Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with gasfky, UACd.sys, and possibly others


  • Please log in to reply
15 replies to this topic

#1 baker_eliz

baker_eliz

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 23 September 2009 - 01:45 PM

Please help. This is our home business computer and it's been down for two days now. We've had almost 40 views and no replies so far.

RAN MALWAREBYTES--WILL NOT REBOOT; HANGS ON CHKDISK--MALWARE PROBLEM STILL EXISTS

Hello. I found your site online and am hoping you can help us. We have been strugging with this for a day or two now.

We tried running MalBytes Antimal-ware several times to clear up our system, but every time when the system rebooted, ChkDisk crashed in Level 2.
So we booted up on safe mode and restore the last known working configuration, which, of course, still had the virus.

We thought about running Avast VRDB, but we didn't know if that would help or make things worse at this point.

Below and attached are our logs. Please note that when running RootRepeal, we got the "Try adjusting Disc Access Level in Options dialog" message; when we clicked several times to close the message box, the program ran. So maybe the results are suspect? We don't know.



DDS (Ver_09-07-30.01) - NTFSx86
Run by J at 10:32:16.29 on Wed 09/23/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2524 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\J\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070824
mDefault_Page_URL = hxxp://www.defaulthomepage.info
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [<NO NAME>]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [PUStarter] c:\program files\common files\hewlett-packard\hp printer utility dcs\appinterfaces\HPPUDS.exe
mRun: [RunPUTasktray] "c:\program files\hewlett-packard\hp printer utility\hppu.exe" --regkeypath=software\hewlett-packard\hp printer utility\HPPURun --valuename=InstallTTM
mRun: [KnexStarter] c:\program files\common files\hewlett-packard\hp device communication services\appinterfaces\HPDeviceService.exe
mRun: [RunTasktray] "c:\program files\hewlett-packard\hp easy printer care\hpprun.exe" --regkeypath=software\hewlett-packard\hp easy printer care\HPPRun --valuename=InstallTTM
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: hp.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {C2CE96C6-0732-4A48-BA35-6060526BA7A2} - hxxp://192.168.1.117/hp/device/webAccess/multipleFileUpload.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\common files\hewlett-packard\hp device communication services\app\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - c:\program files\common files\hewlett-packard\hp printer utility dcs\app\hplidcsapp.dll
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\hewlett-packard\hp printer utility\hpluCtrls.dll
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\hewlett-packard\hp printer utility\hpluCtrls.dll
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\hewlett-packard\hp printer utility\hpluCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\ramdisk.sys [2000-4-19 6995]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-14 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-14 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-14 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-14 352920]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [2007-11-7 44344]
S4 Spooadmhd;Spooadmhd; [x]

=============== Created Last 30 ================

2009-09-23 07:58 54,016 a------- c:\windows\system32\drivers\rslxx.sys
2009-09-22 13:08 <DIR> --ds---- C:\ComboFix
2009-09-22 13:08 389,120 a------- c:\windows\system32\CF29339.exe
2009-09-22 07:52 54,016 a------- c:\windows\system32\drivers\udox.sys
2009-09-21 22:35 54,016 a------- c:\windows\system32\drivers\jsks.sys
2009-09-21 22:06 54,016 a------- c:\windows\system32\drivers\xmlykya.sys
2009-09-21 18:12 <DIR> --d----- c:\docume~1\j\applic~1\Malwarebytes
2009-09-21 18:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 18:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-21 14:31 54,784 a------- c:\windows\system32\drivers\UACxlejvmrvta.sys
2009-09-21 14:31 <DIR> --d----- C:\spoolerlogs
2009-09-09 13:49 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-08-30 22:05 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-08-29 16:16 <DIR> --d----- c:\program files\common files\DivX Shared
2009-08-25 12:40 <DIR> --d----- c:\program files\Hp
2009-08-25 12:39 <DIR> --d----- c:\docume~1\j\applic~1\HpUpdate
2009-08-25 12:39 <DIR> --d----- c:\windows\Hewlett-Packard
2009-08-24 16:29 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat

==================== Find3M ====================

2009-08-13 08:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-18 09:05 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 09:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 06:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-26 09:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 09:50 666,624 -------- c:\windows\system32\dllcache\wininet.dll
2009-06-26 09:50 620,032 -------- c:\windows\system32\dllcache\urlmon.dll
2009-06-26 09:50 81,920 -------- c:\windows\system32\ieencode.dll
2009-06-26 09:50 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-01-25 11:56 61,320 a------- c:\docume~1\j\applic~1\GDIPFONTCACHEV1.DAT
2008-06-27 10:27 61,224 a------- c:\documents and settings\j\GoToAssistDownloadHelper.exe
2007-12-26 18:30 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-10-13 12:00 20 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLbz.DAT

============= FINISH: 10:33:27.23 ===============

Attached Files


Edited by baker_eliz, 23 September 2009 - 06:16 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 24 September 2009 - 10:47 PM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

After running ComboFix, please post the ComboFix log as a reply to this

#3 baker_eliz

baker_eliz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 25 September 2009 - 02:36 PM

Grinler, thanks for helping us. We have to drive to Joshua's mother's house in the country outside Petaluma, CA (an hour away from us; we're in Berkeley) because a water pipe burst last night and she has no water. So we be unavailable until later tonight or tomorrow.

We tried to run comboFix, as requested. When going through the stages, the following error message kept popping up:

C:\windows\system32\drivers\UACxlejvmrvta.sys is corrupt and unreadable. Please run Chkdsk utility.

We would click OK and ComboFix would run until the message popped up again.

Then the following blue screen appeared:

A problem has been detected and windows has been shut down to prevent damage to your computer.
KERNEL_DATA_INPAGE_ERROR
If this is the first time you have seen this error message, restart your computer.
.....clip....
TECNHICAL INFORMATION:

Stop: 0X0000007A (0XE2222AB8, 0XC000026E, 0XBF94EC2B, 0X75F64860)
Win32K.sys address BF94EC2B base at BF800000, date stamp 49E87572

We restarted the computer. Chkdsk started.

Checking file system on C:
The type of the file system is NFTS.
The volume is dirty.

Chkdsk is verifying files (stage 1 of 3)
File verification completed.
Chkdsk is verifying indexes (stage 2 of 3)
Deleting index entry UACxlejbmrvtz.sys in Index $I30 of file 2734.
Deleting index entry UACXLE~1.sys in Index $I30 of file 2734.
Index verification completed.
Chkdsk is recovering lost files.
Recovering orphan file UACD.sys (4488) into directory file 2734.
Chkdsk is verifying security descriptors (stage 3 of 3)
100 Percent completed.

... snip ...
Windows has finished checking ....snip ...

Windows rebooted.

We reran ComboFix, successfully, this time. FINALLY! The log is below.

Thanks so much for your help. We look forward to hearing your analysis.

Joshua and e

**********************************************


ComboFix 09-09-22.03 - J 09/25/2009 12:21.2.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2504 [GMT -7:00]
Running from: c:\documents and settings\J\Desktop\ComboFix--renamed.exe
AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACd.sys
c:\windows\system32\drivers\UACxlejvmrvta.sys
.
---- Previous Run -------
.
c:\documents and settings\J\My Documents\ZbThumbnail.info
c:\windows\Installer\108d464.msp
c:\windows\Installer\108d465.msp
c:\windows\Installer\108d466.msp
c:\windows\Installer\108d467.msp
c:\windows\Installer\108d468.msp
c:\windows\Installer\108d469.msp
c:\windows\Installer\108d46a.msp
c:\windows\Installer\108d46b.msp
c:\windows\Installer\108d46c.msp
c:\windows\Installer\120363b.msp
c:\windows\Installer\120363c.msp
c:\windows\Installer\120363d.msp
c:\windows\Installer\120363e.msp
c:\windows\Installer\120363f.msp
c:\windows\Installer\1203640.msp
c:\windows\Installer\1203641.msp
c:\windows\Installer\1203642.msp
c:\windows\Installer\1203643.msp
c:\windows\Installer\1219f7f.msp
c:\windows\Installer\1219f80.msp
c:\windows\Installer\1219f81.msp
c:\windows\Installer\1219f82.msp
c:\windows\Installer\1219f83.msp
c:\windows\Installer\1219f84.msp
c:\windows\Installer\1219f85.msp
c:\windows\Installer\1219f86.msp
c:\windows\Installer\1219f87.msp
c:\windows\Installer\130dd1ed.msp
c:\windows\Installer\130dd1ee.msp
c:\windows\Installer\130dd1ef.msp
c:\windows\Installer\130dd1f0.msp
c:\windows\Installer\130dd1f1.msp
c:\windows\Installer\130dd1f2.msp
c:\windows\Installer\130dd1f3.msp
c:\windows\Installer\130dd1f4.msp
c:\windows\Installer\130dd1f5.msp
c:\windows\Installer\13d292e.msp
c:\windows\Installer\13d292f.msp
c:\windows\Installer\13d2930.msp
c:\windows\Installer\13d2931.msp
c:\windows\Installer\13d2932.msp
c:\windows\Installer\13d2933.msp
c:\windows\Installer\13d2934.msp
c:\windows\Installer\13d2935.msp
c:\windows\Installer\13d2936.msp
c:\windows\Installer\1409a40.msp
c:\windows\Installer\14da68e.msp
c:\windows\Installer\14da68f.msp
c:\windows\Installer\14da690.msp
c:\windows\Installer\14da691.msp
c:\windows\Installer\14da692.msp
c:\windows\Installer\14da693.msp
c:\windows\Installer\14da694.msp
c:\windows\Installer\14da695.msp
c:\windows\Installer\14da696.msp
c:\windows\Installer\15645c4.msp
c:\windows\Installer\15645c5.msp
c:\windows\Installer\15645c6.msp
c:\windows\Installer\15645c7.msp
c:\windows\Installer\15645c8.msp
c:\windows\Installer\15645c9.msp
c:\windows\Installer\15645ca.msp
c:\windows\Installer\15645cb.msp
c:\windows\Installer\15645cc.msp
c:\windows\Installer\15c1c75.msp
c:\windows\Installer\15c1c76.msp
c:\windows\Installer\15c1c77.msp
c:\windows\Installer\15c1c78.msp
c:\windows\Installer\15c1c79.msp
c:\windows\Installer\15c1c7a.msp
c:\windows\Installer\15c1c7b.msp
c:\windows\Installer\15c1c7c.msp
c:\windows\Installer\15c1c7d.msp
c:\windows\Installer\171b583.msp
c:\windows\Installer\171b584.msp
c:\windows\Installer\171b585.msp
c:\windows\Installer\171b586.msp
c:\windows\Installer\171b587.msp
c:\windows\Installer\171b588.msp
c:\windows\Installer\171b589.msp
c:\windows\Installer\171b58a.msp
c:\windows\Installer\171b58b.msp
c:\windows\Installer\18b8992.msp
c:\windows\Installer\18b8993.msp
c:\windows\Installer\18b8994.msp
c:\windows\Installer\18b8995.msp
c:\windows\Installer\18b8996.msp
c:\windows\Installer\18b8997.msp
c:\windows\Installer\18b8998.msp
c:\windows\Installer\18b8999.msp
c:\windows\Installer\18b899a.msp
c:\windows\Installer\1bf4902.msp
c:\windows\Installer\1bf4903.msp
c:\windows\Installer\1bf4904.msp
c:\windows\Installer\1bf4905.msp
c:\windows\Installer\1bf4906.msp
c:\windows\Installer\1bf4907.msp
c:\windows\Installer\1bf4908.msp
c:\windows\Installer\1bf4909.msp
c:\windows\Installer\1bf490a.msp
c:\windows\Installer\1d780.msp
c:\windows\Installer\1d781.msp
c:\windows\Installer\1d782.msp
c:\windows\Installer\1d783.msp
c:\windows\Installer\1d784.msp
c:\windows\Installer\1d785.msp
c:\windows\Installer\1d786.msp
c:\windows\Installer\1d787.msp
c:\windows\Installer\1d788.msp
c:\windows\Installer\1f60aa5.msp
c:\windows\Installer\1f60aa6.msp
c:\windows\Installer\1f60aa7.msp
c:\windows\Installer\1f60aa8.msp
c:\windows\Installer\1f60aa9.msp
c:\windows\Installer\1f60aaa.msp
c:\windows\Installer\1f60aab.msp
c:\windows\Installer\1f60aac.msp
c:\windows\Installer\1f60aad.msp
c:\windows\Installer\1fa012c.msp
c:\windows\Installer\1fa012d.msp
c:\windows\Installer\1fa012e.msp
c:\windows\Installer\1fa012f.msp
c:\windows\Installer\1fa0130.msp
c:\windows\Installer\1fa0131.msp
c:\windows\Installer\1fa0132.msp
c:\windows\Installer\1fa0133.msp
c:\windows\Installer\1fa0134.msp
c:\windows\Installer\1ffd9a2.msp
c:\windows\Installer\1ffd9a3.msp
c:\windows\Installer\1ffd9a4.msp
c:\windows\Installer\1ffd9a5.msp
c:\windows\Installer\1ffd9a6.msp
c:\windows\Installer\1ffd9a7.msp
c:\windows\Installer\1ffd9a8.msp
c:\windows\Installer\1ffd9a9.msp
c:\windows\Installer\1ffd9aa.msp
c:\windows\Installer\1fff3d1.msp
c:\windows\Installer\1fff3d2.msp
c:\windows\Installer\1fff3d3.msp
c:\windows\Installer\1fff3d4.msp
c:\windows\Installer\1fff3d5.msp
c:\windows\Installer\1fff3d6.msp
c:\windows\Installer\1fff3d7.msp
c:\windows\Installer\1fff3d8.msp
c:\windows\Installer\1fff3d9.msp
c:\windows\Installer\2005039.msp
c:\windows\Installer\200503a.msp
c:\windows\Installer\200503b.msp
c:\windows\Installer\200503c.msp
c:\windows\Installer\200503d.msp
c:\windows\Installer\200503e.msp
c:\windows\Installer\200503f.msp
c:\windows\Installer\2005040.msp
c:\windows\Installer\2005041.msp
c:\windows\Installer\209c761.msp
c:\windows\Installer\209c762.msp
c:\windows\Installer\209c763.msp
c:\windows\Installer\209c764.msp
c:\windows\Installer\209c765.msp
c:\windows\Installer\209c766.msp
c:\windows\Installer\209c767.msp
c:\windows\Installer\209c768.msp
c:\windows\Installer\209c769.msp
c:\windows\Installer\21880.msp
c:\windows\Installer\21881.msp
c:\windows\Installer\21882.msp
c:\windows\Installer\21883.msp
c:\windows\Installer\21884.msp
c:\windows\Installer\21885.msp
c:\windows\Installer\21886.msp
c:\windows\Installer\21887.msp
c:\windows\Installer\21888.msp
c:\windows\Installer\21ad48e.msp
c:\windows\Installer\21ad48f.msp
c:\windows\Installer\21ad490.msp
c:\windows\Installer\21ad491.msp
c:\windows\Installer\21ad492.msp
c:\windows\Installer\21ad493.msp
c:\windows\Installer\21ad494.msp
c:\windows\Installer\21ad495.msp
c:\windows\Installer\21ad496.msp
c:\windows\Installer\22707.msp
c:\windows\Installer\22708.msp
c:\windows\Installer\22709.msp
c:\windows\Installer\2270a.msp
c:\windows\Installer\2270b.msp
c:\windows\Installer\2270c.msp
c:\windows\Installer\2270d.msp
c:\windows\Installer\2270e.msp
c:\windows\Installer\2270f.msp
c:\windows\Installer\22e3b.msp
c:\windows\Installer\22e3c.msp
c:\windows\Installer\22e3d.msp
c:\windows\Installer\22e3e.msp
c:\windows\Installer\22e3f.msp
c:\windows\Installer\22e40.msp
c:\windows\Installer\22e41.msp
c:\windows\Installer\22e42.msp
c:\windows\Installer\22e43.msp
c:\windows\Installer\232a0.msp
c:\windows\Installer\232a1.msp
c:\windows\Installer\232a2.msp
c:\windows\Installer\232a3.msp
c:\windows\Installer\232a4.msp
c:\windows\Installer\232a5.msp
c:\windows\Installer\232a6.msp
c:\windows\Installer\232a7.msp
c:\windows\Installer\232a8.msp
c:\windows\Installer\2408bd4.msp
c:\windows\Installer\2408bd5.msp
c:\windows\Installer\2408bd6.msp
c:\windows\Installer\2408bd7.msp
c:\windows\Installer\2408bd8.msp
c:\windows\Installer\2408bd9.msp
c:\windows\Installer\2408bda.msp
c:\windows\Installer\2408bdb.msp
c:\windows\Installer\2408bdc.msp
c:\windows\Installer\245ca.msp
c:\windows\Installer\245cb.msp
c:\windows\Installer\245cc.msp
c:\windows\Installer\245cd.msp
c:\windows\Installer\245ce.msp
c:\windows\Installer\245cf.msp
c:\windows\Installer\245d0.msp
c:\windows\Installer\245d1.msp
c:\windows\Installer\245d2.msp
c:\windows\Installer\24afa.msp
c:\windows\Installer\24afb.msp
c:\windows\Installer\24afc.msp
c:\windows\Installer\24afd.msp
c:\windows\Installer\24afe.msp
c:\windows\Installer\24aff.msp
c:\windows\Installer\24b00.msp
c:\windows\Installer\24b01.msp
c:\windows\Installer\24b02.msp
c:\windows\Installer\25bb8ad.msp
c:\windows\Installer\25bb8ae.msp
c:\windows\Installer\25bb8af.msp
c:\windows\Installer\25bb8b0.msp
c:\windows\Installer\25bb8b1.msp
c:\windows\Installer\25bb8b2.msp
c:\windows\Installer\25bb8b3.msp
c:\windows\Installer\25bb8b4.msp
c:\windows\Installer\25bb8b5.msp
c:\windows\Installer\25c72b6.msp
c:\windows\Installer\25c72b7.msp
c:\windows\Installer\25c72b8.msp
c:\windows\Installer\25c72b9.msp
c:\windows\Installer\25c72ba.msp
c:\windows\Installer\25c72bb.msp
c:\windows\Installer\25c72bc.msp
c:\windows\Installer\25c72bd.msp
c:\windows\Installer\25c72be.msp
c:\windows\Installer\2655fee.msp
c:\windows\Installer\2655fef.msp
c:\windows\Installer\2655ff0.msp
c:\windows\Installer\2655ff1.msp
c:\windows\Installer\2655ff2.msp
c:\windows\Installer\2655ff3.msp
c:\windows\Installer\2655ff4.msp
c:\windows\Installer\2655ff5.msp
c:\windows\Installer\2655ff6.msp
c:\windows\Installer\279ef7a.msp
c:\windows\Installer\279ef7b.msp
c:\windows\Installer\279ef7c.msp
c:\windows\Installer\279ef7d.msp
c:\windows\Installer\279ef7e.msp
c:\windows\Installer\279ef7f.msp
c:\windows\Installer\279ef80.msp
c:\windows\Installer\279ef81.msp
c:\windows\Installer\279ef82.msp
c:\windows\Installer\27dca5b.msp
c:\windows\Installer\27dca5c.msp
c:\windows\Installer\27dca5d.msp
c:\windows\Installer\27dca5e.msp
c:\windows\Installer\27dca5f.msp
c:\windows\Installer\27dca60.msp
c:\windows\Installer\27dca61.msp
c:\windows\Installer\27dca62.msp
c:\windows\Installer\27dca63.msp
c:\windows\Installer\2a37aea.msp
c:\windows\Installer\2a37aeb.msp
c:\windows\Installer\2a37aec.msp
c:\windows\Installer\2a37aed.msp
c:\windows\Installer\2a37aee.msp
c:\windows\Installer\2a37aef.msp
c:\windows\Installer\2a37af0.msp
c:\windows\Installer\2a37af1.msp
c:\windows\Installer\2a37af2.msp
c:\windows\Installer\2baa863.msp
c:\windows\Installer\2baa864.msp
c:\windows\Installer\2baa865.msp
c:\windows\Installer\2baa866.msp
c:\windows\Installer\2baa867.msp
c:\windows\Installer\2baa868.msp
c:\windows\Installer\2baa869.msp
c:\windows\Installer\2baa86a.msp
c:\windows\Installer\2baa86b.msp
c:\windows\Installer\2c2409a.msp
c:\windows\Installer\2c2409b.msp
c:\windows\Installer\2c2409c.msp
c:\windows\Installer\2c2409d.msp
c:\windows\Installer\2c2409e.msp
c:\windows\Installer\2c2409f.msp
c:\windows\Installer\2c240a0.msp
c:\windows\Installer\2c240a1.msp
c:\windows\Installer\2c240a2.msp
c:\windows\Installer\2c26c3e.msp
c:\windows\Installer\2c26c3f.msp
c:\windows\Installer\2c26c40.msp
c:\windows\Installer\2c26c41.msp
c:\windows\Installer\2c26c42.msp
c:\windows\Installer\2c26c43.msp
c:\windows\Installer\2c26c44.msp
c:\windows\Installer\2c26c45.msp
c:\windows\Installer\2c26c46.msp
c:\windows\Installer\2d50b83.msp
c:\windows\Installer\2d50b84.msp
c:\windows\Installer\2d50b85.msp
c:\windows\Installer\2d50b86.msp
c:\windows\Installer\2d50b87.msp
c:\windows\Installer\2d50b88.msp
c:\windows\Installer\2d50b89.msp
c:\windows\Installer\2d50b8a.msp
c:\windows\Installer\2d50b8b.msp
c:\windows\Installer\2ee11c3.msp
c:\windows\Installer\2ee11c4.msp
c:\windows\Installer\2ee11c5.msp
c:\windows\Installer\2ee11c6.msp
c:\windows\Installer\2ee11c7.msp
c:\windows\Installer\2ee11c8.msp
c:\windows\Installer\2ee11c9.msp
c:\windows\Installer\2ee11ca.msp
c:\windows\Installer\2ee11cb.msp
c:\windows\Installer\337aae4.msp
c:\windows\Installer\337aae5.msp
c:\windows\Installer\337aae6.msp
c:\windows\Installer\337aae7.msp
c:\windows\Installer\337aae8.msp
c:\windows\Installer\337aae9.msp
c:\windows\Installer\337aaea.msp
c:\windows\Installer\337aaeb.msp
c:\windows\Installer\337aaec.msp
c:\windows\Installer\33f2e.msp
c:\windows\Installer\33f2f.msp
c:\windows\Installer\33f30.msp
c:\windows\Installer\33f31.msp
c:\windows\Installer\33f32.msp
c:\windows\Installer\33f33.msp
c:\windows\Installer\33f34.msp
c:\windows\Installer\33f35.msp
c:\windows\Installer\33f36.msp
c:\windows\Installer\33fd289.msp
c:\windows\Installer\33fd28a.msp
c:\windows\Installer\33fd28b.msp
c:\windows\Installer\33fd28c.msp
c:\windows\Installer\33fd28d.msp
c:\windows\Installer\33fd28e.msp
c:\windows\Installer\33fd28f.msp
c:\windows\Installer\33fd290.msp
c:\windows\Installer\33fd291.msp
c:\windows\Installer\35b8480.msp
c:\windows\Installer\35b8481.msp
c:\windows\Installer\35b8482.msp
c:\windows\Installer\35b8483.msp
c:\windows\Installer\35b8484.msp
c:\windows\Installer\35b8485.msp
c:\windows\Installer\35b8486.msp
c:\windows\Installer\35b8487.msp
c:\windows\Installer\35b8488.msp
c:\windows\Installer\399fb0a.msp
c:\windows\Installer\399fb0b.msp
c:\windows\Installer\399fb0c.msp
c:\windows\Installer\399fb0d.msp
c:\windows\Installer\399fb0e.msp
c:\windows\Installer\399fb0f.msp
c:\windows\Installer\399fb10.msp
c:\windows\Installer\399fb11.msp
c:\windows\Installer\399fb12.msp
c:\windows\Installer\39aab6f.msp
c:\windows\Installer\39aab70.msp
c:\windows\Installer\39aab71.msp
c:\windows\Installer\39aab72.msp
c:\windows\Installer\39aab73.msp
c:\windows\Installer\39aab74.msp
c:\windows\Installer\39aab75.msp
c:\windows\Installer\39aab76.msp
c:\windows\Installer\39aab77.msp
c:\windows\Installer\39cfd.msp
c:\windows\Installer\39cfe.msp
c:\windows\Installer\39cff.msp
c:\windows\Installer\39d00.msp
c:\windows\Installer\39d01.msp
c:\windows\Installer\39d02.msp
c:\windows\Installer\39d03.msp
c:\windows\Installer\39d04.msp
c:\windows\Installer\39d05.msp
c:\windows\Installer\3c56ada.msp
c:\windows\Installer\3c56adb.msp
c:\windows\Installer\3c56adc.msp
c:\windows\Installer\3c56add.msp
c:\windows\Installer\3c56ade.msp
c:\windows\Installer\3c56adf.msp
c:\windows\Installer\3c56ae0.msp
c:\windows\Installer\3c56ae1.msp
c:\windows\Installer\3c56ae2.msp
c:\windows\Installer\3d7e09f.msp
c:\windows\Installer\3d7e0a0.msp
c:\windows\Installer\3d7e0a1.msp
c:\windows\Installer\3d7e0a2.msp
c:\windows\Installer\3d7e0a3.msp
c:\windows\Installer\3d7e0a4.msp
c:\windows\Installer\3d7e0a5.msp
c:\windows\Installer\3d7e0a6.msp
c:\windows\Installer\3d7e0a7.msp
c:\windows\Installer\3d7f59e.msp
c:\windows\Installer\3d7f59f.msp
c:\windows\Installer\3d7f5a0.msp
c:\windows\Installer\3d7f5a1.msp
c:\windows\Installer\3d7f5a2.msp
c:\windows\Installer\3d7f5a3.msp
c:\windows\Installer\3d7f5a4.msp
c:\windows\Installer\3d7f5a5.msp
c:\windows\Installer\3d7f5a6.msp
c:\windows\Installer\3e3b753.msp
c:\windows\Installer\3e3b754.msp
c:\windows\Installer\3e3b755.msp
c:\windows\Installer\3e3b756.msp
c:\windows\Installer\3e3b757.msp
c:\windows\Installer\3e3b758.msp
c:\windows\Installer\3e3b759.msp
c:\windows\Installer\3e3b75a.msp
c:\windows\Installer\3e3b75b.msp
c:\windows\Installer\40fa9fe.msp
c:\windows\Installer\40fa9ff.msp
c:\windows\Installer\40faa00.msp
c:\windows\Installer\40faa01.msp
c:\windows\Installer\40faa02.msp
c:\windows\Installer\40faa03.msp
c:\windows\Installer\40faa04.msp
c:\windows\Installer\40faa05.msp
c:\windows\Installer\40faa06.msp
c:\windows\Installer\41745ee.msp
c:\windows\Installer\41745ef.msp
c:\windows\Installer\41745f0.msp
c:\windows\Installer\41745f1.msp
c:\windows\Installer\41745f2.msp
c:\windows\Installer\41745f3.msp
c:\windows\Installer\41745f4.msp
c:\windows\Installer\41745f5.msp
c:\windows\Installer\41745f6.msp
c:\windows\Installer\42df2cd.msp
c:\windows\Installer\42df2ce.msp
c:\windows\Installer\42df2cf.msp
c:\windows\Installer\42df2d0.msp
c:\windows\Installer\42df2d1.msp
c:\windows\Installer\42df2d2.msp
c:\windows\Installer\42df2d3.msp
c:\windows\Installer\42df2d4.msp
c:\windows\Installer\42df2d5.msp
c:\windows\Installer\51f69dd.msp
c:\windows\Installer\51f69de.msp
c:\windows\Installer\51f69df.msp
c:\windows\Installer\51f69e0.msp
c:\windows\Installer\51f69e1.msp
c:\windows\Installer\51f69e2.msp
c:\windows\Installer\51f69e3.msp
c:\windows\Installer\51f69e4.msp
c:\windows\Installer\51f69e5.msp
c:\windows\Installer\520d18c.msp
c:\windows\Installer\520d18d.msp
c:\windows\Installer\520d18e.msp
c:\windows\Installer\520d18f.msp
c:\windows\Installer\520d190.msp
c:\windows\Installer\520d191.msp
c:\windows\Installer\520d192.msp
c:\windows\Installer\520d193.msp
c:\windows\Installer\520d194.msp
c:\windows\Installer\59e6214.msp
c:\windows\Installer\59e6215.msp
c:\windows\Installer\59e6216.msp
c:\windows\Installer\59e6217.msp
c:\windows\Installer\59e6218.msp
c:\windows\Installer\59e6219.msp
c:\windows\Installer\59e621a.msp
c:\windows\Installer\59e621b.msp
c:\windows\Installer\59e621c.msp
c:\windows\Installer\5dbfe99.msp
c:\windows\Installer\5dbfe9a.msp
c:\windows\Installer\5dbfe9b.msp
c:\windows\Installer\5dbfe9c.msp
c:\windows\Installer\5dbfe9d.msp
c:\windows\Installer\5dbfe9e.msp
c:\windows\Installer\5dbfe9f.msp
c:\windows\Installer\5dbfea0.msp
c:\windows\Installer\5dbfea1.msp
c:\windows\Installer\62edd81.msp
c:\windows\Installer\62edd82.msp
c:\windows\Installer\62edd83.msp
c:\windows\Installer\62edd84.msp
c:\windows\Installer\62edd85.msp
c:\windows\Installer\62edd86.msp
c:\windows\Installer\62edd87.msp
c:\windows\Installer\62edd88.msp
c:\windows\Installer\62edd89.msp
c:\windows\Installer\64239ae.msp
c:\windows\Installer\64239af.msp
c:\windows\Installer\64239b0.msp
c:\windows\Installer\64239b1.msp
c:\windows\Installer\64239b2.msp
c:\windows\Installer\64239b3.msp
c:\windows\Installer\64239b4.msp
c:\windows\Installer\64239b5.msp
c:\windows\Installer\64239b6.msp
c:\windows\Installer\781585.msp
c:\windows\Installer\781586.msp
c:\windows\Installer\781587.msp
c:\windows\Installer\781588.msp
c:\windows\Installer\781589.msp
c:\windows\Installer\78158a.msp
c:\windows\Installer\78158b.msp
c:\windows\Installer\78158c.msp
c:\windows\Installer\78158d.msp
c:\windows\Installer\7e8d5ca.msp
c:\windows\Installer\7e8d5cb.msp
c:\windows\Installer\7e8d5cc.msp
c:\windows\Installer\7e8d5cd.msp
c:\windows\Installer\7e8d5ce.msp
c:\windows\Installer\7e8d5cf.msp
c:\windows\Installer\7e8d5d0.msp
c:\windows\Installer\7e8d5d1.msp
c:\windows\Installer\7e8d5d2.msp
c:\windows\Installer\7ef31d8.msp
c:\windows\Installer\7ef31d9.msp
c:\windows\Installer\7ef31da.msp
c:\windows\Installer\7ef31db.msp
c:\windows\Installer\7ef31dc.msp
c:\windows\Installer\7ef31dd.msp
c:\windows\Installer\7ef31de.msp
c:\windows\Installer\7ef31df.msp
c:\windows\Installer\7ef31e0.msp
c:\windows\Installer\8e4d53.msp
c:\windows\Installer\8e4d54.msp
c:\windows\Installer\8e4d55.msp
c:\windows\Installer\8e4d56.msp
c:\windows\Installer\8e4d57.msp
c:\windows\Installer\8e4d58.msp
c:\windows\Installer\8e4d59.msp
c:\windows\Installer\8e4d5a.msp
c:\windows\Installer\8e4d5b.msp
c:\windows\Installer\8fe4fc9.msp
c:\windows\Installer\8fe4fca.msp
c:\windows\Installer\8fe4fcb.msp
c:\windows\Installer\8fe4fcc.msp
c:\windows\Installer\8fe4fcd.msp
c:\windows\Installer\8fe4fce.msp
c:\windows\Installer\8fe4fcf.msp
c:\windows\Installer\8fe4fd0.msp
c:\windows\Installer\8fe4fd1.msp
c:\windows\Installer\9cf660.msp
c:\windows\Installer\9cf661.msp
c:\windows\Installer\9cf662.msp
c:\windows\Installer\9cf663.msp
c:\windows\Installer\9cf664.msp
c:\windows\Installer\9cf665.msp
c:\windows\Installer\9cf666.msp
c:\windows\Installer\9cf667.msp
c:\windows\Installer\9cf668.msp
c:\windows\Installer\a4453cc.msp
c:\windows\Installer\a4453cd.msp
c:\windows\Installer\a4453ce.msp
c:\windows\Installer\a4453cf.msp
c:\windows\Installer\a4453d0.msp
c:\windows\Installer\a4453d1.msp
c:\windows\Installer\a4453d2.msp
c:\windows\Installer\a4453d3.msp
c:\windows\Installer\a4453d4.msp
c:\windows\Installer\ac4cde2.msp
c:\windows\Installer\ac4cde3.msp
c:\windows\Installer\ac4cde4.msp
c:\windows\Installer\ac4cde5.msp
c:\windows\Installer\ac4cde6.msp
c:\windows\Installer\ac4cde7.msp
c:\windows\Installer\ac4cde8.msp
c:\windows\Installer\ac4cde9.msp
c:\windows\Installer\ac4cdea.msp
c:\windows\Installer\af9c9b.msp
c:\windows\Installer\af9c9c.msp
c:\windows\Installer\af9c9d.msp
c:\windows\Installer\af9c9e.msp
c:\windows\Installer\af9c9f.msp
c:\windows\Installer\af9ca0.msp
c:\windows\Installer\af9ca1.msp
c:\windows\Installer\af9ca2.msp
c:\windows\Installer\af9ca3.msp
c:\windows\Installer\de87c22.msp
c:\windows\Installer\de87c23.msp
c:\windows\Installer\de87c24.msp
c:\windows\Installer\de87c25.msp
c:\windows\Installer\de87c26.msp
c:\windows\Installer\de87c27.msp
c:\windows\Installer\de87c28.msp
c:\windows\Installer\de87c29.msp
c:\windows\Installer\de87c2a.msp
c:\windows\Installer\f2e094.msp
c:\windows\Installer\f2e095.msp
c:\windows\Installer\f2e096.msp
c:\windows\Installer\f2e097.msp
c:\windows\Installer\f2e098.msp
c:\windows\Installer\f2e099.msp
c:\windows\Installer\f2e09a.msp
c:\windows\Installer\f2e09b.msp
c:\windows\Installer\f2e09c.msp
c:\windows\system32\drivers\gasfkyqmoygowb.sys
c:\windows\system32\gasfkyefwpydjm.dll
c:\windows\system32\gasfkyihxtqdnm.dll
c:\windows\system32\gasfkymydtmdwi.dat
c:\windows\system32\gasfkyoyjyakck.dll
c:\windows\system32\gasfkytpaiyoyx.dat
E:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gasfkyejklvmlr
-------\Legacy_gasfkyejklvmlr


((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-24 18:29 . 2009-09-24 18:29 -------- d-----w- c:\documents and settings\J\Application Data\IObit
2009-09-24 18:29 . 2009-09-24 18:29 -------- d-----w- c:\program files\IObit
2009-09-23 21:22 . 2009-09-23 21:22 54016 ----a-w- c:\windows\system32\drivers\ncbua.sys
2009-09-23 14:58 . 2009-09-23 14:58 54016 ----a-w- c:\windows\system32\drivers\rslxx.sys
2009-09-22 14:52 . 2009-09-22 14:52 54016 ----a-w- c:\windows\system32\drivers\udox.sys
2009-09-22 05:35 . 2009-09-22 05:35 54016 ----a-w- c:\windows\system32\drivers\jsks.sys
2009-09-22 05:06 . 2009-09-22 05:06 54016 ----a-w- c:\windows\system32\drivers\xmlykya.sys
2009-09-22 01:12 . 2009-09-22 01:12 -------- d-----w- c:\documents and settings\J\Application Data\Malwarebytes
2009-09-22 01:12 . 2009-09-24 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 01:12 . 2009-09-22 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-21 21:31 . 2009-09-21 21:31 -------- d-----w- C:\spoolerlogs
2009-09-09 20:49 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-08-31 05:05 . 2009-08-31 05:09 -------- d-----w- c:\program files\7-Zip
2009-08-31 05:05 . 2009-09-22 00:22 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-08-29 23:16 . 2009-08-29 23:16 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 05:34 . 2008-10-23 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-23 17:48 . 2009-01-20 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-29 23:17 . 2007-09-16 06:03 -------- d-----w- c:\program files\DivX
2009-08-25 19:40 . 2009-08-25 19:39 -------- d-----w- c:\documents and settings\J\Application Data\HpUpdate
2009-08-25 19:40 . 2009-08-25 19:40 -------- d-----w- c:\program files\Hp
2009-08-25 17:06 . 2007-08-29 00:07 61728 ----a-w- c:\documents and settings\J\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 10:03 . 2009-08-24 10:03 -------- d-----w- c:\program files\MSBuild
2009-08-24 10:03 . 2009-08-24 10:03 -------- d-----w- c:\program files\Reference Assemblies
2009-08-20 02:30 . 2009-08-20 02:25 -------- d-----w- c:\documents and settings\J\Application Data\U3
2009-08-18 22:25 . 2009-01-20 20:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 16:10 . 2009-01-14 17:41 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-01-14 17:42 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-01-14 17:42 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-01-14 17:42 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-01-14 17:42 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-01-14 17:42 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-01-14 17:42 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-01-14 17:42 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-01-14 17:42 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-10 17:51 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-10 17:51 286208 ------w- c:\windows\system32\wmpdxm.dll
2007-11-28 19:12 . 2008-01-04 01:34 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:12 . 2008-01-04 01:34 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:12 . 2008-01-04 01:34 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:12 . 2008-01-04 01:34 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:12 . 2008-01-04 01:34 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-11-12 995328]
"PUStarter"="c:\program files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe" [2008-05-21 73728]
"RunPUTasktray"="c:\program files\Hewlett-Packard\HP Printer Utility\HPPU.exe" [2008-05-21 68608]
"KnexStarter"="c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2007-07-03 73728]
"RunTasktray"="c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" [2009-03-23 101376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-27 17:27 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP ProfileReminder.lnk]
backup=c:\windows\pss\HP ProfileReminder.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Combustion 2008\\combustion.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\PROGRA~1\\RINGZS~1\\STORMC~1\\Stormser.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\ramdisk.sys [4/19/2000 11:00 PM 6995]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/14/2009 10:42 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/14/2009 10:42 AM 20560]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [11/7/2007 10:24 AM 44344]
S4 Spooadmhd;Spooadmhd; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-09-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-29 07:01]

2008-01-18 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]

2009-09-24 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-09-24 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: hp.com
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - c:\program files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
DPF: {C2CE96C6-0732-4A48-BA35-6060526BA7A2} - hxxp://192.168.1.117/hp/device/webAccess/multipleFileUpload.cab
FF - ProfilePath - c:\documents and settings\J\Application Data\Mozilla\Firefox\Profiles\shh58j2x.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-25 12:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1001461529-3819469422-255535410-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1001461529-3819469422-255535410-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1001461529-3819469422-255535410-1006)
@Allowed: (Read) (S-1-5-21-1001461529-3819469422-255535410-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:29,50,55,0a,68,ae,f8,4f,e3,46,18,a0,8d,a3,08,87,3e,da,c3,e8,2d,
a9,b1,03,20,83,98,b3,f5,81,50,1a,2b,63,bd,50,a9,13,63,75,d2,04,56,40,22,ec,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:29,50,55,0a,68,ae,f8,4f,e3,46,18,a0,8d,a3,08,87,3e,da,c3,e8,2d,
a9,b1,03,20,83,98,b3,f5,81,50,1a,2b,63,bd,50,a9,13,63,75,d2,04,56,40,22,ec,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(2264)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
.
**************************************************************************
.
Completion time: 2009-09-25 12:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-25 19:32

Pre-Run: 170,033,266,688 bytes free
Post-Run: 169,985,449,984 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
850 --- E O F --- 2009-09-11 19:53

#4 baker_eliz

baker_eliz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 25 September 2009 - 09:29 PM

Okay, we're back now. Plumbing emergency is taken care of! What a month! First a bad accident (we totalled our car), then this mess with the computer, and now the plumbing emergency. I sure hope that old adage about bad things coming in threes is true because that would mean we're okay for a while. We'll be home through the weekend, so when you get a chance to take another look at our recent posting, we'll be able to respond in a more timely fashion. Thanks so much.
--Joshua and elizabeth

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 26 September 2009 - 08:58 AM

I suggest you uninstall the program:

Free offers from Freeze.com

From the add and remove control panel. More info here:

http://www.siteadvisor.com/sites/freeze.com

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\system32\drivers\ncbua.sys
c:\windows\system32\drivers\rslxx.sys
c:\windows\system32\drivers\udox.sys
c:\windows\system32\drivers\jsks.sys
c:\windows\system32\drivers\xmlykya.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\RINGZS~1\\STORMC~1\\Stormser.exe"=-

Driver::
Spooadmhd


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

After you do these steps also let me know if the computer is operating correctly now.

#6 baker_eliz

baker_eliz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 26 September 2009 - 11:37 AM

Thank you. We did not find freeze.com or Free Offers from Freeze.com in the "program add or remove" window. We did find a folder C:\Program Files\Free Offers from Freeze.com, which had six files in it:
3770
5540
5542
control.txt
games.ico
musicoasis.ico
There is no uninstall in the program files.

We deleted the folder, then searched registry and deleted all files/folders with freeze.com or regfreeze in them. There were a couple of files that looked legitimate (in Photoshop, for instance) that we left.

We mvoed CFScript into ComboFix and ran it. It ran hardly any time at all and then abruptly ended. After a few seconds, a blue screen with the following message came up:
STOP: c000021A Unknown Hard Error

We rebooted and reran ComboFix with CFScript. The new log is below.

--Joshua and elizabeth

*********************************************

ComboFix 09-09-22.03 - J 09/26/2009 14:21.3.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2579 [GMT -7:00]
Running from: c:\documents and settings\J\Desktop\ComboFix--renamed.exe
Command switches used :: c:\documents and settings\J\Desktop\cfscript.txt
AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\drivers\jsks.sys"
"c:\windows\system32\drivers\ncbua.sys"
"c:\windows\system32\drivers\rslxx.sys"
"c:\windows\system32\drivers\udox.sys"
"c:\windows\system32\drivers\xmlykya.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\jsks.sys
c:\windows\system32\drivers\ncbua.sys
c:\windows\system32\drivers\rslxx.sys
c:\windows\system32\drivers\udox.sys
c:\windows\system32\drivers\xmlykya.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Spooadmhd


((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.

2009-09-24 18:29 . 2009-09-24 18:29 -------- d-----w- c:\documents and settings\J\Application Data\IObit
2009-09-24 18:29 . 2009-09-24 18:29 -------- d-----w- c:\program files\IObit
2009-09-22 01:12 . 2009-09-22 01:12 -------- d-----w- c:\documents and settings\J\Application Data\Malwarebytes
2009-09-22 01:12 . 2009-09-24 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 01:12 . 2009-09-22 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-21 21:31 . 2009-09-21 21:31 -------- d-----w- C:\spoolerlogs
2009-09-09 20:49 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-08-31 05:05 . 2009-08-31 05:09 -------- d-----w- c:\program files\7-Zip
2009-08-29 23:16 . 2009-08-29 23:16 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 06:35 . 2008-10-23 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-23 17:48 . 2009-01-20 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-29 23:17 . 2007-09-16 06:03 -------- d-----w- c:\program files\DivX
2009-08-25 19:40 . 2009-08-25 19:39 -------- d-----w- c:\documents and settings\J\Application Data\HpUpdate
2009-08-25 19:40 . 2009-08-25 19:40 -------- d-----w- c:\program files\Hp
2009-08-25 17:06 . 2007-08-29 00:07 61728 ----a-w- c:\documents and settings\J\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 10:03 . 2009-08-24 10:03 -------- d-----w- c:\program files\MSBuild
2009-08-24 10:03 . 2009-08-24 10:03 -------- d-----w- c:\program files\Reference Assemblies
2009-08-20 02:30 . 2009-08-20 02:25 -------- d-----w- c:\documents and settings\J\Application Data\U3
2009-08-18 22:25 . 2009-01-20 20:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 16:10 . 2009-01-14 17:41 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-01-14 17:42 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-01-14 17:42 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-01-14 17:42 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-01-14 17:42 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-01-14 17:42 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-01-14 17:42 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-01-14 17:42 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-01-14 17:42 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-10 17:51 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-10 17:51 286208 ------w- c:\windows\system32\wmpdxm.dll
2007-11-28 19:12 . 2008-01-04 01:34 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:12 . 2008-01-04 01:34 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:12 . 2008-01-04 01:34 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:12 . 2008-01-04 01:34 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:12 . 2008-01-04 01:34 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-25_19.29.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-26 21:29 . 2009-09-26 21:29 16384 c:\windows\temp\Perflib_Perfdata_4fc.dat
- 2009-09-25 19:28 . 2009-09-25 19:28 16384 c:\windows\temp\Perflib_Perfdata_4fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-11-12 995328]
"PUStarter"="c:\program files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe" [2008-05-21 73728]
"RunPUTasktray"="c:\program files\Hewlett-Packard\HP Printer Utility\HPPU.exe" [2008-05-21 68608]
"KnexStarter"="c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2007-07-03 73728]
"RunTasktray"="c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" [2009-03-23 101376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-27 17:27 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP ProfileReminder.lnk]
backup=c:\windows\pss\HP ProfileReminder.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Combustion 2008\\combustion.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\ramdisk.sys [4/19/2000 11:00 PM 6995]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/14/2009 10:42 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/14/2009 10:42 AM 20560]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [11/7/2007 10:24 AM 44344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-29 07:01]

2008-01-18 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: hp.com
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - c:\program files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
DPF: {C2CE96C6-0732-4A48-BA35-6060526BA7A2} - hxxp://192.168.1.117/hp/device/webAccess/multipleFileUpload.cab
FF - ProfilePath - c:\documents and settings\J\Application Data\Mozilla\Firefox\Profiles\shh58j2x.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 14:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1001461529-3819469422-255535410-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1001461529-3819469422-255535410-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1001461529-3819469422-255535410-1006)
@Allowed: (Read) (S-1-5-21-1001461529-3819469422-255535410-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:29,50,55,0a,68,ae,f8,4f,e3,46,18,a0,8d,a3,08,87,3e,da,c3,e8,2d,
a9,b1,03,20,83,98,b3,f5,81,50,1a,2b,63,bd,50,a9,13,63,75,d2,04,56,40,22,ec,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:29,50,55,0a,68,ae,f8,4f,e3,46,18,a0,8d,a3,08,87,3e,da,c3,e8,2d,
a9,b1,03,20,83,98,b3,f5,81,50,1a,2b,63,bd,50,a9,13,63,75,d2,04,56,40,22,ec,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(2480)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
.
**************************************************************************
.
Completion time: 2009-09-26 14:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-26 21:34
ComboFix2.txt 2009-09-25 19:32

Pre-Run: 169,963,925,504 bytes free
Post-Run: 169,780,285,440 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
231 --- E O F --- 2009-09-11 19:53

Edited by baker_eliz, 26 September 2009 - 04:37 PM.


#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 28 September 2009 - 09:03 AM

Before you run combofix, are you disable avast?

Also give it a run again and tell me if you have problems now.

#8 baker_eliz

baker_eliz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 28 September 2009 - 10:58 AM

Yes, we did disable Avast. We are happy to run ComboFix again, but how would we know if we have problems now? Do you want us to reconnect to the internet at this time? So far we have not been connected. Been a little afraid to because before Windows Police Pro would reload itself again. Thanks.
--elizabeth

#9 baker_eliz

baker_eliz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 28 September 2009 - 12:09 PM

Darn, i'm so rude. I didn't even say hello or good morning in my previous post. Sorry. Let me start again.

Good morning, Grinler (or do you prefer Lawrence?). We reran ComboFix. Log is below.

Sorry to be so pedantic about this process--neither of us are computer illiterate, by far. I can usually take care of things like this myself. This one had me flummoxed, though, and when the computer wouldn't get through ChkDsk, I thought we had better cross all our t's and dot our i's before reconnecting to the internet.

Thanks again,
elizabeth

***********************************************************************

ComboFix 09-09-22.03 - J 09/28/2009 9:10.4.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2603 [GMT -7:00]
Running from: c:\documents and settings\J\Desktop\ComboFix--renamed.exe
AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-24 18:29 . 2009-09-24 18:29 -------- d-----w- c:\documents and settings\J\Application Data\IObit
2009-09-24 18:29 . 2009-09-24 18:29 -------- d-----w- c:\program files\IObit
2009-09-22 01:12 . 2009-09-22 01:12 -------- d-----w- c:\documents and settings\J\Application Data\Malwarebytes
2009-09-22 01:12 . 2009-09-24 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 01:12 . 2009-09-22 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-21 21:31 . 2009-09-21 21:31 -------- d-----w- C:\spoolerlogs
2009-09-09 20:49 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-08-31 05:05 . 2009-08-31 05:09 -------- d-----w- c:\program files\7-Zip
2009-08-29 23:16 . 2009-08-29 23:16 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 08:37 . 2008-10-23 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-23 17:48 . 2009-01-20 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-29 23:17 . 2007-09-16 06:03 -------- d-----w- c:\program files\DivX
2009-08-25 19:40 . 2009-08-25 19:39 -------- d-----w- c:\documents and settings\J\Application Data\HpUpdate
2009-08-25 19:40 . 2009-08-25 19:40 -------- d-----w- c:\program files\Hp
2009-08-25 17:06 . 2007-08-29 00:07 61728 ----a-w- c:\documents and settings\J\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 10:03 . 2009-08-24 10:03 -------- d-----w- c:\program files\MSBuild
2009-08-24 10:03 . 2009-08-24 10:03 -------- d-----w- c:\program files\Reference Assemblies
2009-08-20 02:30 . 2009-08-20 02:25 -------- d-----w- c:\documents and settings\J\Application Data\U3
2009-08-18 22:25 . 2009-01-20 20:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 16:10 . 2009-01-14 17:41 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-01-14 17:42 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-01-14 17:42 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-01-14 17:42 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-01-14 17:42 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-01-14 17:42 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-01-14 17:42 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-01-14 17:42 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-01-14 17:42 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-10 17:51 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-10 17:51 286208 ------w- c:\windows\system32\wmpdxm.dll
2007-11-28 19:12 . 2008-01-04 01:34 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:12 . 2008-01-04 01:34 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:12 . 2008-01-04 01:34 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:12 . 2008-01-04 01:34 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:12 . 2008-01-04 01:34 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-25_19.29.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-26 21:29 . 2009-09-26 21:29 16384 c:\windows\temp\Perflib_Perfdata_4fc.dat
- 2009-09-25 19:28 . 2009-09-25 19:28 16384 c:\windows\temp\Perflib_Perfdata_4fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-11-12 995328]
"PUStarter"="c:\program files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe" [2008-05-21 73728]
"RunPUTasktray"="c:\program files\Hewlett-Packard\HP Printer Utility\HPPU.exe" [2008-05-21 68608]
"KnexStarter"="c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2007-07-03 73728]
"RunTasktray"="c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" [2009-03-23 101376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-27 17:27 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP ProfileReminder.lnk]
backup=c:\windows\pss\HP ProfileReminder.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Combustion 2008\\combustion.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\ramdisk.sys [4/19/2000 11:00 PM 6995]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/14/2009 10:42 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/14/2009 10:42 AM 20560]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [11/7/2007 10:24 AM 44344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-29 07:01]

2008-01-18 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: hp.com
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - c:\program files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
DPF: {C2CE96C6-0732-4A48-BA35-6060526BA7A2} - hxxp://192.168.1.117/hp/device/webAccess/multipleFileUpload.cab
FF - ProfilePath - c:\documents and settings\J\Application Data\Mozilla\Firefox\Profiles\shh58j2x.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 09:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1001461529-3819469422-255535410-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1001461529-3819469422-255535410-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1001461529-3819469422-255535410-1006)
@Allowed: (Read) (S-1-5-21-1001461529-3819469422-255535410-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:29,50,55,0a,68,ae,f8,4f,e3,46,18,a0,8d,a3,08,87,3e,da,c3,e8,2d,
a9,b1,03,20,83,98,b3,f5,81,50,1a,2b,63,bd,50,a9,13,63,75,d2,04,56,40,22,ec,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:29,50,55,0a,68,ae,f8,4f,e3,46,18,a0,8d,a3,08,87,3e,da,c3,e8,2d,
a9,b1,03,20,83,98,b3,f5,81,50,1a,2b,63,bd,50,a9,13,63,75,d2,04,56,40,22,ec,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(1424)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-28 9:15
ComboFix-quarantined-files.txt 2009-09-28 16:15
ComboFix2.txt 2009-09-26 21:34
ComboFix3.txt 2009-09-25 19:32

Pre-Run: 169,768,337,408 bytes free
Post-Run: 169,727,537,152 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
195 --- E O F --- 2009-09-11 19:53

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 28 September 2009 - 12:42 PM

Everything looks clean to me. I think its safe to reconnect to the internet.

Do this to see if there are any leftovers:

Please download Malwarebytes' Anti-Malware from here:

MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#11 baker_eliz

baker_eliz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 28 September 2009 - 01:14 PM

Below is the MBAM log. Looks clean as a whistle to me.

************************************************

Malwarebytes' Anti-Malware 1.41
Database version: 2868
Windows 5.1.2600 Service Pack 3

9/28/2009 11:05:17 AM
mbam-log-2009-09-28 (11-05-17).txt

Scan type: Quick Scan
Objects scanned: 105353
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


*********************************
Below is the HiJack This log. Ran really fast!

*************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:13 AM, on 9/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070824
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PUStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
O4 - HKLM\..\Run: [RunPUTasktray] "C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM
O4 - HKLM\..\Run: [KnexStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
O4 - HKLM\..\Run: [RunTasktray] "C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.hp.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab
O16 - DPF: {C2CE96C6-0732-4A48-BA35-6060526BA7A2} (HP Multiple File Upload Control) - http://192.168.1.117/hp/device/webAccess/m...eFileUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll
O18 - Protocol: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
O18 - Protocol: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
O18 - Protocol: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13419 bytes

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 28 September 2009 - 01:33 PM

Looks good to me. I think your good to go.

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

Windows XP System Restore Guide


Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


I am closing this topic. Please message a moderator if you need it reopened.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

#13 baker_eliz

baker_eliz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 28 September 2009 - 02:20 PM

Thank you so much. Is there anything we can do to show our appreciation?
Joshua and elizabeth

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 28 September 2009 - 08:23 PM

Nope .. we are all good :(

#15 baker_eliz

baker_eliz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 28 September 2009 - 08:26 PM

Are you sure we can't send you a bottle of wine? It's the least we can do.
--elizabeth




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users