Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.vundo.h with adware/popups attached to it


  • This topic is locked This topic is locked
15 replies to this topic

#1 TheBMT

TheBMT

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 01 November 2009 - 12:28 PM

The past few days I have been trying to figure this out. The computer we have is a business/personal computer and we already took it in last month. Im not sure where the trojan.vundo.h came from, but it brought a bunch of other stuff with it. I have only experienced it on firefox, I run script blocker and manually allow scripts. I dont know if the internet explorer does it too. I have run Malwarebytes several times only to get the "fix" and restart only to find all the stuff still there. Same goes with Spyware Doctor. Only on Full scans does the stuff pop up, quick and intelliscans only show "adware.tracking." stuff.

Here is a DDS scan:---The attach.txt is attached


DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 10:37:51.21 on Sun 11/01/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.787 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.7\UIBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hp\hp share-to-web\hpgs2wnd.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [zokepegop] Rundll32.exe "c:\windows\system32\turazuru.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144931741057
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244998206984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
AppInit_DLLs: leduwupe.dll c:\windows\system32\turazuru.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ziposenil - {b224375a-b2e0-4a6f-a0dd-bd40c2eefb75} - c:\windows\system32\turazuru.dll
STS: {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - No File
STS: gahurihor: {b224375a-b2e0-4a6f-a0dd-bd40c2eefb75} - c:\windows\system32\turazuru.dll
LSA: Notification Packages = scecli loganoye.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\6w9m844c.default\
FF - HiddenExtension: XUL Cache: {B8504D14-4127-45E3-B162-72FE9EF16EEB} - c:\documents and settings\owner\local settings\application data\{B8504D14-4127-45E3-B162-72FE9EF16EEB}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-27 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-10-27 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-10-27 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-10-27 229304]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-10-27 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-27 358600]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-14 102448]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-10-27 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-10-27 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S1 SASDIFSV;SASDIFSV;\??\g:\spyware removal\superantispyware\sasdifsv.sys --> g:\spyware removal\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 CTSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctsfsyn.sys [2006-4-12 155904]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-26 38160]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2006-4-13 155264]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SASENUM;SASENUM;\??\g:\spyware removal\superantispyware\sasenum.sys --> g:\spyware removal\superantispyware\SASENUM.SYS [?]

=============== Created Last 30 ================

2009-11-01 15:14:55 0 d-----w- c:\program files\Trend Micro
2009-10-28 08:38:38 1 --sh--w- c:\windows\system32\fapiruda.dll
2009-10-28 08:38:38 1 --sh--w- c:\windows\system32\bimewefi.dll
2009-10-28 08:38:31 1 --sh--w- c:\windows\system32\milifuse.dll
2009-10-28 04:06:22 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-28 04:06:22 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-28 04:06:22 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-28 03:44:21 883 ----a-w- c:\windows\RegSDImport.xml
2009-10-28 03:44:21 880 ----a-w- c:\windows\RegISSImport.xml
2009-10-28 03:44:21 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-28 03:44:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-28 03:44:21 131 ----a-w- c:\windows\IDB.zip
2009-10-28 03:44:20 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-28 03:44:20 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-28 03:44:20 1152470 ----a-w- c:\windows\UDB.zip
2009-10-28 03:38:00 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-10-28 03:38:00 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-28 03:37:46 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-28 03:37:46 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-28 03:37:46 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-28 03:37:46 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-28 03:37:34 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-10-28 03:37:34 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-28 03:37:20 0 d-----w- c:\program files\Spyware Doctor
2009-10-28 03:37:20 0 d-----w- c:\program files\common files\PC Tools
2009-10-28 03:37:20 0 d-----w- c:\docume~1\owner\applic~1\PC Tools
2009-10-28 03:37:20 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-27 02:15:09 0 ----a-w- c:\documents and settings\owner\
2009-10-22 19:35:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Kodak

==================== Find3M ====================

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 13:09:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 18:13:57 16078 ----a-w- c:\windows\exaditem.dll
2009-08-25 16:11:57 15982 ----a-w- c:\windows\onovefog.dll
2009-08-25 14:10:15 15934 ----a-w- c:\windows\oxajahiga.dll
2009-08-25 12:09:32 20878 ----a-w- c:\windows\abegajim.dll
2009-08-25 11:15:03 16030 ----a-w- c:\windows\ecegoyineba.dll
2009-08-25 09:13:12 15982 ----a-w- c:\windows\efebogise.dll
2009-08-25 07:11:11 15982 ----a-w- c:\windows\arusuyan.dll
2009-08-25 05:10:36 22785 ----a-w- c:\windows\ozitages.dll
2009-08-25 04:52:17 24906 ----a-w- c:\windows\ugifepov.dll
2009-08-25 03:20:18 15934 ----a-w- c:\windows\ixetoyeful.dll
2009-08-25 01:18:17 20731 ----a-w- c:\windows\oyijazijulucasi.dll
2009-08-24 23:16:23 15934 ----a-w- c:\windows\emayejuhediq.dll
2009-08-24 21:14:18 15982 ----a-w- c:\windows\iluledunumulo.dll
2009-08-24 19:12:18 16030 ----a-w- c:\windows\uganeputehobek.dll
2009-08-24 17:10:18 16030 ----a-w- c:\windows\ukebiqobacag.dll
2009-08-24 15:08:18 15982 ----a-w- c:\windows\ojusohomat.dll
2009-08-24 13:07:59 15886 ----a-w- c:\windows\ihocehez.dll
2009-08-24 12:23:30 20763 ----a-w- c:\windows\uxizuyoc.dll
2009-08-24 10:21:04 22810 ----a-w- c:\windows\utebeyey.dll
2009-08-24 08:17:24 21030 ----a-w- c:\windows\utamelum.dll
2009-08-24 06:15:48 15982 ----a-w- c:\windows\icinazob.dll
2009-08-24 04:15:11 15982 ----a-w- c:\windows\ovebesitef.dll
2009-08-23 03:27:33 46 ----a-w- C:\p2hhr.bat
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 15:11:44 41560 ----a-w- c:\windows\fonts\Starcraft Normal.ttf
2009-08-06 15:11:23 79112 ----a-w- c:\windows\fonts\celticmd.ttf
2009-08-06 15:09:18 26092 ----a-w- c:\windows\fonts\CELTG___.TTF
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 11:02:13 38400 --sha-w- c:\windows\system32\dakiloni.dll
2009-07-30 23:03:14 60928 --sha-w- c:\windows\system32\getumise.dll
2009-07-26 20:18:29 37888 --sha-w- c:\windows\system32\heyehita.dll
2009-07-27 08:18:56 38912 --sha-w- c:\windows\system32\hifutizi.dll
2009-07-31 23:03:30 89088 --sha-w- c:\windows\system32\jaweviyi.dll
2009-07-27 20:19:25 38400 --sha-w- c:\windows\system32\jetebusu.dll
2009-07-28 11:01:32 38912 --sha-w- c:\windows\system32\jijisipu.dll
2009-07-26 08:18:09 37888 --sha-w- c:\windows\system32\karudufo.dll
2009-08-01 11:03:52 37888 --sha-w- c:\windows\system32\kubiwipi.dll
2009-07-26 20:19:01 51200 --sha-w- c:\windows\system32\leduwupe.dll
2009-07-28 08:38:11 1 --sha-w- c:\windows\system32\meyopoli.dll
2009-07-30 23:03:14 38912 --sha-w- c:\windows\system32\nakizoro.dll
2009-07-26 20:18:29 51200 --sha-w- c:\windows\system32\navavaze.dll
2009-07-28 08:38:14 1 --sha-w- c:\windows\system32\paviviwa.dll
2009-07-30 11:02:43 37888 --sha-w- c:\windows\system32\rehiyiho.dll
2009-07-28 08:38:11 1 --sha-w- c:\windows\system32\relugane.dll
2009-07-26 08:18:09 51712 --sha-w- c:\windows\system32\rinumoda.dll
2009-07-31 23:03:30 37888 --sha-w- c:\windows\system32\tenolabo.dll
2009-07-28 23:01:53 37888 --sha-w- c:\windows\system32\tubijeki.dll
2009-08-01 11:03:52 89088 --sha-w- c:\windows\system32\turazuru.dll
2009-07-25 20:17:57 38912 --sha-w- c:\windows\system32\vamutoju.dll
2009-07-27 20:19:25 61440 --sha-w- c:\windows\system32\vufosesa.dll
2008-11-26 15:08:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112620081127\index.dat

============= FINISH: 10:44:27.20 ===============

I tried running rootrepeal as well but I keep locking up during the files scan.

BC AdBot (Login to Remove)

 


#2 TheBMT

TheBMT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 05 November 2009 - 02:50 PM

I couldn't find the place to edit my post, but I finally got root repeal to run with out the computer freezing up.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/05 13:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB739A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79F5000 Size: 8192 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7A50000 Size: 1664 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB0D98000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF798D000 Size: 5248 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\perflib_perfdata_66c.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\cc9d.tmp
Status: Allocation size mismatch (API: 1114112, Raw: 0)

Path: c:\windows\temp\cc9e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\cc9f.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\windows\temp\cca0.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: C:\WINDOWS\ftpcache\ftpcache
Status: Locked to the Windows API!

Path: C:\WINDOWS\addins\addins
Status: Locked to the Windows API!

Path: C:\WINDOWS\Config\Config
Status: Locked to the Windows API!

Path: C:\WINDOWS\Connection Wizard\Connection Wizard
Status: Locked to the Windows API!

Path: C:\WINDOWS\mui\mui
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB917422\KB917422
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB924496\KB924496
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB928090\KB928090
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB931836\KB931836
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB932168\KB932168
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB939653\KB939653
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB942615\KB942615
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB943460\KB943460
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\temp\temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\tmp\tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1
Status: Locked to the Windows API!

Path: C:\WINDOWS\Debug\UserMode\UserMode
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\classes\classes
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\trustlib\trustlib
Status: Locked to the Windows API!

Path: C:\WINDOWS\msapps\msinfo\msinfo
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp98\imejp98
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Temp\Temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\chsime\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\CHTIME\Applets\Applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imjp8_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\dicts\dicts
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\shared\res\res
Status: Locked to the Windows API!

Path: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091014.003\EraserUtilRebootDrv.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10DC.tmp\ZAP10DC.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11BF.tmp\ZAP11BF.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP36F.tmp\ZAP36F.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x89e5b6d0

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x89e5b778

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x89ca8138

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89e2a620

#: 041 Function Name: NtCreateKey
Status: Hooked by "TfSysMon.sys" at address 0xf744ba1c

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x89c9a0a8

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7460cdc

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7460ece

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x89d93710

#: 063 Function Name: NtDeleteKey
Status: Hooked by "TfSysMon.sys" at address 0xf744bc10

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf744bcb6

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a1c0ef0

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8a037980

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x89e49700

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a1c0e50

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a04ba18

#: 119 Function Name: NtOpenKey
Status: Hooked by "TfSysMon.sys" at address 0xf744b90c

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x89e1b4f8

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x89c81690

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf7480d30

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x89de64f8

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x89dea498

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x89d2b150

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x89cab180

#: 247 Function Name: NtSetValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf744be52

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x89e63548

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x89e56498

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "TfSysMon.sys" at address 0xf744db30

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x89e4b778

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x89df24d0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x896257f0

==EOF==


I had an issue where a Smax4.exe was eating up a ton of processor and memory. Closing that process helped so far.

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:57 AM

Posted 07 November 2009 - 07:50 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#4 TheBMT

TheBMT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 08 November 2009 - 11:28 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-11-08 11:19:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (18%) free of 76 GB
Total RAM: 2047 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:53 AM, on 11/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\Owner\Desktop\alex\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [zokepegop] Rundll32.exe "c:\windows\system32\movojabo.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144931741057
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1244998206984
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Filter hijack: text/html - {ee0b9f07-a225-4119-861a-d6aab565b106} - (no file)
O20 - AppInit_DLLs: c:\windows\system32\movojabo.dll,leduwupe.dll
O21 - SSODL: pegaderaw - {2bfe263a-45a7-4ed0-a448-4c01fe1f1411} - c:\windows\system32\movojabo.dll
O22 - SharedTaskScheduler: ghya673gidh87we9inkff - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {2bfe263a-45a7-4ed0-a448-4c01fe1f1411} - c:\windows\system32\movojabo.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 11779 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-11-22 2403392]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll [2007-07-11 608656]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-09-20 1404928]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 708608]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-09 5898240]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-12-09 86016]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"Share-to-Web Namespace Daemon"=C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416]
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2002-11-22 348160]
"HPHUPD04"=C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [2002-11-22 49152]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-07-17 116072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-26 149280]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-09-22 1243088]
"zokepegop"=c:\windows\system32\movojabo.dll [2009-08-07 89088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-08-09 1961984]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hdeqiyime]
C:\WINDOWS\anidigoje.dll,e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDRV]
NetFilter.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\movojabo.dll,leduwupe.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
pegaderaw - {2bfe263a-45a7-4ed0-a448-4c01fe1f1411} - c:\windows\system32\movojabo.dll [2009-08-07 89088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ghya673gidh87we9inkff - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53}
mujuzedij - {2bfe263a-45a7-4ed0-a448-4c01fe1f1411} - c:\windows\system32\movojabo.dll [2009-08-07 89088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
loganoye.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:*:Enabled:PMSManager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Documents and Settings\Owner\Local Settings\Temp\7zSDF.tmp\SymNRT.exe"="C:\Documents and Settings\Owner\Local Settings\Temp\7zSDF.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409f52a4-f80d-11dc-843e-0013d4f41f08}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a5926ae-3e2c-11de-84d4-0013d4f41f08}]
shell\AutoRun\command - LOGONUI.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f4a30e-ba4d-11de-8525-0013d4f41f08}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-11-08 03:07:36 ----D---- C:\rsit
2009-11-05 13:44:03 ----A---- C:\RootRepeal report 11-05-09 (13-44-03).txt
2009-11-04 19:54:40 ----SH---- C:\WINDOWS\system32\tutokifo.dll
2009-11-04 19:54:36 ----SH---- C:\WINDOWS\system32\kejezegu.dll
2009-11-04 07:42:41 ----SH---- C:\WINDOWS\system32\banimaze.dll
2009-11-04 07:42:34 ----SH---- C:\WINDOWS\system32\potozahe.dll
2009-11-03 19:42:09 ----SH---- C:\WINDOWS\system32\jabohino.dll
2009-11-03 07:42:52 ----SH---- C:\WINDOWS\system32\dijanumo.dll
2009-11-01 10:49:45 ----A---- C:\RootRepeal report 11-01-09 (10-49-45).txt
2009-11-01 10:48:27 ----A---- C:\RootRepeal report 11-01-09 (10-48-27).txt
2009-11-01 10:14:55 ----D---- C:\Program Files\Trend Micro
2009-10-28 03:38:38 ----SH---- C:\WINDOWS\system32\fapiruda.dll
2009-10-28 03:38:38 ----SH---- C:\WINDOWS\system32\bimewefi.dll
2009-10-28 03:38:31 ----SH---- C:\WINDOWS\system32\milifuse.dll
2009-10-27 22:44:21 ----A---- C:\WINDOWS\SGDetectionTool.dll
2009-10-27 22:44:21 ----A---- C:\WINDOWS\BDTSupport.dll
2009-10-27 22:44:20 ----A---- C:\WINDOWS\PCTBDRes.dll
2009-10-27 22:44:20 ----A---- C:\WINDOWS\PCTBDCore.dll
2009-10-27 22:37:20 ----D---- C:\Program Files\Spyware Doctor
2009-10-27 22:37:20 ----D---- C:\Program Files\Common Files\PC Tools
2009-10-27 22:37:20 ----D---- C:\Documents and Settings\Owner\Application Data\PC Tools
2009-10-27 22:37:20 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-10-27 22:36:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-22 14:35:02 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2009-10-15 02:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 02:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 02:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 02:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 02:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 02:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 02:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 02:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$

======List of files/folders modified in the last 1 months======

2009-11-08 11:19:39 ----D---- C:\WINDOWS\Temp
2009-11-08 05:38:44 ----D---- C:\WINDOWS
2009-11-08 05:38:41 ----D---- C:\WINDOWS\system32
2009-11-08 05:37:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-08 03:31:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-08 03:21:33 ----D---- C:\Program Files\Mozilla Firefox
2009-11-07 08:09:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-07 06:20:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-05 13:26:06 ----D---- C:\WINDOWS\system32\drivers
2009-11-05 00:01:29 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-11-04 23:59:31 ----RD---- C:\Program Files
2009-11-04 23:59:27 ----D---- C:\Documents and Settings\Owner\Application Data\MechCAD
2009-11-03 09:01:47 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-27 22:37:35 ----SHD---- C:\WINDOWS\Installer
2009-10-27 22:37:35 ----HD---- C:\Config.Msi
2009-10-27 22:37:34 ----D---- C:\WINDOWS\WinSxS
2009-10-27 22:37:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-27 22:37:20 ----D---- C:\Program Files\Common Files
2009-10-27 22:24:43 ----SD---- C:\WINDOWS\Tasks
2009-10-27 10:30:35 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-27 10:29:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-25 06:44:00 ----D---- C:\Documents and Settings\Owner\Application Data\U3
2009-10-25 06:43:38 ----HD---- C:\WINDOWS\inf
2009-10-15 04:16:01 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-15 02:03:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-15 02:03:51 ----D---- C:\Program Files\Internet Explorer
2009-10-15 02:03:31 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-08-13 129408]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-17 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-17 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-17 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091014.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091014.003\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-09 3095680]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2004-08-31 178736]
R3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-08 259968]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20091006.001\SymIDSCo.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-01-09 35256]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S1 NDISRD;NDISRD; C:\WINDOWS\system32\drivers\NDISRD.sys [2009-06-22 24576]
S1 SASDIFSV;SASDIFSV; \??\G:\Spyware Removal\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 APL531;OVT Scanner; C:\WINDOWS\System32\Drivers\ov550i.sys [2006-07-31 580992]
S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-10 402944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2004-08-31 131184]
S3 CTSFSYN;Creative SoundFont Synth; C:\WINDOWS\system32\drivers\ctsfsyn.sys [2004-08-24 155904]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nuvaud2;Pinnacle DVC 80 Audio; C:\WINDOWS\system32\DRIVERS\nuvaud2.sys [2001-12-03 26560]
S3 NUVision;Pinnacle DVC 80 Video; C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
S3 PciCon;PciCon; \??\D:\PciCon.sys []
S3 SASENUM;SASENUM; \??\G:\Spyware Removal\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-07-17 108904]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-07-17 108904]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-07-17 108904]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-26 153376]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-07-17 108904]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-09 127043]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe [2005-08-03 49152]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-23 1141200]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-10-08 70928]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-22 138168]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2002-12-17 311872]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-03-25 1251720]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


The info file:

info.txt logfile of random's system information tool 1.06 2009-11-08 03:10:31

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C607218C-E913-46AC-AFB1-B6B3E99ED068}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C607218C-E913-46AC-AFB1-B6B3E99ED068}\Setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}\setup.exe" -l0x9
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Belkin Wireless USB Utility-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A6359CCF-215D-43D9-8366-479D231F2A72}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Defender 2.0.6.10-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Digital Audio MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Heritage Family Tree Deluxe-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9E1F626B-4B9F-4EA1-9C0B-074D89939C5B}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Manager 1.0-->C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet J4500 Series-->C:\Program Files\HP\Digital Imaging\{CD0773D5-C18E-495c-B39B-21A96415EDD5}\setup\hpzscr01.exe -datfile hpwscr19.dat -forcereboot
HP Photo and Imaging 1.0 - Scanjet 3500c Series-->MsiExec.exe /I{B8E952E3-A823-443A-8493-39A0CCE0E3EB}
HP Photo and Imaging 2.0 - Photosmart Printer Series-->MsiExec.exe /I{0D396571-7BBD-44CE-ABB3-518BF86B72F7}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Scanjet 4800 series-->C:\Program Files\HP\Digital Imaging\{469436E4-A436-4a2f-8113-239EE6D1A60F}\setup\hpzscr01.exe -datfile hpgscr06.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LabelCreator Pro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\LabelCreator Pro\DeIsL1.isu" -c"C:\Program Files\LabelCreator Pro\_ISREG32.DLL"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (PINNACLESYS)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MusicMatch Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MusicMatch\MusicMatch Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_3_0_24\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help-->MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component-->MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OVT Scanner X86-->MsiExec.exe /I{6B566EFE-DC1D-471F-93DD-84832663F140}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Photosmart 130,230,7150,7345,7350,7550 (Remove only)-->C:\Program Files\HP Photosmart 11\Printer\hphuni04.exe
Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\6.0\uninstal.log
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
Pinnacle MediaServer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x9 UNINSTALL
Pinnacle Systems USB Installation-->C:\PROGRA~1\Pinnacle\PINNAC~1\UNWISE.EXE C:\PROGRA~1\Pinnacle\PINNAC~1\INSTALL.LOG
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
SequoiaView-->C:\Program Files\SequoiaView\Uninstal.exe
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Studio 10-->"C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe"iles\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup.exe -l0x9 UNINSTALL
SuppSoft-->MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls-->MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Print Shop 22-->MsiExec.exe /I{1D2AB963-7FF4-4446-BF22-822101AA550F}
Uninstall OVT Scanner-->C:\WINDOWS\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: Spyware Doctor with AntiVirus
AV: Norton 360
FW: Norton 360

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Common Files\ArcSoft\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\;C:\Program Files\Common Files\HP\Digital Imaging\\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Thanks. Some more info if it helps, is that the last time I had trouble(1-2 months ago) with the computer it was through firefox. Norton has had difficulty of updating, we have been getting error messages with that. I still get popups from time to time, spyware doc blocks some of them. I have had issues going into safe mode to do anything or even system restore. I added Spyware Doc after the issues sprang up since I dont really trust Norton that much.

I have had some issues with Smax4.exe going crazy and taking up 100% cpu at times when im scanning things too.

Edited by TheBMT, 08 November 2009 - 04:36 PM.


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:57 AM

Posted 08 November 2009 - 05:36 PM

Hi,

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#6 TheBMT

TheBMT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 09 November 2009 - 02:12 AM

I have a problem with closing Norton, I have no option to. I cant uninstall it. Should I just delete everything, since the subscription is expired?

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:57 AM

Posted 09 November 2009 - 02:21 AM

Yes, you can just uninstall it and running the following tool should clean up any remnants.

You still have some leftovers from an incomplete uninstallation of Norton security products on your computer.
To remove the leftovers please download and run the Norton Removal Tool.

Note: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
If you use ACT! or WinFAX, back up those databases before you proceed.

unite.jpg


#8 TheBMT

TheBMT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 09 November 2009 - 02:48 PM

I included the attachment of this text as well.





ComboFix 09-11-08.03 - Owner 11/09/2009 13:46.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1522 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\pefeg.bat
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Owner\Local Settings\Application Data\{B8504D14-4127-45E3-B162-72FE9EF16EEB}
c:\documents and settings\Owner\Local Settings\Application Data\{B8504D14-4127-45E3-B162-72FE9EF16EEB}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{B8504D14-4127-45E3-B162-72FE9EF16EEB}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{B8504D14-4127-45E3-B162-72FE9EF16EEB}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{B8504D14-4127-45E3-B162-72FE9EF16EEB}\install.rdf
C:\p2hhr.bat
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\windows\abegajim.dll
c:\windows\arusuyan.dll
c:\windows\ecegoyineba.dll
c:\windows\efebogise.dll
c:\windows\emayejuhediq.dll
c:\windows\exaditem.dll
c:\windows\icinazob.dll
c:\windows\ihocehez.dll
c:\windows\iluledunumulo.dll
c:\windows\ixetoyeful.dll
c:\windows\mamyxifoj.reg
c:\windows\nutewa.vbs
c:\windows\ojusohomat.dll
c:\windows\onovefog.dll
c:\windows\ovebesitef.dll
c:\windows\oxajahiga.dll
c:\windows\oyijazijulucasi.dll
c:\windows\ozitages.dll
c:\windows\raso.bat
c:\windows\system32\banimaze.dll
c:\windows\system32\bimewefi.dll
c:\windows\system32\dakiloni.dll
c:\windows\system32\dijanumo.dll
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\fapiruda.dll
c:\windows\system32\getumise.dll
c:\windows\system32\gomonoye.dll
c:\windows\system32\gunuseli.dll
c:\windows\system32\heyehita.dll
c:\windows\system32\hifutizi.dll
c:\windows\system32\horihiju.dll
c:\windows\system32\jabohino.dll
c:\windows\system32\jetebusu.dll
c:\windows\system32\jijisipu.dll
c:\windows\system32\karudufo.dll
c:\windows\system32\kejezegu.dll
c:\windows\system32\kubiwipi.dll
c:\windows\system32\meyopoli.dll
c:\windows\system32\milifuse.dll
c:\windows\system32\movojabo.dll
c:\windows\system32\mozohafa.dll.tmp
c:\windows\system32\nafamise.dll.tmp
c:\windows\system32\nakizoro.dll
c:\windows\system32\navavaze.dll
c:\windows\system32\ndisapi.dll
c:\windows\system32\nehuvuri.dll
c:\windows\system32\paviviwa.dll
c:\windows\system32\potozahe.dll
c:\windows\system32\qila.bat
c:\windows\system32\raseloka.dll
c:\windows\system32\rehiyiho.dll
c:\windows\system32\relugane.dll
c:\windows\system32\rinumoda.dll
c:\windows\system32\tenolabo.dll
c:\windows\system32\terutajo.dll.tmp
c:\windows\system32\tigomovo.dll
c:\windows\system32\tisehuza.dll
c:\windows\system32\tubijeki.dll
c:\windows\system32\tutokifo.dll
c:\windows\system32\vamutoju.dll
c:\windows\system32\vufosesa.dll
c:\windows\system32\zinefowo.dll
c:\windows\uganeputehobek.dll
c:\windows\ugesidy.scr
c:\windows\ukebiqobacag.dll
c:\windows\utamelum.dll
c:\windows\utebeyey.dll
c:\windows\uxizuyoc.dll
c:\windows\ydahyj.dll
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://82.98.231.98
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_NDISRD


((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-08 08:07 . 2009-11-08 08:17 -------- d-----w- C:\rsit
2009-11-01 15:14 . 2009-11-01 15:14 -------- d-----w- c:\program files\Trend Micro
2009-10-28 03:56 . 2009-10-28 03:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2009-10-28 03:37 . 2009-11-09 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-28 03:36 . 2009-11-09 18:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-22 19:35 . 2007-02-27 21:47 1566352 ----a-r- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_26aded30\Setup.exe
2009-10-22 19:35 . 2009-10-22 19:35 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
2009-10-22 19:35 . 2009-10-22 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 18:01 . 2006-04-13 23:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-09 17:55 . 2006-04-13 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-05 04:59 . 2008-05-01 15:43 -------- d-----w- c:\documents and settings\Owner\Application Data\MechCAD
2009-11-03 14:01 . 2006-04-12 20:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 15:30 . 2008-11-25 13:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-27 15:29 . 2009-08-26 19:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 11:44 . 2008-03-22 13:34 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-09-16 15:42 . 2009-09-16 15:42 -------- d-----w- c:\program files\QuickTime
2009-09-16 15:41 . 2009-05-08 15:41 -------- d-----w- c:\program files\Common Files\Apple
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 19:26 . 2009-08-26 13:14 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-26 18:27 . 2009-08-24 03:44 120 ----a-w- c:\windows\Jwozaxoga.dat
2009-08-26 13:09 . 2009-08-26 13:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-26 13:09 . 2009-08-26 13:09 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 04:52 . 2009-08-25 04:52 24906 ----a-w- c:\windows\ugifepov.dll
2009-08-23 03:51 . 2009-08-23 03:51 16589 ----a-w- c:\windows\etogukufy.sys
2009-08-23 03:51 . 2009-08-23 03:51 15395 ----a-w- c:\windows\etoxejyh.com
2009-08-23 03:51 . 2009-08-23 03:51 11013 ----a-w- c:\windows\yvagy.bin
2009-08-23 03:51 . 2009-08-23 03:51 10447 ----a-w- c:\program files\Common Files\cunij.ban
2009-08-23 03:51 . 2009-08-23 03:51 10442 ----a-w- c:\program files\Common Files\ikeboryx._sy
2009-08-23 03:51 . 2009-08-23 03:51 14204 ----a-w- c:\windows\system32\zyfa.dll
2009-08-05 12:40 . 2009-08-05 12:40 90112 --sha-w- c:\windows\system32\fukafati.dll
2009-08-06 12:41 . 2009-08-06 12:41 89600 --sha-w- c:\windows\system32\hasuyegi.dll
2009-08-07 00:41 . 2009-08-07 00:41 89088 --sha-w- c:\windows\system32\meyekusu.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-09-20 1404928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 5898240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-26 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-09 1519616]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SASDIFSV;SASDIFSV;\??\g:\spyware removal\SUPERAntiSpyware\SASDIFSV.SYS --> g:\spyware removal\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 7:44 AM 580992]
S3 CTSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctsfsyn.sys [4/12/2006 3:53 PM 155904]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/26/2009 1:51 PM 38160]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [4/13/2006 4:08 PM 155264]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SASENUM;SASENUM;\??\g:\spyware removal\SUPERAntiSpyware\SASENUM.SYS --> g:\spyware removal\SUPERAntiSpyware\SASENUM.SYS [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6w9m844c.default\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
HKLM-Run-zokepegop - c:\windows\system32\movojabo.dll
SharedTaskScheduler-{2bfe263a-45a7-4ed0-a448-4c01fe1f1411} - c:\windows\system32\movojabo.dll
SSODL-pegaderaw-{2bfe263a-45a7-4ed0-a448-4c01fe1f1411} - c:\windows\system32\movojabo.dll
AddRemove-{3CB05291-F546-458E-A796-B5BCF5A3CDC4} - c:\program files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exeiles\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 13:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,b7,0c,70,1e,42,aa,4b,b0,08,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,b7,0c,70,1e,42,aa,4b,b0,08,af,\

[HKEY_USERS\S-1-5-21-839522115-920026266-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-11-09 14:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-09 19:07

Pre-Run: 15,510,335,488 bytes free
Post-Run: 15,687,274,496 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CAE77D0D046EB4A733D494EAE996C1CB

Attached Files



#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:57 AM

Posted 10 November 2009 - 02:41 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\Jwozaxoga.dat
c:\windows\ugifepov.dll
c:\windows\etogukufy.sys
c:\windows\etoxejyh.com
c:\windows\yvagy.bin
c:\program files\Common Files\cunij.ban
c:\program files\Common Files\ikeboryx._sy
c:\windows\system32\zyfa.dll
c:\windows\system32\fukafati.dll
c:\windows\system32\hasuyegi.dll
c:\windows\system32\meyekusu.dll
FCopy::
c:\windows\ServicePackFiles\i386\eventlog.dll c:\windows\system32\eventlog.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Download and run Win32kDiag:
  • Download Win32kDiag from any of the following locations and save it to your Desktop.
  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • Once it has finished, press any key to close the program.
  • It will create the file Win32kDiag.txt on your Desktop Copy and paste the contents in your next reply.

  • Please download Junction.zip and save it, then unzip the contents to your desktop.
  • Go to Start >> Run, then Copy and paste the following command in the run box and click Ok.

    cmd /c "%userprofile%\desktop\junction.exe" -s c:\ >log.txt&log.txt& del log.txt

  • A command window opens starting to scan the system. Wait until the log file log.txt opens. Copy and paste the contents in your next reply.


I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


Please post back here with the following logs:
  • Combofix.txt
  • Win32kDiag.txt
  • log.txt
Thanks

unite.jpg


#10 TheBMT

TheBMT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 11 November 2009 - 12:19 AM

I have spyware doctor running, I just had to uninstall it while I did the combo fix, didnt realize I had to restart my computer for it to take effect.

Here is what you asked for in order, thanks so far:

ComboFix 09-11-09.02 - Owner 11/10/2009 23:27.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1568 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FILE ::
"c:\program files\Common Files\cunij.ban"
"c:\program files\Common Files\ikeboryx._sy"
"c:\windows\etogukufy.sys"
"c:\windows\etoxejyh.com"
"c:\windows\Jwozaxoga.dat"
"c:\windows\system32\fukafati.dll"
"c:\windows\system32\hasuyegi.dll"
"c:\windows\system32\meyekusu.dll"
"c:\windows\system32\zyfa.dll"
"c:\windows\ugifepov.dll"
"c:\windows\yvagy.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\cunij.ban
c:\program files\Common Files\ikeboryx._sy
c:\windows\etogukufy.sys
c:\windows\etoxejyh.com
c:\windows\Jwozaxoga.dat
c:\windows\system32\fukafati.dll
c:\windows\system32\hasuyegi.dll
c:\windows\system32\meyekusu.dll
c:\windows\system32\zyfa.dll
c:\windows\ugifepov.dll
c:\windows\yvagy.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-11 04:23 . 2009-11-11 04:23 -------- d-----w- c:\windows\LastGood.Tmp
2009-11-09 20:02 . 2009-10-08 18:14 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-11-09 20:02 . 2009-10-08 18:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-11-09 19:51 . 2009-11-09 19:51 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2009-11-08 08:07 . 2009-11-08 08:17 -------- d-----w- C:\rsit
2009-11-01 15:14 . 2009-11-01 15:14 -------- d-----w- c:\program files\Trend Micro
2009-10-28 03:56 . 2009-10-28 03:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2009-10-28 03:37 . 2009-11-09 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-28 03:36 . 2009-11-11 04:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-22 19:35 . 2007-02-27 21:47 1566352 ----a-r- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_26aded30\Setup.exe
2009-10-22 19:35 . 2009-10-22 19:35 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
2009-10-22 19:35 . 2009-10-22 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 04:07 . 2009-11-09 19:51 -------- d-----w- c:\program files\Spyware Doctor
2009-10-06 21:31 . 2009-11-09 19:51 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-02 19:19 . 2009-11-09 20:02 1152470 ----a-w- c:\windows\UDB.zip
2009-09-24 13:55 . 2009-11-09 19:51 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 21:10 . 2009-11-09 19:51 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-16 15:42 . 2009-09-16 15:42 -------- d-----w- c:\program files\QuickTime
2009-09-16 15:41 . 2009-05-08 15:41 -------- d-----w- c:\program files\Common Files\Apple
2009-09-16 08:20 . 2009-11-09 19:51 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 11:20 . 2009-11-09 19:51 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 07:12 . 2009-11-09 19:51 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 06:01 . 2009-11-09 19:51 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 14:45 . 2009-11-09 19:51 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-29 08:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 19:26 . 2009-08-26 13:14 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-26 13:09 . 2009-08-26 13:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-26 13:09 . 2009-08-26 13:09 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-11-09_18.56.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
- 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-11-11 04:37 . 2009-11-11 04:37 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat
+ 2009-11-11 04:37 . 2009-11-11 04:37 16384 c:\windows\Temp\Perflib_Perfdata_70c.dat
- 2004-08-04 12:00 . 2009-11-09 18:23 79520 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-11-11 04:41 79520 c:\windows\system32\perfc009.dat
+ 2009-11-09 20:02 . 2009-10-08 18:14 51984 c:\windows\system32\drivers\TfFsMon.sys
- 2008-11-26 15:08 . 2009-11-03 12:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-26 15:08 . 2009-11-09 22:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-26 15:08 . 2009-11-03 12:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-26 15:08 . 2009-11-09 22:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-26 15:08 . 2009-11-03 12:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-09 22:01 . 2009-11-09 22:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-10-22 07:00 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\spcustom.dll
- 2009-10-22 07:00 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\spmsg.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2004-08-04 12:00 . 2009-11-11 04:41 461858 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-11-09 18:23 461858 c:\windows\system32\perfh009.dat
- 2009-10-22 07:00 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\updspapi.dll
- 2009-10-22 07:00 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\update.exe
- 2009-10-22 07:00 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\spuninst.exe
- 2009-10-22 07:00 . 2009-09-11 14:13 136704 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp3qfe\msv1_0.dll
- 2009-10-22 07:00 . 2009-09-11 14:18 136192 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp3gdr\msv1_0.dll
+ 2009-11-09 20:02 . 2009-10-08 16:31 149456 c:\windows\SGDetectionTool.dll
+ 2009-11-09 20:02 . 2009-10-08 16:31 165840 c:\windows\PCTBDRes.dll
+ 2009-11-11 04:12 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-11 04:12 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2009-11-09 20:02 . 2009-10-08 16:31 767952 c:\windows\BDTSupport.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2004-08-04 12:00 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll
+ 2004-08-04 12:00 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-09 20:02 . 2009-10-08 16:31 1636304 c:\windows\PCTBDCore.dll
+ 2009-11-11 04:12 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-09-20 1404928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 5898240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-26 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-09 1519616]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/9/2009 2:51 PM 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/9/2009 3:02 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/9/2009 3:02 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/9/2009 2:51 PM 229304]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/9/2009 3:02 PM 112592]
S1 SASDIFSV;SASDIFSV;\??\g:\spyware removal\SUPERAntiSpyware\SASDIFSV.SYS --> g:\spyware removal\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 7:44 AM 580992]
S3 CTSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctsfsyn.sys [4/12/2006 3:53 PM 155904]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/26/2009 1:51 PM 38160]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [4/13/2006 4:08 PM 155264]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/9/2009 2:51 PM 70408]
S3 SASENUM;SASENUM;\??\g:\spyware removal\SUPERAntiSpyware\SASENUM.SYS --> g:\spyware removal\SUPERAntiSpyware\SASENUM.SYS [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/9/2009 2:51 PM 358600]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/9/2009 3:02 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6w9m844c.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 23:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,b7,0c,70,1e,42,aa,4b,b0,08,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,b7,0c,70,1e,42,aa,4b,b0,08,af,\

[HKEY_USERS\S-1-5-21-839522115-920026266-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3964)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-11-11 23:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-11 04:45
ComboFix2.txt 2009-11-09 19:08

Pre-Run: 15,325,175,808 bytes free
Post-Run: 15,392,751,616 bytes free

- - End Of File - - FDA76A57A0AD012DA7C7593DDE11632A


Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB917422\KB917422

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931836\KB931836

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10DC.tmp\ZAP10DC.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11BF.tmp\ZAP11BF.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP36F.tmp\ZAP36F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-04 07:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-13 19:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe

[1] 2004-10-14 09:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 13:46:40 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 13:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 09:34:54 654848 C:\WINDOWS\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 09:34:54 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 13:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 18:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 13:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB912812\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 10:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB969059\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB971486\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB972636-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973525\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB974112\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB974455-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB974571\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB975025\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB976749-IE8\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2005-06-28 09:24:52 716000 C:\WINDOWS\SoftwareDistribution\Download\23d1508d2f9cb06248202f4107ab1c5f\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe ()

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\8f999a6add48b449a8ea8c09fb44cb0c\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\SoftwareDistribution\Download\d94b7f0e1e7fc0963e320a6033304d12\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\e740a72458caa5dc68334c7afa82ebf3\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2337f75b6cfb9c1756b2d48701476ee3\update\update.exe (Microsoft Corporation)





Finished!




Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe: Access is denied.


.

..
Failed to open \\?\c:\\System Volume Information\MountPointManagerRemoteDatabase: Access is denied.


.

...

...

...

..\\?\c:\\WINDOWS\$hf_mig$\KB917422\KB917422: MOUNT POINT
Substitute Name: \Device\__max++>\^

.\\?\c:\\WINDOWS\$hf_mig$\KB924496\KB924496: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\$hf_mig$\KB928090\KB928090: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\$hf_mig$\KB931836\KB931836: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\$hf_mig$\KB932168\KB932168: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\$hf_mig$\KB939653\KB939653: MOUNT POINT
Substitute Name: \Device\__max++>\^



\\?\c:\\WINDOWS\$hf_mig$\KB942615\KB942615: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\$hf_mig$\KB943460\KB943460: MOUNT POINT
Substitute Name: \Device\__max++>\^

...

...

...

\\?\c:\\WINDOWS\addins\addins: MOUNT POINT
Substitute Name: \Device\__max++>\^

...\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e



\\?\c:\\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10DC.tmp\ZAP10DC.tmp: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11BF.tmp\ZAP11BF.tmp: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP36F.tmp\ZAP36F.tmp: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\assembly\temp\temp: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\assembly\tmp\tmp: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\Config\Config: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\Connection Wizard\Connection Wizard: MOUNT POINT
Substitute Name: \Device\__max++>\^

.\\?\c:\\WINDOWS\Debug\UserMode\UserMode: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\ftpcache\ftpcache: MOUNT POINT
Substitute Name: \Device\__max++>\^

..

...

\\?\c:\\WINDOWS\ime\chsime\applets\applets: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\ime\CHTIME\Applets\Applets: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\ime\imejp\applets\applets: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\ime\imejp98\imejp98: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\ime\imjp8_1\applets\applets: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\ime\imkr6_1\applets\applets: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\ime\imkr6_1\dicts\dicts: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\ime\shared\res\res: MOUNT POINT
Substitute Name: \Device\__max++>\^

...\\?\c:\\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729: MOUNT POINT
Substitute Name: \Device\__max++>\^



\\?\c:\\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\java\classes\classes: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\java\trustlib\trustlib: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs: MOUNT POINT
Substitute Name: \Device\__max++>\^

.\\?\c:\\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files: MOUNT POINT
Substitute Name: \Device\__max++>\^

.\\?\c:\\WINDOWS\msapps\msinfo\msinfo: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\mui\mui: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\pchealth\helpctr\BATCH\BATCH: MOUNT POINT
Substitute Name: \Device\__max++>\^


Failed to open \\?\c:\\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe: Access is denied.


\\?\c:\\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs: MOUNT POINT
Substitute Name: \Device\__max++>\^

.\\?\c:\\WINDOWS\pchealth\helpctr\System\DFS\DFS: MOUNT POINT
Substitute Name: \Device\__max++>\^



\\?\c:\\WINDOWS\pchealth\helpctr\System_OEM\System_OEM: MOUNT POINT
Substitute Name: \Device\__max++>\^

\\?\c:\\WINDOWS\pchealth\helpctr\Temp\Temp: MOUNT POINT
Substitute Name: \Device\__max++>\^

...

..
Failed to open \\?\c:\\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe: Access is denied.


.

...

...

...

Attached Files



#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:57 AM

Posted 11 November 2009 - 06:17 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

MIA::
c:\windows\system32\eventlog.dll

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Go to Start >> Run then copy the following line into the run box:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with notepad and post the contents in your next reply.



We need to reset the permissions of some files and folders, that have been altered by malware.
  • Download Inherit.exe and save it on your Desktop.
  • Locate each of these, then drag them and drop them, onto Inherit.exe

c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

  • when finished click OK. You may remove Inherit.exe from your desktop.

Then please post back with combofix.txt, Win32kDiag.txt and let me know how the computer is running now.

unite.jpg


#12 TheBMT

TheBMT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 12 November 2009 - 03:54 PM

There you go, am I supposed to delete the Superantispyware.exe? or the folder? After I dropped it on the inherit?


ComboFix 09-11-13.01 - Owner 11/12/2009 13:02.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1536 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\eventlog.dll was missing
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 18:09 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-12 18:09 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-11-12 11:09 . 2009-11-12 11:09 -------- d-----w- c:\windows\LastGood.Tmp
2009-11-09 20:02 . 2009-10-08 18:14 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-11-09 20:02 . 2009-10-08 18:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-11-09 19:51 . 2009-11-09 19:51 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2009-11-08 08:07 . 2009-11-08 08:17 -------- d-----w- C:\rsit
2009-11-01 15:14 . 2009-11-01 15:14 -------- d-----w- c:\program files\Trend Micro
2009-10-28 03:56 . 2009-10-28 03:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2009-10-28 03:37 . 2009-11-09 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-28 03:36 . 2009-11-12 18:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-22 19:35 . 2007-02-27 21:47 1566352 ----a-r- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_26aded30\Setup.exe
2009-10-22 19:35 . 2009-10-22 19:35 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
2009-10-22 19:35 . 2009-10-22 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 05:27 . 2009-11-09 19:51 -------- d-----w- c:\program files\Spyware Doctor
2009-10-06 21:31 . 2009-11-09 19:51 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-02 19:19 . 2009-11-09 20:02 1152470 ----a-w- c:\windows\UDB.zip
2009-09-24 13:55 . 2009-11-09 19:51 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 21:10 . 2009-11-09 19:51 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-16 15:42 . 2009-09-16 15:42 -------- d-----w- c:\program files\QuickTime
2009-09-16 15:41 . 2009-05-08 15:41 -------- d-----w- c:\program files\Common Files\Apple
2009-09-16 08:20 . 2009-11-09 19:51 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 11:20 . 2009-11-09 19:51 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 07:12 . 2009-11-09 19:51 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 06:01 . 2009-11-09 19:51 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 14:45 . 2009-11-09 19:51 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-29 08:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 19:26 . 2009-08-26 13:14 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-26 13:09 . 2009-08-26 13:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-26 13:09 . 2009-08-26 13:09 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-11_04.38.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-12 18:12 . 2009-11-12 18:12 16384 c:\windows\Temp\Perflib_Perfdata_7f0.dat
+ 2009-11-12 18:12 . 2009-11-12 18:12 16384 c:\windows\Temp\Perflib_Perfdata_108.dat
+ 2004-08-04 12:00 . 2009-11-12 11:10 79520 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-11-11 04:41 79520 c:\windows\system32\perfc009.dat
- 2009-11-11 04:23 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\spcustom.dll
- 2009-11-11 04:23 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\spmsg.dll
+ 2004-08-04 12:00 . 2009-11-12 11:10 461858 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-11-11 04:41 461858 c:\windows\system32\perfh009.dat
- 2009-11-11 04:23 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\updspapi.dll
- 2009-11-11 04:23 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\update.exe
- 2009-11-11 04:23 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\spuninst.exe
- 2009-11-11 04:23 . 2009-09-11 14:13 136704 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp3qfe\msv1_0.dll
- 2009-11-11 04:23 . 2009-09-11 14:18 136192 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp3gdr\msv1_0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-09-20 1404928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 5898240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-26 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-09 1519616]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/9/2009 2:51 PM 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/9/2009 3:02 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/9/2009 3:02 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/9/2009 2:51 PM 229304]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/9/2009 3:02 PM 112592]
S1 SASDIFSV;SASDIFSV;\??\g:\spyware removal\SUPERAntiSpyware\SASDIFSV.SYS --> g:\spyware removal\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 7:44 AM 580992]
S3 CTSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctsfsyn.sys [4/12/2006 3:53 PM 155904]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/26/2009 1:51 PM 38160]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [4/13/2006 4:08 PM 155264]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/9/2009 2:51 PM 70408]
S3 SASENUM;SASENUM;\??\g:\spyware removal\SUPERAntiSpyware\SASENUM.SYS --> g:\spyware removal\SUPERAntiSpyware\SASENUM.SYS [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/9/2009 2:51 PM 358600]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/9/2009 3:02 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6w9m844c.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 13:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,b7,0c,70,1e,42,aa,4b,b0,08,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,b7,0c,70,1e,42,aa,4b,b0,08,af,\

[HKEY_USERS\S-1-5-21-839522115-920026266-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(756)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3344)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-11-12 13:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-12 18:20
ComboFix2.txt 2009-11-11 04:45
ComboFix3.txt 2009-11-09 19:08

Pre-Run: 15,258,652,672 bytes free
Post-Run: 15,280,545,792 bytes free

- - End Of File - - 8878D0B447799D07140C50EBD6574C46



Running from: C:\Documents and Settings\Owner\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB917422\KB917422

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB917422\KB917422

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Found mount point : C:\WINDOWS\$hf_mig$\KB931836\KB931836

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931836\KB931836

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10DC.tmp\ZAP10DC.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10DC.tmp\ZAP10DC.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11BF.tmp\ZAP11BF.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11BF.tmp\ZAP11BF.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP36F.tmp\ZAP36F.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP36F.tmp\ZAP36F.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe



Finished!

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:57 AM

Posted 12 November 2009 - 09:25 PM

There you go, am I supposed to delete the Superantispyware.exe? or the folder? After I dropped it on the inherit?


No, you don't need to do anything more with superantispyware, the malware you had, had remove your permission to it so you wouldn't be able to run it, inherit
just restores your permissions to it.


Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
Posted Image



Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#14 TheBMT

TheBMT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 November 2009 - 11:52 PM

Sorry for the delay, I have been quite busy lately. I have included them in text form and as attachments. From the look of the Kapersky scan It seems I have more trouble. I tried removing the java prior to update 10, but it kept giving me errors saying the windows installer is not working properly.

The popups are gone though from what I was experiencing.

Here is the RSIT report:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-11-16 23:45:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (23%) free of 76 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:24 PM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144931741057
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1244998206984
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 8941 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-11-22 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-09-20 1404928]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-09 5898240]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-12-09 86016]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"Share-to-Web Namespace Daemon"=C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416]
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2002-11-22 348160]
"HPHUPD04"=C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [2002-11-22 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-26 149280]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-08-09 1961984]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hdeqiyime]
C:\WINDOWS\anidigoje.dll,e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDRV]
NetFilter.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:*:Enabled:PMSManager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-16 03:02:47 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-16 03:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-16 03:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-11-16 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-13 22:34:35 ----D---- C:\32788R22FWJFW
2009-11-12 13:20:21 ----A---- C:\ComboFix.txt
2009-11-12 13:09:25 ----N---- C:\WINDOWS\system32\eventlog.dll
2009-11-09 15:02:11 ----A---- C:\WINDOWS\SGDetectionTool.dll
2009-11-09 15:02:11 ----A---- C:\WINDOWS\BDTSupport.dll
2009-11-09 15:02:10 ----A---- C:\WINDOWS\PCTBDRes.dll
2009-11-09 15:02:10 ----A---- C:\WINDOWS\PCTBDCore.dll
2009-11-09 14:51:20 ----D---- C:\Program Files\Spyware Doctor
2009-11-09 14:51:20 ----D---- C:\Program Files\Common Files\PC Tools
2009-11-09 14:51:20 ----D---- C:\Documents and Settings\Owner\Application Data\PC Tools
2009-11-09 13:41:49 ----A---- C:\Boot.bak
2009-11-09 13:41:45 ----RASHD---- C:\cmdcons
2009-11-09 13:21:15 ----A---- C:\WINDOWS\zip.exe
2009-11-09 13:21:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-09 13:21:15 ----A---- C:\WINDOWS\SWSC.exe
2009-11-09 13:21:15 ----A---- C:\WINDOWS\SWREG.exe
2009-11-09 13:21:15 ----A---- C:\WINDOWS\sed.exe
2009-11-09 13:21:15 ----A---- C:\WINDOWS\PEV.exe
2009-11-09 13:21:15 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-09 13:21:15 ----A---- C:\WINDOWS\MBR.exe
2009-11-09 13:21:15 ----A---- C:\WINDOWS\grep.exe
2009-11-09 13:13:41 ----D---- C:\WINDOWS\ERDNT
2009-11-09 13:12:04 ----AD---- C:\Qoobox
2009-11-08 03:07:36 ----D---- C:\rsit
2009-11-05 13:44:03 ----A---- C:\RootRepeal report 11-05-09 (13-44-03).txt
2009-11-01 10:49:45 ----A---- C:\RootRepeal report 11-01-09 (10-49-45).txt
2009-11-01 10:48:27 ----A---- C:\RootRepeal report 11-01-09 (10-48-27).txt
2009-11-01 10:14:55 ----D---- C:\Program Files\Trend Micro
2009-10-27 22:37:20 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-10-27 22:36:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-22 14:35:02 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak

======List of files/folders modified in the last 1 months======

2009-11-16 23:45:23 ----D---- C:\WINDOWS\Prefetch
2009-11-16 10:42:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-16 09:46:39 ----D---- C:\Program Files\Mozilla Firefox
2009-11-16 08:53:55 ----D---- C:\WINDOWS\system32
2009-11-16 08:21:35 ----D---- C:\WINDOWS\Temp
2009-11-16 03:28:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-16 03:24:54 ----D---- C:\WINDOWS
2009-11-16 03:21:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-16 03:02:17 ----HD---- C:\WINDOWS\inf
2009-11-16 03:02:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-16 03:02:03 ----A---- C:\WINDOWS\imsins.BAK
2009-11-16 03:01:59 ----D---- C:\WINDOWS\system32\drivers
2009-11-15 20:13:09 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-12 14:12:37 ----RD---- C:\Program Files
2009-11-12 14:09:05 ----D---- C:\WINDOWS\mui
2009-11-12 14:08:57 ----SHD---- C:\WINDOWS\ftpcache
2009-11-12 14:08:56 ----D---- C:\WINDOWS\Connection Wizard
2009-11-12 14:08:56 ----D---- C:\WINDOWS\Config
2009-11-12 14:08:53 ----D---- C:\WINDOWS\addins
2009-11-12 13:12:59 ----A---- C:\WINDOWS\system.ini
2009-11-12 13:10:47 ----D---- C:\WINDOWS\system32\config
2009-11-12 13:06:21 ----D---- C:\WINDOWS\AppPatch
2009-11-12 13:06:17 ----D---- C:\Program Files\Common Files
2009-11-12 06:10:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-10 23:12:53 ----D---- C:\WINDOWS\ie8updates
2009-11-09 14:51:35 ----SHD---- C:\WINDOWS\Installer
2009-11-09 14:51:35 ----D---- C:\Config.Msi
2009-11-09 14:51:31 ----D---- C:\WINDOWS\WinSxS
2009-11-09 14:51:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-09 14:07:19 ----D---- C:\WINDOWS\repair
2009-11-09 13:41:49 ----RASH---- C:\boot.ini
2009-11-09 13:01:59 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-09 12:55:32 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-11-04 23:59:27 ----D---- C:\Documents and Settings\Owner\Application Data\MechCAD
2009-11-03 09:01:47 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-27 22:24:43 ----SD---- C:\WINDOWS\Tasks
2009-10-27 10:29:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-25 06:44:00 ----D---- C:\Documents and Settings\Owner\Application Data\U3
2009-10-22 04:19:04 ----N---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-08-13 129408]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-17 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-17 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-17 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-09 3095680]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2004-08-31 178736]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-08 259968]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S1 SASDIFSV;SASDIFSV; \??\G:\Spyware Removal\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 APL531;OVT Scanner; C:\WINDOWS\System32\Drivers\ov550i.sys [2006-07-31 580992]
S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-10 402944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2004-08-31 131184]
S3 CTSFSYN;Creative SoundFont Synth; C:\WINDOWS\system32\drivers\ctsfsyn.sys [2004-08-24 155904]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nuvaud2;Pinnacle DVC 80 Audio; C:\WINDOWS\system32\DRIVERS\nuvaud2.sys [2001-12-03 26560]
S3 NUVision;Pinnacle DVC 80 Video; C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
S3 PciCon;PciCon; \??\D:\PciCon.sys []
S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
S3 SASENUM;SASENUM; \??\G:\Spyware Removal\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-26 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-09 127043]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe [2005-08-03 49152]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-22 138168]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-23 1141200]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2002-12-17 311872]
S3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-10-08 70928]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 16, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 16, 2009 09:36:53
Records in database: 3222683
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 208324
Threats found: 30
Infected objects found: 229
Suspicious objects found: 0
Scan duration: 05:16:16


File name / Threat / Threats count
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00601CF3.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\006E44E4.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00716EE1.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\007418DD.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\007742D9.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\007742D9.txt Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\007B6CD6.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00846ACB.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\008814C8.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\008B3EC4.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\008E68C0.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\009112BD.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\029A3647.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06EB4D75.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\087C39DA.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D3E5E91.log Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DA45499.bmp Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DBE447C.tmp Infected: Trojan.Win32.HideProc.a 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC16E78.tmp Infected: Trojan.Win32.HideProc.a 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DF554CF.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DF87ECB.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DFF52C4.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E027CC1.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E0950B9.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11000CB5.dll Infected: not-a-virus:AdWare.Win32.WinAD.b 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1102381D.dll Infected: not-a-virus:AdWare.Win32.BiSpy.s 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11255E3F.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\127A16D0.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1667058B.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16710380.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16742D7C.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16785779.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\167B0175.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\171E6AD0.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\178460D7.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18682488.prx Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\198F3367.IE5 Infected: Exploit.HTML.CodeBaseExec 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C9148B4.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23151CD6.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2698414B.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\269B6B48.exe Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\269E1544.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26A23F40.exe Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26A5693D.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26A81339.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26AB3D36.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26AF6732.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26B2112E.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26B53B2B.exe Infected: Trojan-Downloader.Win32.Dyfuca.dk 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26B86527.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26BC0F24.exe Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26BF3920.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26C2631C.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A462C80.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B28460E.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B2F1A07.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B324404.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B366E00.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B3F6BF5.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F3C376B.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FEF128D.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\334D7611.dll Infected: not-a-virus:AdWare.Win32.WinAD 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\341736B8.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34196220.IE5 Infected: Exploit.HTML.CodeBaseExec 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36757452.exe Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\371B3739.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\376A0862.log Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\379E610A.000 Infected: not-a-virus:AdWare.Win32.EZula.ac 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37A85F00.exe Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37E028C3.exe Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37E67CBB.ini Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37E67CBB.log Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37E926B8.ini Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37E926B8.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37ED50B4.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37F07AB1.bmp Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37F07AB1.dat Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37F324AD.dat Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37F64EA9.dat Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37F64EA9.DLL Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37FA78A6.dat Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37FA78A6.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37FD22A2.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38072097.log Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\380A4A94.ini Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\380A4A94.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\380D7490.dll Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\380D7490.ini Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\380D7490.log Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38111E8D.dat Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38111E8D.log Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38144889.bac Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38144889.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38177286.INI Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38177286.log Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\381A1C82.exe Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3821707B.bmp Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38241A77.bmp Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38274474.log Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\382B6E70.bmp Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\382B6E70.exe Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\382B6E70.log Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\382B6E70.txt Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\382E186C.ini Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38314269.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38314269.EXE Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38356C65.exe Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38356C65.ini Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38381662.exe Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\383B405E.prx Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\383E6A5A.pif Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\383E6A5A.prx Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38F162BC.log Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A4B2372.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A940778.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BE54493.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C033F92 Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C254479.exe Infected: Trojan.Win32.Dialer.bn 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C2C1872.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C2F426E.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C326C6B.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C3F145C.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D6D02C8.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E1677F3.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F432818.exe Infected: not-a-virus:AdWare.Win32.PowerScan.b 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA872B7.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41236F76.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\425F6CE2.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\426216DF.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\426540DB.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42696AD7.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46244377.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47100A8B.exe Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47760092.dat Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47DC769A.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B395A1E.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DCE7A7A.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DD12476.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DD44E73.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DD7786F.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDB226B.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DDE4C68.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DE17664.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DE42061.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52A04689.prx Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53063C91.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\536C3298.dat Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53D31ED9.exe Infected: Backdoor.Win32.Small.dc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56642015.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EFD6E97.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F70101D.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F733A19.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F766416.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F790E12.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F7D380F.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F80620B.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F830C07.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F8A6000.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F8F5258.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F9033F9.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F927C55.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F945DF6.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F952651.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F9707F2.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F9C7A4A.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F9F2446.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FA24E43.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62FB1F70.chm Infected: Trojan-Downloader.JS.Weis.b 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\633813E8.exe Infected: Backdoor.Win32.Small.dc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6661074A.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\673E2835.dll Infected: not-a-virus:AdWare.Win32.WinAD.b 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6879261F.exe Infected: Backdoor.Win32.Small.dc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68971FFF.exe Infected: Backdoor.Win32.Small.dc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68D57773.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C2E0F11.dll Infected: Trojan-Downloader.Win32.Agent.an 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C3B3702.exe Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C410AFB.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C4534F7.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C4534F7.exe Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C485EF4.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C485EF4.IE5 Infected: Exploit.HTML.CodeBaseExec 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C4B08F0.exe Infected: Trojan-Downloader.Win32.IstBar.gen 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C4E32ED.exe Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C5506E5.dll Infected: Trojan-Downloader.Win32.IstBar.fz 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C5830E2.dll Infected: not-a-virus:AdWare.Win32.BiSpy.s 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C5C5ADE.txt Infected: Trojan-Downloader.Win32.Agent.db 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C5F04DB.dat Infected: Trojan-Downloader.Win32.Agent.db 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C5F04DB.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C622ED7.dat Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C622ED7.txt Infected: Trojan-Downloader.Win32.Agent.db 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C6558D3.dat Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C6558D3.txt Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C6902D0.dat Infected: Trojan-Downloader.Win32.Agent.db 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C6902D0.dll Infected: Trojan-Downloader.Win32.Agent.an 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C6902D0.txt Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C6F56C9.exe Infected: Trojan-Downloader.Win32.Small.fo 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C7200C5.exe Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C762AC1.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C762AC1.htm Infected: Trojan-Downloader.JS.IstBar.j 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C7954BE.dll Infected: not-a-virus:AdWare.Win32.SideFind 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C7954BE.exe Infected: Trojan-Downloader.Win32.IstBar.gen 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C7C7EBA.exe Infected: Trojan-Downloader.Win32.IstBar.gen 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C7F28B7.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C8352B3.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C867CB0.exe Infected: not-a-virus:AdWare.Win32.WinAD 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C8745A7.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C8D50A8.exe Infected: not-a-virus:AdWare.Win32.WinAD.b 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C907AA5.dll Infected: not-a-virus:AdWare.Win32.WinAD 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C9324A1.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C964E9E.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C964E9E.exe Infected: Trojan-Downloader.Win32.Small.fo 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DA32F92.log Infected: Trojan-Downloader.Win32.Agent.an 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F7C160A.log Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70D656C1.IE5 Infected: Exploit.HTML.CodeBaseExec 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\746D36D4.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75B7708D.txt Infected: Trojan-Downloader.Win32.Agent.ap 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77A524C9.dll Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78B01044 Infected: Trojan-Downloader.Win32.Agent.an 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\797B4A18.exe Infected: Trojan-Downloader.Win32.Dyfuca.dk 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79E014B8.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AE56FD6 Infected: Trojan-Downloader.Win32.Agent.an 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E73644F.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E7A3848.dll Infected: Trojan-Downloader.Win32.Agent.al 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gomonoye.dll.vir Infected: Trojan.Win32.Monder.cutq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jabohino.dll.vir Infected: Trojan.Win32.Monder.cuul 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jetebusu.dll.vir Infected: Trojan.Win32.Monder.cupy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nakizoro.dll.vir Infected: Trojan.Win32.Monder.cuqu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rehiyiho.dll.vir Infected: Trojan.Win32.Monder.cuqf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tenolabo.dll.vir Infected: Trojan.Win32.Monder.cusy 1

Selected area has been scanned.

Attached Files



#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:57 AM

Posted 17 November 2009 - 10:33 PM

The Kaspersky results are not to much to worry about they are all quarantined items, we will remove the ones quarantined by Norton, as for the ones in Qoobox, these
will be removed if you follow the instructions in my last post to uninstall Combofix.


Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hdeqiyime]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDRV]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    :Files
    C:\Program Files\Common Files\Symantec Shared
    C:\Documents and Settings\All Users\Application Data\Symantec
    C:\Old Drives\C-drive\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine
    :Commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:

    Remove Useless JRE Files
    Remove Startup Entry

  • Click Go then ok to all the prompts, once done restart your computer.

Please post back here with the following logs:
  • OTM results
  • New Rsit log
Thanks

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users