Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNSChanger Virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 tkirkbri

tkirkbri

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 02 November 2009 - 01:31 AM

I have noticed the effects of a DNSChanger virus inserting the following

216.146.35.35
216.146.36.36

Into the TCP/IP settings (even though Obtain DNS server addresses automatically) radio button is enabled.

These two addresses are legitimate, but, are not mine (I'm in SA with Telkom) and the addresses resolve to a DNS in the US.

Any assistance in identifying the source of the infection and optimum removal path would be welcomed.

Combofix log appended.

Tkirkbri


ComboFix 09-10-30.01 - Tony 01/11/09 21:38.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.261 [GMT 2:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tony\Application Data\inst.exe
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\Cache
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_NPF
-------\Service_Iprip
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 19:14 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-11-01 19:14 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-11-01 17:15 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 17:15 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 13:47 . 2009-11-01 13:47 -------- d-----w- c:\program files\iPod
2009-11-01 13:47 . 2009-11-01 13:48 -------- d-----w- c:\program files\iTunes
2009-11-01 07:36 . 2009-11-01 07:37 -------- dc-h--w- c:\windows\ie8
2009-10-31 09:53 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-30 15:28 . 2009-10-30 15:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-30 15:27 . 2009-10-30 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-30 15:27 . 2009-10-30 15:27 -------- d-----w- c:\program files\Lavasoft
2009-10-28 18:55 . 2009-10-28 18:55 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-28 16:18 . 2009-10-28 16:18 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2009-10-28 16:18 . 2009-10-28 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-28 16:18 . 2009-11-01 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 16:15 . 2009-10-28 16:15 -------- d-----w- c:\program files\Trend Micro
2009-10-26 18:14 . 2009-10-26 18:14 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2009-10-26 16:04 . 2009-10-28 18:52 -------- d-----w- c:\documents and settings\Tony\Application Data\SASA
2009-10-17 08:16 . 2009-10-28 18:53 -------- d-----w- c:\program files\iPod(2)
2009-10-17 08:16 . 2009-10-28 18:53 -------- d-----w- c:\program files\iTunes(2)
2009-10-17 08:16 . 2009-10-17 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-16 16:57 . 2009-11-01 06:37 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-10-16 16:50 . 2009-10-28 18:54 -------- d-----w- c:\program files\SpeedBit Video Downloader
2009-10-04 06:00 . 2009-10-04 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2009-10-04 05:58 . 2009-10-04 05:58 -------- d-----w- c:\program files\Macrium

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 22:12 . 2007-04-15 08:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-01 22:12 . 2009-01-06 07:26 -------- d-----w- c:\program files\SASA ADSL Stats Analyser
2009-11-01 19:30 . 2008-02-24 09:38 -------- d-----w- c:\documents and settings\Tony\Application Data\Samsung
2009-11-01 19:30 . 2006-04-14 00:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-01 19:30 . 2008-02-24 09:34 -------- d-----w- c:\program files\Samsung
2009-11-01 13:47 . 2008-04-19 12:15 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 13:45 . 2007-12-21 11:29 -------- d-----w- c:\program files\QuickTime
2009-11-01 06:37 . 2008-12-01 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-11-01 06:14 . 2007-04-15 08:33 -------- d-----w- c:\program files\DAP
2009-10-28 18:51 . 2008-12-04 15:03 -------- d-----w- c:\program files\Billion 800VGT
2009-10-20 19:01 . 2009-02-07 06:28 -------- d-----w- c:\program files\Java
2009-10-17 08:46 . 2008-04-19 12:19 -------- d-----w- c:\documents and settings\Tony\Application Data\Apple Computer
2009-10-17 07:58 . 2007-05-22 15:59 -------- d-----w- c:\program files\CompuTrainer 3D V3
2009-10-04 11:39 . 2008-12-05 14:10 -------- d-----w- c:\program files\DynDNS Updater
2009-09-28 15:00 . 2007-05-06 09:34 -------- d-----w- c:\program files\Common Files\Real
2009-09-28 14:59 . 2009-09-28 14:59 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-28 14:59 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-28 14:59 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-28 14:59 . 2007-05-06 09:34 -------- d-----w- c:\program files\Real
2009-09-23 16:18 . 2009-01-23 18:53 -------- d-----w- c:\documents and settings\Tony\Application Data\THQ
2009-09-23 15:42 . 2009-01-23 16:48 -------- d-----w- c:\program files\THQ
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:22 . 2006-04-17 20:40 -------- d-----w- c:\documents and settings\Tony\Application Data\Skype
2009-09-10 19:14 . 2008-10-26 16:26 -------- d-----w- c:\documents and settings\Tony\Application Data\skypePM
2009-09-09 18:49 . 2006-04-16 01:22 64760 ----a-w- c:\documents and settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 16:02 . 2008-02-10 07:44 -------- d-----w- c:\program files\FinePixViewer
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-11-07 19:03 11069440 ----a-w- c:\windows\system32\ieframe(2).dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 10:16 . 2009-08-25 10:16 32224 ----a-w- c:\windows\system32\drivers\psmounter.sys
2009-08-16 06:37 . 2008-12-17 15:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 06:37 . 2008-12-17 15:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 06:37 . 2008-12-17 15:05 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-06 17:24 . 2006-04-14 00:35 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2006-04-14 00:35 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2006-04-14 00:35 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2006-04-14 00:35 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2006-04-14 00:35 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2006-04-14 00:35 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-04 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-04-13 16:02 . 2006-04-13 16:02 56 ----a-w- c:\program files\Common Files\appop.log
2004-10-01 22:00 . 2006-04-13 16:18 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2006-07-04 18:10 . 1602-07-12 21:55 1031 --sh--w- c:\windows\system\ws32ntfy.dat
2002-04-16 18:27 . 2002-04-16 18:27 5 --sha-w- c:\windows\system32\CdI5T.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SASA ADSL Stats Analyser"="c:\program files\SASA ADSL Stats Analyser\sasa.exe" [2007-07-14 1288704]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-11-01 2803200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-09 32768]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-04-06 9125888]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"WINCINEMAMGR"="c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-04-30 278528]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-01 2025752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-28 198160]
"CONNECTScheduler"="c:\program files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" [2006-03-23 75336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-09-07 303104]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2009-9-28 91504]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2009-2-7 341480]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-26 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 06:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\D-Link\\AP Manager for DWL-2100AP\\APMGR7XXX.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=
"c:\\Program Files\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW-standalone.exe"=
"c:\\Program Files\\Sierra Entertainment\\Empire Earth III Public Demo\\EE3.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vivotek\\Installation Wizard\\InstallationWizard.exe"=
"c:\\Program Files\\Vivotek Inc\\Installation Wizard 2\\IW2.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sega\\Universe At War Earth Assault\\UAWEA.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [13/04/06 6:01 PM 38784]
R0 lfsfilt;NDAS Lean File Sharing Service;c:\windows\system32\drivers\lfsfilt.sys [07/02/09 9:59 PM 274920]
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [07/02/09 10:00 PM 100840]
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [07/02/09 9:59 PM 285160]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/05/08 9:32 AM 15328]
R0 sftxcnfg;sftxcnfg;c:\windows\system32\drivers\sftxcnfg.sys [13/04/06 6:10 PM 24324]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/12/08 5:15 PM 335240]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [07/02/09 9:59 PM 416232]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [07/02/09 9:59 PM 783848]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17/12/08 5:15 PM 297752]
R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [28/09/09 2:38 PM 99704]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/09 1:17 PM 1169232]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [25/08/09 12:16 PM 220128]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [27/04/09 6:09 PM 93960]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R2 Vivotek_ST3402;Vivotek ST3402 Launcher;c:\program files\Vivotek\ST3402\Launcher_VV.exe [26/06/08 10:40 PM 335872]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [07/02/09 9:59 PM 121320]
S2 ST7501 Uranus Watch Dog;ST7501 Uranus Watch Dog;c:\program files\Vivotek Inc\ST7501\Server\ST7501_UranusWatchDog.exe [29/10/08 12:01 PM 185728]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [19/04/06 2:45 AM 171264]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [04/08/04 2:00 PM 14336]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [20/04/06 1:26 AM 88960]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [20/04/06 1:26 AM 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [20/04/06 1:26 AM 65152]
S3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [13/04/06 6:01 PM 116224]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [07/02/09 10:00 PM 276968]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [04/03/09 5:38 PM 26656]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [25/08/09 12:16 PM 32224]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [03/01/09 5:16 PM 39704]
S3 SoP1kUSB;Sony PEG Virtual Port;c:\windows\system32\drivers\SoP1kUSB.sys [15/04/07 8:42 PM 30051]
S3 TSClient;Tatara Protocol Driver;c:\windows\system32\drivers\tsclient.sys --> c:\windows\system32\drivers\tsclient.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
*Deregistered* - udffsrec

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06]

2009-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2009-10-26 c:\windows\Tasks\Study Backup of C + D xml.job
- c:\program files\Macrium\Reflect\reflect.exe [2009-08-28 11:26]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://gwweb.csir.co.za/
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = 201.12.62.4:3128
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
TCP: {2FFC9652-0B80-4426-B319-720237D87B39} = 216.146.35.35,216.146.36.36
TCP: {3A83FD92-4FE1-464B-B3A9-1512AFEF35BF} = 216.146.35.35,216.146.36.36
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\1v9jsqpx.default\
FF - prefs.js: browser.startup.homepage - hxxp://gwweb.csir.co.za/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\1v9jsqpx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\1v9jsqpx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\1v9jsqpx.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-MobileConnect.EXE - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
HKLM-Run-IP surveillance - (no file)
HKLM-Run-ST7501 - (no file)
HKU-Default-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 00:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0xF73A9000 0x17900 bytes

\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0xF73AF852 != 0xF77F4D60 sfsync02.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-113007714-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,bb,99,89,37,c9,8e,e9,cf,f4,33,c1,96,1e,a5,f5,3e,a6,be,13,c1,36,3b,
55,d8,84,ff,00,ed,5f,07,ac,59,98,bc,48,29,0f,c3,5f,f6,62,b1,b6,9e,42,bb,42,\
"??"=hex:f7,95,d6,f7,5c,85,f3,1b,bb,49,43,95,4e,c4,70,75

[HKEY_USERS\S-1-5-21-1202660629-113007714-1801674531-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="bU8+4wc/l2Aa2r6CP3t65392ewZjD0tEYrPO28r9wtAyP8pTcgaRjg=="
"PLCK"="CEXFpuENBKLQ/pjy8rBtWGgV5RpOfVtQ"
"Percents"="0 0.1719 0.3499 0.5354 0.73 0.8552 0.8612 "
"Increment"=".006452"
"PHSH"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Setup"="0209B03-CA4E-BF37-7CC2-0548"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3136)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NDAS\System\ndassvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\System32\snmp.exe
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorEngine.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-11-01 0:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 22:18

Pre-Run: 15,801,733,120 bytes free
Post-Run: 16,920,817,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 0EEC63E4231AB3FCBC4D52E24C269DD7

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:01:39 AM

Posted 08 November 2009 - 06:18 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 tkirkbri

tkirkbri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 10 November 2009 - 03:34 AM

Hi Sempai

Many thanks for the positive response to my request for help.

Please find attached txt files as requested.

tkirkbri

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:39 PM

Posted 11 November 2009 - 04:00 PM

Hello, tkirkbri
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 tkirkbri

tkirkbri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 12 November 2009 - 12:19 AM

Hi Tom

Thanks for your help.

I downloaded GMER version 1.0.15.15220 and ran the Scan.

When the scan completed \IAT and started \Device the operating system crashed and rebooted automatically.

I then re-booted in SAFE MODE and ran GMER once more and the system again crashed (not sure at what stage).

I then booted in normal mode and ran GMER without Devices checkbox enabled.

The following is the log.

Tony

GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-12 07:04:40
Windows 5.1.2600 Service Pack 3
Running: g2gybrod.exe; Driver: C:\DOCUME~1\Tony\LOCALS~1\Temp\uwryqpob.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00F1BFC0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00F1C030
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00F1C560
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00F1B230
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00F186C0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00F19920
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00F19B90
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00F1C230
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00F1C550
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00F19CA0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00F1B340
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 00F1B190
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 00F1AFF0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 00F1A3F0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 00F1AB80
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 00F1A830
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 00F1AFB0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 00F1C570
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 00F19E00
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 00F19E80
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00F19F00
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 00F1A070
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00F1A150
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 00F1A000
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00F1C4C0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00F1C470
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00F186C0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00F19920
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00F1B230
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00F19B90
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00F199A0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00F1A830
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00F1C170
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00F1C1B0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00F1C550
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00F1C030
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00F1B190
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00F1A150
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00F19B00
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00F19E80
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00F1CAD0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00F1AB80
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00F1AFF0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00F1B6B0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00F1B440
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00F1B630
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00F1BB10
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00F1B820
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00F19A70
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00F1A000
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00F1C290
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00F1B580
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00F1B130
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00F1AFB0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00F1B340
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00F1C570
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00F1B380
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00F1C810
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00F1C7B0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00F1CA00
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00F1CAA0
IAT C:\Program Files\DAP\DAP.EXE[152] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00F1C8D0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\CLSID\{34C445BA-07EB-4b5d-8EE9-F66BB9DA403B}\InprocServer32@ C:\WINDOWS\system32\wpdmtpus.dll

---- EOF - GMER 1.0.15 ----

Attached Files



#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:39 PM

Posted 12 November 2009 - 02:43 PM

Hi,


Please delete your copy of Combofix from your desktop.



Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 tkirkbri

tkirkbri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 13 November 2009 - 12:25 AM

Hi

Thanks for the help.

AVG 8.5 Resident shield disabled.

Schrauber ran OK, see log below......

ComboFix 09-11-13.04 - Tony 13/11/09 6:58.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.331 [GMT 2:00]
Running from: c:\documents and settings\Tony\Desktop\Schrauber.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-06 15:33 . 2009-11-06 15:33 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-06 15:33 . 2009-11-06 15:33 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-06 15:33 . 2009-11-06 15:33 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-06 15:33 . 2009-11-06 15:33 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-06 15:33 . 2009-11-06 15:33 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-06 15:33 . 2009-11-06 15:33 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-06 15:33 . 2009-11-06 15:33 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-06 15:33 . 2009-11-06 15:33 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-11-06 15:33 . 2009-11-06 15:33 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-06 15:32 . 2009-11-06 15:33 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-06 15:32 . 2009-11-06 15:32 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-06 15:32 . 2009-11-06 15:32 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-06 15:32 . 2009-11-06 15:32 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-06 15:32 . 2009-11-06 15:32 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-06 15:32 . 2009-11-06 15:32 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-06 06:31 . 2009-11-01 07:27 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-03 06:13 . 2009-11-01 07:27 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-11-02 18:28 . 2009-11-02 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-02 18:28 . 2009-11-02 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-02 17:39 . 2009-11-02 17:41 -------- d-----w- C:\rsit
2009-11-02 15:36 . 2009-11-02 15:36 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-02 15:36 . 2009-11-02 15:36 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-02 15:36 . 2009-11-02 15:36 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-02 15:35 . 2009-11-02 15:35 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-02 15:35 . 2009-11-02 15:35 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-02 15:34 . 2009-11-02 15:34 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-02 15:34 . 2009-11-02 15:34 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-02 15:34 . 2009-11-02 15:34 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-02 15:34 . 2009-11-02 15:34 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-02 15:34 . 2009-11-02 15:34 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-02 15:27 . 2009-11-02 15:31 152576 ----a-w- c:\documents and settings\Tony\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-11-02 14:33 . 2009-11-02 14:33 -------- d-----w- c:\program files\ERUNT
2009-11-01 19:14 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-11-01 19:14 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-11-01 17:15 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 17:15 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 13:47 . 2009-11-01 13:47 -------- d-----w- c:\program files\iPod
2009-11-01 13:47 . 2009-11-01 13:48 -------- d-----w- c:\program files\iTunes
2009-11-01 07:36 . 2009-11-01 07:37 -------- dc-h--w- c:\windows\ie8
2009-11-01 06:16 . 2009-11-01 06:16 3317784 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA3_DapSo.exe
2009-10-31 09:53 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-30 15:28 . 2009-10-30 15:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-30 15:28 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-30 15:27 . 2009-10-30 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-30 15:27 . 2009-10-30 15:27 -------- d-----w- c:\program files\Lavasoft
2009-10-28 18:58 . 2009-10-28 18:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 18:55 . 2009-10-28 18:55 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-28 16:18 . 2009-10-28 16:18 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2009-10-28 16:18 . 2009-10-28 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-28 16:18 . 2009-11-03 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 16:15 . 2009-10-28 16:15 -------- d-----w- c:\program files\Trend Micro
2009-10-26 18:14 . 2009-10-26 18:14 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2009-10-26 16:04 . 2009-10-28 18:52 -------- d-----w- c:\documents and settings\Tony\Application Data\SASA
2009-10-17 08:16 . 2009-10-28 18:53 -------- d-----w- c:\program files\iPod(2)
2009-10-17 08:16 . 2009-10-28 18:53 -------- d-----w- c:\program files\iTunes(2)
2009-10-17 08:16 . 2009-10-17 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-16 16:57 . 2009-11-01 06:37 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-10-16 16:50 . 2009-10-28 18:54 -------- d-----w- c:\program files\SpeedBit Video Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 03:12 . 2009-01-06 07:26 -------- d-----w- c:\program files\SASA ADSL Stats Analyser
2009-11-12 15:11 . 2007-04-15 08:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-08 18:08 . 2008-02-10 07:44 -------- d-----w- c:\program files\FinePixViewer
2009-11-02 15:33 . 2009-02-07 06:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-02 15:28 . 2009-02-07 06:28 -------- d-----w- c:\program files\Java
2009-11-01 19:30 . 2008-02-24 09:38 -------- d-----w- c:\documents and settings\Tony\Application Data\Samsung
2009-11-01 19:30 . 2006-04-14 00:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-01 19:30 . 2008-02-24 09:34 -------- d-----w- c:\program files\Samsung
2009-11-01 13:47 . 2008-04-19 12:15 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 13:45 . 2007-12-21 11:29 -------- d-----w- c:\program files\QuickTime
2009-11-01 06:37 . 2008-12-01 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-11-01 06:14 . 2007-04-15 08:33 -------- d-----w- c:\program files\DAP
2009-10-28 18:51 . 2008-12-04 15:03 -------- d-----w- c:\program files\Billion 800VGT
2009-10-17 08:46 . 2008-04-19 12:19 -------- d-----w- c:\documents and settings\Tony\Application Data\Apple Computer
2009-10-17 07:58 . 2007-05-22 15:59 -------- d-----w- c:\program files\CompuTrainer 3D V3
2009-10-04 11:39 . 2008-12-05 14:10 -------- d-----w- c:\program files\DynDNS Updater
2009-10-04 11:39 . 2009-10-04 11:38 732120 ----a-w- c:\documents and settings\All Users\Application Data\DynDNS\Updater\setup.exe
2009-10-04 06:00 . 2009-10-04 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2009-10-04 05:58 . 2009-10-04 05:58 43646 ----a-r- c:\documents and settings\Tony\Application Data\Microsoft\Installer\{1012451C-BEE2-4BC1-A2EB-0858CB8F3CF7}\_D707CE1C009F1381803C2C.exe
2009-10-04 05:58 . 2009-10-04 05:58 43646 ----a-r- c:\documents and settings\Tony\Application Data\Microsoft\Installer\{1012451C-BEE2-4BC1-A2EB-0858CB8F3CF7}\_21F3885A18D238E15AAE81.exe
2009-10-04 05:58 . 2009-10-04 05:58 43646 ----a-r- c:\documents and settings\Tony\Application Data\Microsoft\Installer\{1012451C-BEE2-4BC1-A2EB-0858CB8F3CF7}\_18DF0C8771EFF587AF3F1B.exe
2009-10-04 05:58 . 2009-10-04 05:58 43646 ----a-r- c:\documents and settings\Tony\Application Data\Microsoft\Installer\{1012451C-BEE2-4BC1-A2EB-0858CB8F3CF7}\_09F0D93C7B981A8F6180E4.exe
2009-10-04 05:58 . 2009-10-04 05:58 29926 ----a-r- c:\documents and settings\Tony\Application Data\Microsoft\Installer\{1012451C-BEE2-4BC1-A2EB-0858CB8F3CF7}\_90B13D2EC287AF9618C766.exe
2009-10-04 05:58 . 2009-10-04 05:58 109534 ----a-r- c:\documents and settings\Tony\Application Data\Microsoft\Installer\{1012451C-BEE2-4BC1-A2EB-0858CB8F3CF7}\_6FEFF9B68218417F98F549.exe
2009-10-04 05:58 . 2009-10-04 05:58 -------- d-----w- c:\program files\Macrium
2009-09-28 15:00 . 2007-05-06 09:34 -------- d-----w- c:\program files\Common Files\Real
2009-09-28 14:59 . 2009-09-28 14:59 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-28 14:59 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-28 14:59 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-28 14:59 . 2007-05-06 09:34 -------- d-----w- c:\program files\Real
2009-09-23 16:18 . 2009-01-23 18:53 -------- d-----w- c:\documents and settings\Tony\Application Data\THQ
2009-09-23 15:42 . 2009-01-23 16:48 -------- d-----w- c:\program files\THQ
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 18:49 . 2006-04-16 01:22 64760 ----a-w- c:\documents and settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 15:17 . 2008-12-01 15:32 83456 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-08-31 16:21 . 2009-08-31 16:20 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-08-29 08:08 . 2006-11-07 19:03 11069440 ----a-w- c:\windows\system32\ieframe(2).dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 10:16 . 2009-08-25 10:16 32224 ----a-w- c:\windows\system32\drivers\psmounter.sys
2009-08-16 06:37 . 2008-12-17 15:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 06:37 . 2008-12-17 15:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 06:37 . 2008-12-17 15:05 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2006-04-13 16:02 . 2006-04-13 16:02 56 ----a-w- c:\program files\Common Files\appop.log
2004-10-01 22:00 . 2006-04-13 16:18 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2006-07-04 18:10 . 1602-07-12 21:55 1031 --sh--w- c:\windows\system\ws32ntfy.dat
2002-04-16 18:27 . 2002-04-16 18:27 5 --sha-w- c:\windows\system32\CdI5T.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SASA ADSL Stats Analyser"="c:\program files\SASA ADSL Stats Analyser\sasa.exe" [2007-07-14 1288704]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]
"MobileConnect.EXE"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [BU]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-11-01 2803200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-09 32768]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-04-06 9125888]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"WINCINEMAMGR"="c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-04-30 278528]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-02 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-28 198160]
"CONNECTScheduler"="c:\program files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" [2006-03-23 75336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-09-07 303104]
"IP surveillance"="" [BU]
"ST7501"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="c:\program files\Skype\Phone\IEPlugin\unins000.exe" [BU]

c:\documents and settings\Tony\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2009-9-28 91504]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2009-2-7 341480]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-26 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 06:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\D-Link\\AP Manager for DWL-2100AP\\APMGR7XXX.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=
"c:\\Program Files\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW-standalone.exe"=
"c:\\Program Files\\Sierra Entertainment\\Empire Earth III Public Demo\\EE3.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vivotek\\Installation Wizard\\InstallationWizard.exe"=
"c:\\Program Files\\Vivotek Inc\\Installation Wizard 2\\IW2.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sega\\Universe At War Earth Assault\\UAWEA.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [13/04/06 6:01 PM 38784]
R0 lfsfilt;NDAS Lean File Sharing Service;c:\windows\system32\drivers\lfsfilt.sys [07/02/09 9:59 PM 274920]
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [07/02/09 10:00 PM 100840]
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [07/02/09 9:59 PM 285160]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/05/08 9:32 AM 15328]
R0 sftxcnfg;sftxcnfg;c:\windows\system32\drivers\sftxcnfg.sys [13/04/06 6:10 PM 24324]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/12/08 5:15 PM 335240]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [07/02/09 9:59 PM 416232]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [07/02/09 9:59 PM 783848]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17/12/08 5:15 PM 297752]
R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [28/09/09 2:38 PM 99704]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/09 1:17 PM 1179232]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [25/08/09 12:16 PM 220128]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [27/04/09 6:09 PM 93960]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R2 Vivotek_ST3402;Vivotek ST3402 Launcher;c:\program files\Vivotek\ST3402\Launcher_VV.exe [26/06/08 10:40 PM 335872]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [07/02/09 9:59 PM 121320]
S2 ST7501 Uranus Watch Dog;ST7501 Uranus Watch Dog;c:\program files\Vivotek Inc\ST7501\Server\ST7501_UranusWatchDog.exe [29/10/08 12:01 PM 185728]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [19/04/06 2:45 AM 171264]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [04/08/04 2:00 PM 14336]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [20/04/06 1:26 AM 88960]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [20/04/06 1:26 AM 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [20/04/06 1:26 AM 65152]
S3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [13/04/06 6:01 PM 116224]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [07/02/09 10:00 PM 276968]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [04/03/09 5:38 PM 26656]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [25/08/09 12:16 PM 32224]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [03/01/09 5:16 PM 39704]
S3 SoP1kUSB;Sony PEG Virtual Port;c:\windows\system32\drivers\SoP1kUSB.sys [15/04/07 8:42 PM 30051]
S3 TSClient;Tatara Protocol Driver;c:\windows\system32\drivers\tsclient.sys --> c:\windows\system32\drivers\tsclient.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
*Deregistered* - udffsrec

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 15:34]

2009-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2009-11-09 c:\windows\Tasks\Study Backup of C + D xml.job
- c:\program files\Macrium\Reflect\reflect.exe [2009-08-28 11:26]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://gwweb.csir.co.za/
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = 201.12.62.4:3128
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
TCP: {2FFC9652-0B80-4426-B319-720237D87B39} = 216.146.35.35,216.146.36.36
TCP: {E9CAF181-684A-4619-A43F-98CD93EB0CAA} = 216.146.35.35,216.146.36.36
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\1v9jsqpx.default\
FF - prefs.js: browser.startup.homepage - gwweb.csir.co.za
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\1v9jsqpx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\1v9jsqpx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\1v9jsqpx.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-113007714-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,bb,99,89,37,c9,8e,e9,cf,f4,33,c1,96,1e,a5,f5,3e,a6,be,13,c1,36,3b,
55,d8,84,ff,00,ed,5f,07,ac,59,98,bc,48,29,0f,c3,5f,f6,62,b1,b6,9e,42,bb,42,\
"??"=hex:f7,95,d6,f7,5c,85,f3,1b,bb,49,43,95,4e,c4,70,75

[HKEY_USERS\S-1-5-21-1202660629-113007714-1801674531-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="bU8+4wc/l2Aa2r6CP3t65392ewZjD0tEYrPO28r9wtAyP8pTcgaRjg=="
"PLCK"="CEXFpuENBKLQ/pjy8rBtWGgV5RpOfVtQ"
"Percents"="0 0.1719 0.3499 0.5354 0.73 0.8552 0.8612 "
"Increment"=".006452"
"PHSH"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Setup"="EXPIRED"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5672)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(5740)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-13 07:18
ComboFix-quarantined-files.txt 2009-11-13 05:17
ComboFix2.txt 2009-11-02 18:04
ComboFix3.txt 2009-11-01 22:18

Pre-Run: 15,922,810,880 bytes free
Post-Run: 15,957,123,072 bytes free

- - End Of File - - D0E74D2C13C096CE48869A0E6C0A1A22

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:39 PM

Posted 13 November 2009 - 02:05 PM

Hi,

How is your system running?


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 tkirkbri

tkirkbri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 14 November 2009 - 06:54 AM

Hi

Problem still exists.

DNS keeps changing to 216.146.35.35,216.146.36.36

Logs below.....


info.txt logfile of random's system information tool 1.06 2009-11-14 13:48:22

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
-->"C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{107254A0-0ADF-11D4-9397-00D0B7020B38}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40602E2C-AB5C-4887-8093-3BFE5B8B95B3}\setup.exe" REMOVEALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archos MPG4 Translator V3.0.9-->C:\Program Files\Archos MP4SP\Uninstal.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}\setup.exe" -l0x9
Ashampoo WinOptimizer 4.41-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Billion 800VGT-->"C:\Documents and Settings\All Users\Application Data\{1F8B79A6-94D1-4747-BE61-0CBB5AF62621}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5662C158-CA24-4228-BF6C-596FADA08682} /l1033
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}
Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A70D14C6-FF2C-4B8E-A643-7E74EC607614}
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E73534D5-CC93-4C63-9072-5A9734255C74}
Canon EOS Kiss_N REBEL_XT 350D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}
Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon iP4200-->C:\WINDOWS\system32\CNMCP78.exe "-PRINTERNAMECanon iP4200" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon PhotoRecord-->MsiExec.exe /X{862983D7-FA08-493E-A9ED-6B7859E069D3}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Setup Utility 2.0-->"C:\Program Files\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.0\uninst.ini
Canon Utilities Digital Photo Professional 1.6.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{789CF5F1-3326-4B7B-9D01-31047E0F5651}
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
Canon Utilities EOS Capture 1.3-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{16480125-0428-4097-9A2A-74464004D169}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CompuTrainer 3D ver.3-->"C:\Program Files\CompuTrainer 3D V3\unins000.exe"
CompuTrainer 3D ver.3-->"C:\Program Files\CompuTrainer 3D V3\unins001.exe"
CONNECT Player Language Pack-->MsiExec.exe /X{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}
CONNECT Player-->MsiExec.exe /X{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DD PlayCam-->C:\WINDOWS\unvise32.exe C:\Program Files\DD PlayCam\1.0\Thempty.log
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DJ ToneXpress 3.6.1-->C:\Program Files\DjToneXpress\Uninstall-361.exe
D-Link AirPlus Xtreme G AP Manager for DWL-2100AP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D86384B-8DBE-4A97-B493-216A96C15562}\Setup.exe"
Doom 3 ™ Demo-->C:\PROGRA~1\DOOM3D~1\UNWISE.EXE C:\PROGRA~1\DOOM3D~1\INSTALL.LOG
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.0.5 Be-->"C:\Program Files\DVDFab 5\unins000.exe"
DynDNS Updater-->C:\Program Files\DynDNS Updater\Uninstall.exe {6F492A4E-DE76-4719-B20B-15FE8E12BF58}
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Empire Earth III Public Demo-->C:\Program Files\InstallShield Installation Information\{E80447AF-A31E-4F0C-9690-805284F9C45D}\setup.exe -runfromtemp -l0x0009 -removeonly
Ethereal 0.99.0-->"C:\Program Files\Ethereal\uninstall.exe"
Exact Audio Copy 0.99pb3-->C:\Program Files\Exact Audio Copy\uninst.exe
FairUse Wizard 2-->"C:\Program Files\FairUse Wizard 2\UnInstall_14333.exe"
FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource-->C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.4-->C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Free Video Converter V 1.4-->"C:\Program Files\Free Video Converter\unins000.exe"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Garmin POI Loader-->MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
Ghost Recon Advanced Warfighter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFC97089-04D6-42CE-A707-A343B4A7D2CD}\setup.exe" -l0x9
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP-2001AV-->C:\Program Files\InstallShield Installation Information\{88B67363-CF44-45CB-8A2F-695532443CC7}\setup.exe -runfromtemp -l0x0009 -removeonly
IL-2 Sturmovik Series Ultimate Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51F24145-A833-4BD5-AA38-AFC5268928E5} /l1033
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Installation Wizard-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2BCBD4E5-6086-4859-A39F-57A9512AE7E2}
Intel Audio Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x9
Intel® Network Connections 13.3.46.0-->MsiExec.exe /i{555D5F00-9CEE-4FE5-8C2A-5856A4DF94F4} ARPREMOVE=1
InterVideo MediaOne-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}\setup.exe" REMOVEALL
Ipswitch WS_FTP Pro-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\WS_FTP Pro\uninst.isu" -c"C:\Program Files\WS_FTP Pro\FTPInstUtils.dll"
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Juiced-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{902C9C8F-BFC8-4A70-BCE5-F311D6D9CFFD}\setup.exe" -l0x9 -removeonly
K-Lite Codec Pack 3.7.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe"
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Macrium Reflect-->MsiExec.exe /I{1012451C-BEE2-4BC1-A2EB-0858CB8F3CF7}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaCoder 0.6.2-->C:\Program Files\MediaCoder\uninst.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X Photo Scenery Display Update-->MsiExec.exe /I{1AC91509-E17B-46F7-A032-B54DCCA6E8BB}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
NDAS Software 3.43.2003-->MsiExec.exe /I{BC91133D-D42E-49FA-AEB1-A0E36721EEFB}
Need for Speed™ Carbon-->C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}\Setup.exe" -uninst
NMAS Client-->MsiExec.exe /I{9B427732-573E-4E78-B6FA-AC3E5A218BA2}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Secure Module 4.3.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} UNINSTALL
Pastel Partner 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{522CB75A-6514-40FD-955B-1AAC88C8CF06}
Pastel Xpress 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E66ADBCC-A924-44FD-8F31-FB5AD42F9CA6}
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PDF Manual NW-A10003000-->MsiExec.exe /X{BF2F7927-92AF-4F5D-8B93-658F63DF8727}
Pervasive.SQL V8 Workgroup (v8.6)-->MsiExec.exe /I{5FCFC78C-438A-4F4D-B266-E32B8468BAFC}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PlayStation®Network Downloader-->MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
PlayStation®Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Qtopia Desktop 1.7.1-->C:\Program Files\Trolltech\Qtopia Desktop\uninst.exe
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Sage Accounts-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5A550F87-B414-11D6-B627-00E029396FF8}
Sage MIS 3.01-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Informer50\Uninst.isu"
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Master-->C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0009 -removeonly
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Samsung Samples Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x9 -removeonly
Samsung USB Driver-->"C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" -runfromtemp -l0x0009 anything -removeonly
SASA 0.17-->"C:\Program Files\SASA ADSL Stats Analyser\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SlingPlayer-->"C:\Program Files\InstallShield Installation Information\{3D08333C-C366-425D-8C2D-D05630D68A46}\setup.exe" -runfromtemp -l0x0809 -removeonly
SlingPlayer-->MsiExec.exe /X{3D08333C-C366-425D-8C2D-D05630D68A46}
Sony Media Manager for PSP 3.0-->MsiExec.exe /X{21C6344A-918B-4D35-ADB6-7614F97B78EA}
Suunto Dive Manager 2.3.0-->"C:\Program Files\Suunto\Suunto Dive Manager 2 KK\unins000.exe"
Suunto Sports Instrument Drivers-->C:\WINDOWS\system32\suuntoun.exe C:\WINDOWS\system32\sntun2k.ini
The Godfather™ The Game-->C:\Program Files\Electronic Arts\The Godfather The Game\EAUninstall.exe
The Italian Job-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B58561BB-0425-458C-B9C4-44618814BA70}\setup.exe" -l0x9
TimeShift Demo-->C:\Program Files\InstallShield Installation Information\{C319F101-4221-4C5A-A9DE-36A6718F8215}\setup.exe -runfromtemp -l0x0009 -removeonly
TreeSize Free V2.2.1-->"C:\Program Files\JAM Software\TreeSize Free\unins000.exe"
Trek 310-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC09F4A-6AA6-4848-8959-A109BA079C5C}\Setup.exe" -l0x9
TrueSync Products-->C:\WINDOWS\TrueSync Setup\TSComponentInstall.exe RC:\Program Files\Starfish\TrueSync\tspuninst.log
Universe at War Earth Assault-->"C:\Program Files\InstallShield Installation Information\{D4658131-9D1A-4395-876D-968E38FE8ED5}\setup.exe" -runfromtemp -l0x0409 -removeonly
Universe at War Earth Assault-->MsiExec.exe /X{D4658131-9D1A-4395-876D-968E38FE8ED5}
Unreal Tournament 2003-->C:\UT2003\System\Setup.exe uninstall "UT2003"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Vivotek Installation Wizard 2-->"C:\Program Files\Vivotek Inc\Installation Wizard 2\uninstall.exe"
Vivotek ST3402-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{34BC92E4-6310-4EEB-887F-559EB1AA1479}
VIVOTEK ST7501-->"C:\Program Files\Vivotek Inc\ST7501\uninstall.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Driver Package - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 8 Release Candidate 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Resource Kit Tools-->MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.1-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
Winroute-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Softex\winroute\Uninst.isu"

=====HijackThis Backups=====

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-10-28]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9CAF181-684A-4619-A43F-98CD93EB0CAA}: NameServer = 216.146.35.35,216.146.36.36 [2009-11-02]
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFC9652-0B80-4426-B319-720237D87B39}: NameServer = 216.146.35.35,216.146.36.36 [2009-11-02]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-11-02]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A83FD92-4FE1-464B-B3A9-1512AFEF35BF}: NameServer = 216.146.35.35,216.146.36.36 [2009-11-02]
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFC9652-0B80-4426-B319-720237D87B39}: NameServer = 216.146.35.35,216.146.36.36 [2009-11-02]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9CAF181-684A-4619-A43F-98CD93EB0CAA}: NameServer = 216.146.35.35,216.146.36.36 [2009-11-02]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9CAF181-684A-4619-A43F-98CD93EB0CAA}: NameServer = 216.146.35.35,216.146.36.36 [2009-11-02]
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFC9652-0B80-4426-B319-720237D87B39}: NameServer = 216.146.35.35,216.146.36.36 [2009-11-03]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9CAF181-684A-4619-A43F-98CD93EB0CAA}: NameServer = 216.146.35.35,216.146.36.36 [2009-11-03]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-11-03]

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: BLACKBOX
Event Code: 1006
Message: Your computer was unable to automatically configure the IP parameters for
the Network Card with the network address 000E0C76DB0B. The following error occurred
during configuration: The parameter is incorrect.
.

Record Number: 1253
Source Name: Dhcp
Time Written: 20091027204144.000000+120
Event Type: warning
User:

Computer Name: BLACKBOX
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E0C76DB0B. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1252
Source Name: Dhcp
Time Written: 20091027204134.000000+120
Event Type: warning
User:

Computer Name: BLACKBOX
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 1238
Source Name: W32Time
Time Written: 20091027203228.000000+120
Event Type: error
User:

Computer Name: BLACKBOX
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 1237
Source Name: W32Time
Time Written: 20091027203228.000000+120
Event Type: error
User:

Computer Name: BLACKBOX
Event Code: 30013
Message: The DHCP allocator has disabled itself on IP address 10.0.0.102,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Record Number: 1234
Source Name: ipnathlp
Time Written: 20091027203219.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: BLACKBOX
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 22
Source Name: EvntAgnt
Time Written: 20091015120418.000000+120
Event Type: warning
User:

Computer Name: BLACKBOX
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 21
Source Name: EvntAgnt
Time Written: 20091015120418.000000+120
Event Type: warning
User:

Computer Name: BLACKBOX
Event Code: 1000
Message: Faulting application mshta.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18812, fault address 0x000c748b.

Record Number: 15
Source Name: Application Error
Time Written: 20091014204536.000000+120
Event Type: error
User:

Computer Name: BLACKBOX
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 7
Source Name: EvntAgnt
Time Written: 20091014120410.000000+120
Event Type: warning
User:

Computer Name: BLACKBOX
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 6
Source Name: EvntAgnt
Time Written: 20091014120410.000000+120
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Windows Resource Kits\Tools;C:\PVSW\bin;C:\Program Files\Intel\DMIX;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\PVSW\bin\pvjdbc2x.jar;C:\PVSW\bin\pvjdbc.jar;C:\Program Files\QuickTime\QTSystem\QTJava.zip;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"VSL"=C:\PVSW\bin
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------








Logfile of random's system information tool 1.06 (written by random/random)
Run by Tony at 2009-11-14 13:48:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (20%) free of 76 GB
Total RAM: 1022 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:19 PM, on 14/11/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\sttray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Program Files\Vivotek\ST3402\Launcher_VV.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Tony\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tony.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gwweb.csir.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.12.62.4:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SASA ADSL Stats Analyser] C:\Program Files\SASA ADSL Stats Analyser\sasa.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.38/uploader2.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://10.0.0.100/plugin/h263ctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFC9652-0B80-4426-B319-720237D87B39}: NameServer = 216.146.35.35,216.146.36.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9CAF181-684A-4619-A43F-98CD93EB0CAA}: NameServer = 216.146.35.35,216.146.36.36
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ST7501 Uranus Watch Dog - Unknown owner - C:\Program Files\Vivotek Inc\ST7501\Server\ST7501_UranusWatchDog.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: Vivotek ST3402 Launcher (Vivotek_ST3402) - Vivotek Inc. - C:\Program Files\Vivotek\ST3402\Launcher_VV.exe

--
End of file - 13329 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Study Backup of C + D xml.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-09-28 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-16 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-06 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-01 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-06 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2009-11-01 140880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-08-31 286720]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-09-07 303104]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-09 32768]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-04-06 9125888]
"AGEIA PhysX SysTray"=C:\Program Files\AGEIA Technologies\TrayIcon.exe [2006-03-20 331776]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"WINCINEMAMGR"=C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-04-30 278528]
"IP surveillance"= []
"ST7501"= []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-03 2028312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-02 149280]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-28 198160]
"CONNECTScheduler"=C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe [2006-03-23 75336]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-26 68856]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"SASA ADSL Stats Analyser"=C:\Program Files\SASA ADSL Stats Analyser\sasa.exe [2007-07-15 1288704]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"PowerBar"=C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [2004-04-21 86016]
"MobileConnect.EXE"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE []
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2009-11-01 2803200]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2
"Avg7Alrt"=2
"AVG Anti-Spyware Guard"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DynDNS Updater Tray Icon.lnk - C:\Program Files\DynDNS Updater\DynTray.exe
NDAS Device Management.lnk - C:\Program Files\NDAS\System\ndasmgmt.exe
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Documents and Settings\Tony\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-16 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=
"ShutdownWithoutLogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoFileAssociate"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\D-Link\AP Manager for DWL-2100AP\APMGR7XXX.exe"="C:\Program Files\D-Link\AP Manager for DWL-2100AP\APMGR7XXX.exe:*:Enabled:APMGR7XXX"
"C:\PVSW\Bin\w3dbsmgr.exe"="C:\PVSW\Bin\w3dbsmgr.exe:*:Enabled:Database Service Manager"
"C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe"="C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Enabled:il2fb"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WS_FTP Pro\wsftppro.exe"="C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe"="C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe:*:Enabled:graw"
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW-standalone.exe"="C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW-standalone.exe:*:Enabled:GRAW-standalone"
"C:\Program Files\Sierra Entertainment\Empire Earth III Public Demo\EE3.exe"="C:\Program Files\Sierra Entertainment\Empire Earth III Public Demo\EE3.exe:*:Enabled:Empire Earth III Public Demo"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Vivotek\Installation Wizard\InstallationWizard.exe"="C:\Program Files\Vivotek\Installation Wizard\InstallationWizard.exe:*:Enabled:Installation Wizard"
"C:\Program Files\Vivotek Inc\Installation Wizard 2\IW2.exe"="C:\Program Files\Vivotek Inc\Installation Wizard 2\IW2.exe:*:Enabled:Installation Wizard 2"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe"="C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Electronic Arts\Need for Speed Carbon\NFSC.exe"="C:\Program Files\Electronic Arts\Need for Speed Carbon\NFSC.exe:*:Enabled:NFSC"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe"="C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:*:Enabled:Universe at War Earth Assault"
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe"="C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

======List of files/folders created in the last 1 months======

2009-11-13 07:19:03 ----A---- C:\ComboFix.txt
2009-11-13 06:56:10 ----D---- C:\Schrauber
2009-11-02 20:28:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-02 20:28:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-02 20:04:04 ----A---- C:\log.txt
2009-11-02 19:39:57 ----D---- C:\rsit
2009-11-02 17:33:22 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-02 17:33:22 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-02 17:33:22 ----A---- C:\WINDOWS\system32\java.exe
2009-11-02 16:33:08 ----D---- C:\Program Files\ERUNT
2009-11-01 21:36:07 ----A---- C:\Boot.bak
2009-11-01 21:35:56 ----RASHD---- C:\cmdcons
2009-11-01 21:34:03 ----A---- C:\WINDOWS\zip.exe
2009-11-01 21:34:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-01 21:34:03 ----A---- C:\WINDOWS\SWSC.exe
2009-11-01 21:34:03 ----A---- C:\WINDOWS\SWREG.exe
2009-11-01 21:34:03 ----A---- C:\WINDOWS\sed.exe
2009-11-01 21:34:03 ----A---- C:\WINDOWS\PEV.exe
2009-11-01 21:34:03 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-01 21:34:03 ----A---- C:\WINDOWS\MBR.exe
2009-11-01 21:34:03 ----A---- C:\WINDOWS\grep.exe
2009-11-01 21:33:51 ----D---- C:\WINDOWS\ERDNT
2009-11-01 15:53:03 ----D---- C:\Qoobox
2009-11-01 15:47:38 ----D---- C:\Program Files\iPod
2009-11-01 15:47:28 ----D---- C:\Program Files\iTunes
2009-11-01 09:37:52 ----A---- C:\WINDOWS\imsins.BAK
2009-11-01 09:36:27 ----HDC---- C:\WINDOWS\ie8
2009-10-31 11:53:44 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-30 17:28:01 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-30 17:27:33 ----D---- C:\Program Files\Lavasoft
2009-10-30 17:27:33 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-30 16:31:50 ----SHD---- C:\WINDOWS\CSC
2009-10-30 16:19:59 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-28 18:18:38 ----D---- C:\Documents and Settings\Tony\Application Data\Malwarebytes
2009-10-28 18:18:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-28 18:18:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-28 18:15:22 ----D---- C:\Program Files\Trend Micro
2009-10-26 20:08:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-26 20:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-26 20:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-26 20:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-26 20:02:43 ----DC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-26 20:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-26 20:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-26 20:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-26 20:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-26 20:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-26 18:04:16 ----D---- C:\Documents and Settings\Tony\Application Data\SASA
2009-10-17 10:16:39 ----D---- C:\Program Files\iPod(2)
2009-10-17 10:16:35 ----D---- C:\Program Files\iTunes(2)
2009-10-17 10:16:35 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-16 18:57:19 ----D---- C:\Program Files\SpeedBit Video Accelerator
2009-10-16 18:50:20 ----D---- C:\Program Files\SpeedBit Video Downloader

======List of files/folders modified in the last 1 months======

2009-11-14 13:45:14 ----D---- C:\WINDOWS\Prefetch
2009-11-14 13:38:23 ----D---- C:\WINDOWS\system32
2009-11-14 13:38:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-14 13:37:58 ----D---- C:\WINDOWS\system32\inetsrv
2009-11-14 13:36:54 ----SD---- C:\WINDOWS\Tasks
2009-11-14 13:36:06 ----D---- C:\Program Files\Mozilla Firefox
2009-11-14 13:34:46 ----D---- C:\WINDOWS\Temp
2009-11-14 13:34:44 ----D---- C:\Program Files\SASA ADSL Stats Analyser
2009-11-14 13:34:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-14 13:34:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-14 13:34:27 ----D---- C:\WINDOWS
2009-11-13 21:28:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-13 11:20:34 ----D---- C:\WINDOWS\system32\drivers
2009-11-13 11:20:32 ----HD---- C:\WINDOWS\inf
2009-11-13 07:14:33 ----A---- C:\WINDOWS\system.ini
2009-11-13 07:09:33 ----D---- C:\WINDOWS\AppPatch
2009-11-13 07:09:31 ----D---- C:\Program Files\Common Files
2009-11-12 12:24:13 ----D---- C:\$AVG8.VAULT$
2009-11-12 07:07:20 ----D---- C:\WINDOWS\Minidump
2009-11-08 20:08:48 ----D---- C:\Program Files\FinePixViewer
2009-11-04 13:32:27 ----D---- C:\WINDOWS\system32\config
2009-11-02 22:09:27 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-02 22:09:21 ----RSD---- C:\WINDOWS\assembly
2009-11-02 21:25:03 ----D---- C:\WINDOWS\network diagnostic
2009-11-02 20:28:52 ----RD---- C:\Program Files
2009-11-02 17:33:27 ----D---- C:\Config.Msi
2009-11-02 17:33:12 ----SHD---- C:\WINDOWS\Installer
2009-11-02 17:33:05 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-02 17:28:01 ----D---- C:\Program Files\Java
2009-11-02 12:02:14 ----D---- C:\WINDOWS\repair
2009-11-02 12:00:33 ----D---- C:\WINDOWS\Registration
2009-11-01 21:36:07 ----RASH---- C:\boot.ini
2009-11-01 21:30:46 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-01 21:30:46 ----D---- C:\Documents and Settings\Tony\Application Data\Samsung
2009-11-01 21:30:38 ----D---- C:\Program Files\Samsung
2009-11-01 21:21:20 ----D---- C:\WINDOWS\WinSxS
2009-11-01 21:18:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-01 15:48:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-01 15:47:36 ----D---- C:\Program Files\Common Files\Apple
2009-11-01 15:45:07 ----D---- C:\Program Files\QuickTime
2009-11-01 09:39:20 ----D---- C:\WINDOWS\system32\en-US
2009-11-01 09:39:19 ----D---- C:\WINDOWS\Media
2009-11-01 09:39:19 ----D---- C:\WINDOWS\Help
2009-11-01 09:39:19 ----D---- C:\Program Files\Internet Explorer
2009-11-01 09:26:48 ----D---- C:\WINDOWS\Debug
2009-11-01 09:23:12 ----D---- C:\WINDOWS\ie8updates
2009-11-01 08:37:50 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit
2009-11-01 08:14:16 ----D---- C:\Program Files\DAP
2009-11-01 08:02:24 ----D---- C:\WINDOWS\system32\nls
2009-11-01 08:02:24 ----D---- C:\WINDOWS\system
2009-10-31 17:21:06 ----D---- C:\WinXP_Installation_Disk
2009-10-30 16:15:22 ----A---- C:\WINDOWS\win.ini
2009-10-28 21:02:20 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-28 20:55:02 ----D---- C:\WINDOWS\system32\wbem
2009-10-28 20:51:12 ----D---- C:\Program Files\Billion 800VGT
2009-10-28 20:50:07 ----D---- C:\WINDOWS\system32\Restore
2009-10-26 20:08:16 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-17 10:46:18 ----D---- C:\Documents and Settings\Tony\Application Data\Apple Computer
2009-10-17 09:58:45 ----D---- C:\Program Files\CompuTrainer 3D V3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-16 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-16 27784]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-09 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 ndasfat;NDAS FAT File System Service; C:\WINDOWS\system32\DRIVERS\ndasfat.sys [2009-02-07 416232]
R1 ndasrofs;NDAS ROFS File System Service; C:\WINDOWS\system32\DRIVERS\ndasrofs.sys [2009-02-07 783848]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 SIODRV;SIODRV; \??\C:\WINDOWS\system32\drivers\SIODRV.SYS []
R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2008-08-20 171152]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-12-26 10752]
R3 ndasbus;NDAS Bus Driver; C:\WINDOWS\system32\DRIVERS\ndasbus.sys [2009-02-07 121320]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-04-13 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-09 47360]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
R3 SMBios;Intel ® System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2004-05-12 36484]
R3 smbusp;Intel® SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2005-03-15 21248]
R3 snpstd2;Trek 310; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2005-05-24 392448]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-07 1178088]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-09 99584]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 Camdrv30;Philips ToUcam XS; C:\WINDOWS\System32\Drivers\camdrv30.sys [2001-08-17 171264]
S3 catchme;catchme; \??\C:\DOCUME~1\Tony\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FTDIBUS;Suunto USB Serial Drivers; C:\WINDOWS\system32\drivers\sntbus.sys [2004-04-20 24209]
S3 FTSER2K;Suunto USB Serial Port Driver; C:\WINDOWS\system32\drivers\sntser2k.sys [2004-04-20 57404]
S3 GTF32BUS;GT F32 BUS; C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2006-09-01 32640]
S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2006-09-01 8064]
S3 GTSCSER;GT SC SER; C:\WINDOWS\system32\DRIVERS\gtscser.sys [2006-09-01 19328]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-09-11 88960]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-09-11 88960]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface; C:\WINDOWS\system32\DRIVERS\ewusbapp.sys [2006-09-01 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface; C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2006-09-01 65152]
S3 iviudf;iviudf; C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-13 116224]
S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-14 63744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 ndasscsi;NDAS SCSI Miniport Driver; C:\WINDOWS\system32\DRIVERS\ndasscsi.sys [2009-02-07 276968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PLCND532;PLCND532 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PLCND532.sys [2007-12-14 26656]
S3 PSMounter;Macrium Reflect Image Explorer Service; \??\C:\WINDOWS\system32\drivers\psmounter.sys []
S3 RemoteControl-USBLAN;RemoteControl-USBLAN; C:\WINDOWS\system32\DRIVERS\rcblan.sys [2007-01-24 39704]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SoP1kUSB;Sony PEG Virtual Port; C:\WINDOWS\System32\Drivers\SoP1kUSB.sys [2000-06-07 30051]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TSClient;Tatara Protocol Driver; C:\WINDOWS\system32\drivers\tsclient.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-16 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DynDNS Updater;DynDNS Updater; C:\Program Files\DynDNS Updater\DynUpSvc.exe [2009-09-28 99704]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-09 871424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-02 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-02 1179232]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 ndassvc;NDAS Service; C:\Program Files\NDAS\System\ndassvc.exe [2009-02-07 411112]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 ReflectService;Macrium Reflect Image Mounting Service; C:\Program Files\Macrium\Reflect\ReflectService.exe [2009-08-25 220128]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SlingAgentService;SlingAgentService; C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe [2009-04-27 93960]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-09-07 86016]
R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe [2009-11-01 300656]
R2 Vivotek_ST3402;Vivotek ST3402 Launcher; C:\Program Files\Vivotek\ST3402\Launcher_VV.exe [2008-06-26 335872]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S1 udffsrec;udffsrec; C:\WINDOWS\system32\drivers\udffsrec.sys [2004-12-20 5248]
S2 ST7501 Uranus Watch Dog;ST7501 Uranus Watch Dog; C:\Program Files\Vivotek Inc\ST7501\Server\ST7501_UranusWatchDog.exe [2008-10-29 185728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-07 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-08-30 53337]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-08-30 53337]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [2006-04-11 79432]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-08-30 69718]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   37.85KB   1 downloads
  • Attached File  log.txt   45.17KB   12 downloads


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:39 PM

Posted 14 November 2009 - 09:17 AM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 tkirkbri

tkirkbri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 15 November 2009 - 02:13 AM

Hi Schrauber

Quick scan below....... I've attached Full scan.

Malwarebytes' Anti-Malware 1.41
Database version: 3173
Windows 5.1.2600 Service Pack 3

15/11/09 7:56:34 AM
mbam-log-2009-11-15 (07-56-34).txt

Scan type: Quick Scan
Objects scanned: 158606
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:39 PM

Posted 15 November 2009 - 09:37 AM

Hi,

Step 1

Please download Rooter.exe and save to your desktop.
alternate download link
  • Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
  • Click the Scan button to begin.
  • Once the scan is complete, Notepad will open with a report named Rooter_#.txt (where # is the number assigned to the report).
  • A folder will be created at the %systemdrive% (usually, C:\Rooter$) where the log will be saved.
  • Rooter will automatically close. If it doesn't, just press the Close button.
  • Copy and paste the contents of Rooter_#.txt in your next reply.
Important: Before performing a scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.




Step 2

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 tkirkbri

tkirkbri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 15 November 2009 - 01:39 PM

Hi Schrauber

There were some %temp% files that could not be deleted, see bmp attached.

STEP 1 LOG

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18372
Mozilla Firefox 3.5.3 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:14 Go )
D:\ [Fixed-NTFS] .. ( Total:279 Go - Free:223 Go )
E:\ [CD_Rom]
.
Scan : 20:33.20
Path : C:\Documents and Settings\Tony\Desktop\Rooter.exe
User : Tony ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (1104)
______ \??\C:\WINDOWS\system32\csrss.exe (1164)
______ \??\C:\WINDOWS\system32\winlogon.exe (1188)
______ C:\WINDOWS\system32\services.exe (1232)
______ C:\WINDOWS\system32\lsass.exe (1252)
______ C:\WINDOWS\system32\svchost.exe (1424)
______ C:\WINDOWS\system32\svchost.exe (1492)
______ C:\WINDOWS\System32\svchost.exe (1640)
______ C:\Program Files\Ahead\InCD\InCDsrv.exe (1660)
______ C:\WINDOWS\system32\svchost.exe (1732)
______ C:\WINDOWS\system32\svchost.exe (1804)
______ C:\WINDOWS\system32\svchost.exe (1932)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (188)
______ C:\WINDOWS\system32\spoolsv.exe (340)
______ C:\WINDOWS\system32\svchost.exe (536)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (656)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (688)
______ C:\Program Files\Bonjour\mDNSResponder.exe (732)
______ C:\WINDOWS\System32\svchost.exe (808)
______ C:\WINDOWS\system32\inetsrv\inetinfo.exe (844)
______ C:\Program Files\Java\jre6\bin\jqs.exe (980)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (600)
______ C:\Program Files\NDAS\System\ndassvc.exe (1052)
______ C:\WINDOWS\system32\nvsvc32.exe (1256)
______ C:\Program Files\Macrium\Reflect\ReflectService.exe (1576)
______ C:\WINDOWS\system32\tcpsvcs.exe (1800)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (432)
______ C:\WINDOWS\Explorer.EXE (916)
______ C:\WINDOWS\vsnpstd2.exe (2112)
______ C:\WINDOWS\sttray.exe (2124)
______ C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (2136)
______ C:\WINDOWS\system32\RUNDLL32.EXE (2196)
______ C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (2212)
______ C:\Program Files\AGEIA Technologies\TrayIcon.exe (2220)
______ C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (2252)
______ C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe (2264)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (2276)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2300)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (2320)
______ C:\WINDOWS\System32\snmp.exe (2344)
______ C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe (2396)
______ C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe (2472)
______ C:\Program Files\iTunes\iTunesHelper.exe (2536)
______ C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (2668)
______ C:\Program Files\SASA ADSL Stats Analyser\sasa.exe (2708)
______ C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (2760)
______ C:\Program Files\Windows Media Player\WMPNSCFG.exe (2792)
______ C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (2840)
______ C:\Program Files\DAP\DAP.EXE (2904)
______ C:\WINDOWS\system32\ctfmon.exe (2916)
______ C:\Program Files\DynDNS Updater\DynTray.exe (2944)
______ C:\Program Files\NDAS\System\ndasmgmt.exe (2988)
______ C:\WINDOWS\system32\svchost.exe (3000)
______ C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe (3036)
______ C:\Program Files\Vivotek\ST3402\Launcher_VV.exe (3068)
______ C:\Program Files\Microsoft Office\Office\OSA.EXE (3076)
______ C:\Program Files\DynDNS Updater\DynUpSvc.exe (3144)
______ C:\Program Files\Windows Media Player\WMPNetwk.exe (3328)
______ C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe (3452)
______ C:\WINDOWS\system32\wbem\unsecapp.exe (2700)
______ C:\WINDOWS\system32\wscntfy.exe (2976)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3024)
______ C:\WINDOWS\System32\alg.exe (3752)
______ C:\Program Files\iPod\bin\iPodService.exe (4060)
______ C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (2984)
______ C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (2752)
______ C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (932)
______ C:\WINDOWS\system32\wuauclt.exe (4768)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (5516)
______ C:\Program Files\Mozilla Firefox\firefox.exe (224)
______ C:\Documents and Settings\Tony\Desktop\Rooter.exe (4348)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:80015491584)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\Study Backup of C + D xml.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:33.34
.
C:\Rooter$\Rooter_1.txt - (15/11/2009 | 20:33.34)



STEP 2 LOG

SmitFraudFix v2.424

Scan done at 20:35:47.41, 15/11/09
Run from C:\Documents and Settings\Tony\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\sttray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SASA ADSL Stats Analyser\sasa.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Program Files\Vivotek\ST3402\Launcher_VV.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tony


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Tony\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tony\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Tony\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/1000 MT Desktop Adapter - Packet Scheduler Miniport
DNS Server Search Order: 216.146.35.35
DNS Server Search Order: 216.146.36.36

Description: Intel® PRO/1000 MT Desktop Adapter - Packet Scheduler Miniport
DNS Server Search Order: 216.146.35.35
DNS Server Search Order: 216.146.36.36

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2FFC9652-0B80-4426-B319-720237D87B39}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2FFC9652-0B80-4426-B319-720237D87B39}: NameServer=216.146.35.35,216.146.36.36
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3A83FD92-4FE1-464B-B3A9-1512AFEF35BF}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9CAF181-684A-4619-A43F-98CD93EB0CAA}: NameServer=216.146.35.35,216.146.36.36
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2FFC9652-0B80-4426-B319-720237D87B39}: NameServer=216.146.35.35,216.146.36.36
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2FFC9652-0B80-4426-B319-720237D87B39}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2FFC9652-0B80-4426-B319-720237D87B39}: NameServer=216.146.35.35,216.146.36.36
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3A83FD92-4FE1-464B-B3A9-1512AFEF35BF}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E9CAF181-684A-4619-A43F-98CD93EB0CAA}: NameServer=216.146.35.35,216.146.36.36
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2FFC9652-0B80-4426-B319-720237D87B39}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2FFC9652-0B80-4426-B319-720237D87B39}: NameServer=216.146.35.35,216.146.36.36
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3A83FD92-4FE1-464B-B3A9-1512AFEF35BF}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E9CAF181-684A-4619-A43F-98CD93EB0CAA}: NameServer=216.146.35.35,216.146.36.36
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:39 PM

Posted 16 November 2009 - 03:14 PM

Do you need the program DynDNSUpdater?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 tkirkbri

tkirkbri
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 17 November 2009 - 12:03 AM

Schrauber (You're a STAR)

Yes. DynDNSUpdater resolves my dynamic Telkom Broadband IP address to

xxxxxx.dyndns.tv

so that I can monitor my security camera using a trusted source (even when I reboot my modem)

http://www.dyndns.com/

Please see result of WHOIS attached!!!!!!

It is now very clear that DYNDNS is the source of the 'DNS Changer virus'.

There is no problem with the 216.146.35.35;216.146.36.36 as long as I haven't reached my international bandwidth cap (5Gb). However, once this is reached I have 30Gb local BUT cannot use it since the DNS changes to 216.146.35.35,216.146.36.36 (ie International). Hence, I can't use any local bandwidth. Any suggestions to work around this problem?

Thanks for your help. Any closing comments!!!!!!!

Tony




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users