muweb.dll
+ 2009-06-07 05:13 . 2008-10-16 21:06 208744 c:\windows\system32\muweb.dll
+ 2009-03-08 11:32 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
- 2009-03-08 11:32 . 2009-03-08 11:32 594432 c:\windows\system32\msfeeds.dll
+ 2005-08-18 20:20 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2005-08-18 20:20 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
+ 2005-08-18 20:20 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
- 2005-08-18 20:20 . 2009-03-08 11:32 173056 c:\windows\system32\ie4uinit.exe
+ 2005-08-18 13:26 . 2009-07-27 12:37 303624 c:\windows\system32\FNTCACHE.DAT
+ 2008-08-20 05:30 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-03-08 11:34 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-06-11 11:35 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 11:31 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 21:09 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 11:32 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 11:32 . 2009-03-08 11:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-06-04 04:36 . 2009-07-01 05:08 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-06-04 04:36 . 2009-06-04 04:36 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2008-05-16 15:14 . 2004-07-17 18:41 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-05-16 15:14 . 2004-07-17 18:41 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2008-06-22 23:29 . 2008-06-22 23:29 634368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs_setup.msi
+ 2007-11-08 01:34 . 2007-11-08 01:34 273920 c:\windows\Installer\fa4ba.msp
+ 2008-06-22 23:29 . 2008-06-22 23:29 348160 c:\windows\Installer\fa4b3.msi
+ 2009-05-02 22:56 . 2009-05-02 22:56 236032 c:\windows\Installer\fa2f789.msi
+ 2005-08-18 20:38 . 2005-08-18 20:38 264704 c:\windows\Installer\de7f.msi
+ 2007-11-07 23:07 . 2007-11-07 23:07 999936 c:\windows\Installer\da4e4.msp
+ 2007-11-07 22:56 . 2007-11-07 22:56 553472 c:\windows\Installer\da4e1.msp
+ 2007-11-07 22:58 . 2007-11-07 22:58 908800 c:\windows\Installer\da4dd.msp
+ 2007-11-07 22:54 . 2007-11-07 22:54 507392 c:\windows\Installer\da4dc.msp
+ 2008-11-05 20:02 . 2008-11-05 20:02 119296 c:\windows\Installer\d0f274c.msp
+ 2008-05-16 14:31 . 2008-05-16 14:31 782336 c:\windows\Installer\9c157.msi
+ 2009-03-24 22:22 . 2009-03-24 22:22 325120 c:\windows\Installer\652e5.msp
+ 2009-03-20 02:35 . 2009-03-20 02:35 141312 c:\windows\Installer\652cc.msp
+ 2009-04-11 18:35 . 2009-04-11 18:35 201728 c:\windows\Installer\652c2.msi
+ 2005-08-19 22:03 . 2005-08-19 22:03 205824 c:\windows\Installer\6068c.msi
+ 2005-08-19 22:03 . 2005-08-19 22:03 333824 c:\windows\Installer\60687.msi
+ 2005-08-19 22:02 . 2005-08-19 22:02 246784 c:\windows\Installer\6067e.msi
+ 2008-07-27 15:50 . 2008-07-27 15:50 289792 c:\windows\Installer\47a820f.msi
+ 2008-11-27 17:41 . 2008-11-27 17:41 561664 c:\windows\Installer\36e6ecf.msi
+ 2005-08-19 19:04 . 2005-08-19 19:04 227840 c:\windows\Installer\2168ff.msi
+ 2008-06-23 04:39 . 2008-06-23 04:39 454656 c:\windows\Installer\10f9f6c.msi
+ 2008-06-22 23:29 . 2008-06-22 23:29 630272 c:\windows\Installer\1049e2.msi
+ 2008-05-16 15:37 . 2009-07-16 18:42 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-05-16 15:37 . 2009-07-16 18:42 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-05-16 15:37 . 2009-07-16 18:42 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-05-16 15:37 . 2009-07-16 18:42 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-05-16 15:37 . 2009-07-16 18:42 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-05-16 15:37 . 2009-04-07 01:27 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-05-16 15:37 . 2009-07-16 18:42 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-07-29 12:10 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-29 12:10 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-29 12:10 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-29 12:10 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-29 12:10 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-29 12:10 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-29 12:10 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-29 12:10 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-29 12:10 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-06-11 11:45 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-11 11:45 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-11 11:45 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-11 11:45 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-11 11:45 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-11 11:45 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2009-06-11 11:43 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll
+ 2009-06-11 11:43 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe
+ 2009-06-11 11:43 . 2008-04-14 00:12 584704 c:\windows\$NtUninstallKB970238$\rpcrt4.dll
+ 2009-06-11 11:45 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll
+ 2009-06-11 11:45 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe
+ 2009-06-11 11:43 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll
+ 2009-06-11 11:43 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe
+ 2009-06-11 11:45 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll
+ 2009-06-11 11:45 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2009-06-11 11:45 . 2008-04-14 00:11 343040 c:\windows\$NtUninstallKB961501$\localspl.dll
+ 2009-06-11 11:43 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2009-06-11 11:43 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-11 11:43 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-06-11 11:45 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll
+ 2009-06-11 11:45 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe
+ 2009-06-11 11:45 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe
+ 2009-06-11 11:45 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB969897-IE8\update\updspapi.dll
+ 2009-06-11 11:45 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969897-IE8\update\update.exe
+ 2009-06-11 11:45 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969897-IE8\spuninst.exe
+ 2009-06-11 11:35 . 2009-05-13 05:10 915456 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
+ 2009-06-11 11:35 . 2009-04-30 21:22 246272 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieproxy.dll
+ 2009-06-11 11:35 . 2009-04-30 21:22 385536 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iedkcs32.dll
+ 2009-06-11 11:35 . 2009-04-30 10:47 173056 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ie4uinit.exe
+ 2009-06-11 11:43 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2009-06-11 11:43 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-06-11 11:43 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2009-06-11 11:45 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2009-06-11 11:45 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2009-06-11 11:45 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2005-08-18 20:20 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2005-08-18 20:20 . 2004-08-10 12:00 1326080 c:\windows\system32\webfldrs.msi
+ 2005-08-18 20:20 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2005-08-18 20:20 . 2009-06-03 19:09 1291264 c:\windows\system32\quartz.dll
- 2005-08-18 20:20 . 2009-03-08 11:41 5937152 c:\windows\system32\mshtml.dll
+ 2005-08-18 20:20 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2009-03-08 11:32 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2008-10-15 21:46 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2008-08-20 05:30 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 22:14 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2005-08-18 20:20 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
- 2005-08-18 20:20 . 2009-03-08 11:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-11 11:35 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2008-05-16 15:14 . 2004-08-10 12:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-05-16 15:14 . 2004-07-17 18:41 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2004-10-19 18:07 . 2004-10-19 18:07 5077504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp
+ 2008-05-16 15:37 . 2008-05-16 15:37 5922816 c:\windows\Installer\fd16.msi
+ 2007-11-08 01:30 . 2007-11-08 01:30 3962368 c:\windows\Installer\fa4bc.msp
+ 2007-11-08 01:13 . 2007-11-08 01:13 6766592 c:\windows\Installer\fa4bb.msp
+ 2007-11-08 01:26 . 2007-11-08 01:26 4340224 c:\windows\Installer\fa4b8.msp
+ 2007-11-08 01:24 . 2007-11-08 01:24 5353472 c:\windows\Installer\fa4b7.msp
+ 2007-11-08 01:18 . 2007-11-08 01:18 2059264 c:\windows\Installer\fa4b5.msp
+ 2007-11-08 01:16 . 2007-11-08 01:16 1313280 c:\windows\Installer\fa4b4.msp
+ 2009-05-02 22:56 . 2009-05-02 22:56 1802240 c:\windows\Installer\fa2f78e.msi
+ 2007-11-07 22:50 . 2007-11-07 22:50 6055936 c:\windows\Installer\da4e3.msp
+ 2007-11-07 23:00 . 2007-11-07 23:00 3407360 c:\windows\Installer\da4e2.msp
+ 2007-11-07 22:46 . 2007-11-07 22:46 3010560 c:\windows\Installer\da4e0.msp
+ 2007-11-07 23:02 . 2007-11-07 23:02 6473216 c:\windows\Installer\da4df.msp
+ 2007-11-07 23:12 . 2007-11-07 23:12 2533376 c:\windows\Installer\da4de.msp
+ 2008-11-05 22:25 . 2008-11-05 22:25 5518336 c:\windows\Installer\d0f2761.msp
+ 2009-06-30 18:30 . 2009-06-30 18:30 5520384 c:\windows\Installer\b1b182a.msp
+ 2008-12-11 17:41 . 2008-12-11 17:41 1549312 c:\windows\Installer\a28f46a.msi
+ 2009-01-14 23:43 . 2009-01-14 23:43 5520384 c:\windows\Installer\9f062.msp
+ 2008-05-16 14:30 . 2008-05-16 14:30 1098240 c:\windows\Installer\9c151.msi
+ 2008-05-16 14:30 . 2008-05-16 14:30 1104896 c:\windows\Installer\9c0c9.msi
+ 2008-05-16 14:30 . 2008-05-16 14:30 1096704 c:\windows\Installer\9c042.msi
+ 2008-05-16 14:23 . 2008-05-16 14:23 1255936 c:\windows\Installer\9bfab.msi
+ 2008-07-16 17:39 . 2008-07-16 17:39 5519360 c:\windows\Installer\737a0a1.msp
+ 2008-12-12 19:09 . 2008-12-12 19:09 5517824 c:\windows\Installer\6c5094d.msp
+ 2009-03-24 22:20 . 2009-03-24 22:20 6987776 c:\windows\Installer\657a8.msp
+ 2009-03-20 02:32 . 2009-03-20 02:32 4800512 c:\windows\Installer\65679.msp
+ 2009-03-20 02:33 . 2009-03-20 02:33 5171712 c:\windows\Installer\653c4.msp
+ 2009-04-11 18:34 . 2009-04-11 18:34 2335744 c:\windows\Installer\652ae.msi
+ 2005-08-19 22:14 . 2005-08-19 22:14 1880576 c:\windows\Installer\60695.msi
+ 2005-08-19 22:05 . 2005-08-19 22:05 1206784 c:\windows\Installer\60690.msi
+ 2005-08-19 22:02 . 2005-08-19 22:02 2727936 c:\windows\Installer\60682.msi
+ 2005-08-19 22:01 . 2005-08-19 22:01 1239552 c:\windows\Installer\60679.msi
+ 2005-08-19 21:59 . 2005-08-19 21:59 5864960 c:\windows\Installer\60671.msp
+ 2009-02-11 22:02 . 2009-02-11 22:02 5519872 c:\windows\Installer\52ded16.msp
+ 2009-02-03 23:45 . 2009-02-03 23:45 3762688 c:\windows\Installer\4cf4a76.msi
+ 2009-02-03 23:44 . 2009-02-03 23:44 1652224 c:\windows\Installer\4cf48ea.msi
+ 2009-02-03 23:43 . 2009-02-03 23:43 8992256 c:\windows\Installer\4cf48dd.msi
+ 2009-02-03 23:41 . 2009-02-03 23:41 3152384 c:\windows\Installer\4cf4631.msi
+ 2008-09-05 20:08 . 2008-09-05 20:08 5515776 c:\windows\Installer\36c52c2.msp
+ 2009-05-28 19:32 . 2009-05-28 19:32 5518848 c:\windows\Installer\26a37fd.msp
+ 2008-11-23 20:39 . 2008-11-23 20:39 4551680 c:\windows\Installer\25c59.msi
+ 2005-08-19 19:05 . 2005-08-19 19:05 3443712 c:\windows\Installer\2201e5.msi
+ 2008-10-17 17:03 . 2008-10-17 17:03 5518336 c:\windows\Installer\1ee2115.msp
+ 2009-07-29 12:10 . 2009-04-30 21:22 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-29 12:10 . 2009-05-13 05:15 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-29 12:10 . 2009-04-30 21:22 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-06-11 11:45 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-11 11:45 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-11 11:45 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-02-03 01:07 . 2009-02-03 01:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2009-02-03 01:07 . 2009-02-03 01:07 1914440 c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
+ 2008-09-13 18:44 . 2008-09-13 18:44 8937472 c:\windows\Downloaded Installations\{418E48DE-B48B-4F13-8770-FB07EFCD869A}\NetZero Internet and Voice Offer.msi
+ 2009-06-11 11:43 . 2009-02-09 11:13 1846784 c:\windows\$NtUninstallKB968537$\win32k.sys
+ 2009-06-11 11:35 . 2009-04-30 21:22 1207808 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\urlmon.dll
+ 2009-06-11 11:35 . 2009-05-13 05:10 5936128 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
+ 2009-06-11 11:35 . 2009-04-30 21:22 1985024 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iertutil.dll
+ 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2008-09-01 00:27 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
+ 2009-03-08 11:39 . 2009-07-20 01:48 11067392 c:\windows\system32\ieframe.dll
+ 2009-06-11 11:35 . 2009-07-20 01:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2008-05-16 14:39 . 2005-08-19 19:04 11339776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150030}\J2SE Runtime Environment 5.0 Update 3.msi
+ 2005-08-19 19:06 . 2005-08-19 19:06 19210240 c:\windows\Installer\236f15.msp
+ 2009-07-29 12:10 . 2009-04-30 21:22 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
+ 2009-06-11 11:45 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
+ 2009-05-01 22:22 . 2009-05-01 22:22 11064832 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-04 520024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjb47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxw28.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVCBITS"=2 (0x2)
"VzFw"=2 (0x2)
"VzCdbSvc"=2 (0x2)
"Vcsw"=3 (0x3)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-AppServer"=3 (0x3)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"SPTISRV"=3 (0x3)
"Sony TVTA Manager"=2 (0x2)
"Sony TV Tuner Manager"=2 (0x2)
"Sony TV Tuner Controller"=2 (0x2)
"SonicStageMonitoring"=2 (0x2)
"Image Converter video recording monitor for VAIO Entertainment"=2 (0x2)
"PACSPTISVR"=2 (0x2)
"ose"=3 (0x3)
"MSCSPTISRV"=2 (0x2)
"MessengerSharedAccess"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Westwood\\RA2\\mph.exe"=
"c:\\Westwood\\RA2\\game.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/2/2009 3:59 PM 64160]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S0 Winjb47;Winjb47;c:\windows\system32\Drivers\Winjb47.sys --> c:\windows\system32\Drivers\Winjb47.sys [?]
S0 Winxw28;Winxw28;c:\windows\system32\Drivers\Winxw28.sys --> c:\windows\system32\Drivers\Winxw28.sys [?]
S2 0279611244178975mcinstcleanup;McAfee Application Installer Cleanup (0279611244178975);c:\docume~1\Brett\LOCALS~1\Temp\027961~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Brett\LOCALS~1\Temp\027961~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
S4 MessengerSharedAccess;Messenger MessengerSharedAccess; srv --> srv [?]
S4 WZCSVCBITS;Wireless Zero Configuration WZCSVCBITS; srv --> srv [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-08-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:59]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-05 20:32]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-05 20:32]

2009-08-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-07-16 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 21:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MessengerSharedAccess]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVCBITS]
"ImagePath"=" srv"
.
Completion time: 2009-08-03 21:09
ComboFix-quarantined-files.txt 2009-08-03 04:09
ComboFix2.txt 2009-06-06 15:06

Pre-Run: 288,545,296,384 bytes free
Post-Run: 288,554,139,648 bytes free

469 --- E O F --- 2009-07-29 12:10

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:29 PM

Posted 23 August 2009 - 01:05 PM

Hello, LitlElvis.
Backdoor warning!

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advise you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In most cases, a reformat and clean install of the Operating System is the best solution for your (and probably other's) safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Where to draw the line? When to recommend a format and reinstall?


Again, if you would like me to attempt to clean it, I will be happy to do so. But if you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful. Should you have any questions, please feel free to ask.

Please let me know what you decide to do.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 LitlElvis

LitlElvis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 23 August 2009 - 01:42 PM

I would like to first attempt to clean the computer. I may consider reformatting, if I can backup my files... do you know of a way to create a partition in XP so I can simply dump my files in a partitioned drive, and reformat without having to hassle with backing up the files on CD/DVD?

#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:29 PM

Posted 24 August 2009 - 11:47 AM

Hello, LitlElvis.
It would be a good idea to consider formatting. Any type of sensitive information present could have been stolen.

As for backing up your data:
If you have an external hard drive, it would be better to use that. This is because partitioning programs do have their flaws and can sometimes encounter problems, causing you to loose all your data present. If you'd still like to partition, then make sure you back up your data elsewhere.

Some partition managers are:
1.Partition Magic
2.Paragon Partition Manager




Registry Cleaner Program Warning!

RegCure

Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.




We need to check the integrity of system files
  • Click Start > Run
  • Type: sfc /scannow
  • Press Enter
  • You will see a progress bar but you get no confirmation messages and it just ends. Insert your Windows installation CD when/if requested.

NEXT:

Please delete the copy of Combofix that you currently have, because it is outdated.

NEXT:

We need to download and run ComboFix (by sUBs)
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  • Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh RSIT

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:29 PM

Posted 27 August 2009 - 01:45 PM

Hello LitlElvis
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:29 PM

Posted 29 August 2009 - 03:12 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users