Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Worm:Win32/Emold.U


  • This topic is locked This topic is locked
8 replies to this topic

#1 a-non-y-moose

a-non-y-moose

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 21 December 2009 - 12:19 PM

my desktop changed and it had a warning saying I have been infected. Also, I couldn't start Task Manager. One or several popups started telling me to download removal tools. I did not trust these and didn't download anything. I updated my windows defender and ran scans. It did detect and removed different stuff with name variations of the one above. Still my desktop had the warning and I couldn't change the desktop image. I installed Microsoft Security Essentials and ran. Again it detected and remove same virus mentioned above but desktop remained the same.

I searched online what to do if I can't change desktop and start Task Manager. Online I found instructions how to go into Regedit and delete in Policy so I can now change desktop picture and start Task Manager.

But I still get popups windows with add. I get these in Chrome and in Explorer. Problem originally started when I was browsing in Chrome.

My ISP provide a free Anti-Virus program so I downloaded that and ran it. My ISP is cbeyond and the anti-virus program is called F-secure. After running all scans several time problem still persist. Popups keep coming. Just a minute a go I was prompted to fill an online survey for BleepingComputer. It looked legit so I filled it out in an effort to give something back to this site that I hope will help me solve this. After I filled it out it offered me some products and I realized it was the virus again.

It seems the Anti-Virus program is not able to remove this. Today an application tried to access the internet called WilaWape.dll. I denied access to internet since I am not aware of any program on my computer with that name.

When I read log of the anti-virus software it states that it did found a riskware named: PSWTool.Win32.SnadBoy.2011. This keeps coming back after each scan.

When I reboot the computer it tells me it couldn't find program Logon.exe. I think that was installed by the virus but it looks like the anti-virus software removed it but it still tries to start after each reboot.

I have Windows XP Professional, Version 2002, Service Pack 3.

Thank you for assisting me.

-----
CONTENT OF DDS.TXT


DDS (Ver_09-12-01.01) - NTFSx86
Run by rjesus at 11:57:46.29 on Mon 12/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1949 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Cbeyond Secure Desktop 8.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Cbeyond Secure Desktop 8.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsgk32st.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FSMA32.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ESHA\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Program Files\TomTom HOME\TomTomHOMEService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FAMEH32.EXE
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsqh.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\Cbeyond Secure Desktop\FSAUA\program\fsaua.exe
C:\Program Files\Cbeyond Secure Desktop\FWES\Program\fsdfwd.exe
C:\Program Files\Cbeyond Secure Desktop\FSAUA\program\fsus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Cbeyond Secure Desktop\FSGUI\fsguidll.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Plaxo\3.23.0.11\plx_link.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\FSGK32.EXE
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fssm32.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rjesus.DUTCH\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ddfoodsolutions.com/portal.htm
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Shell=Explorer.exe logon.exe
mWinlogon: Userinit=Userinit.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PlaxoUpdate] c:\program files\plaxo\3.23.0.11\PlaxoHelper_en.exe -a
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [PlaxoSysTray] c:\program files\plaxo\3.23.0.11\PlaxoSysTray.exe
uRun: [Google Update] "c:\documents and settings\rjesus.dutch\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "c:\program files\tomtom home\TomTomHOMERunner.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [F-Secure Manager] "c:\program files\cbeyond secure desktop\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\cbeyond secure desktop\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [rotuhovup] Rundll32.exe "c:\windows\system32\darususi.dll",a
StartupFolder: c:\docume~1\rjesus~1.dut\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\cbeyond secure desktop\fsps\program\FSLSP.DLL
Trusted Zone: wachovia.com
Trusted Zone: wachovia.com\commercial
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/2006/sienna/key_features/ext360.html?noreloadredir
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129893904646
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
DPF: {AB828640-9B09-4752-9C41-070FCAF537F3} - hxxp://10.10.10.55/DVRRemote.cab
DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} - hxxp://209.42.43.170:9090/WebDvr3.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://blr.webex.com/client/T23L/sales/ieatgpc.cab
DPF: {F5131C24-E56D-11CF-B78A-444553540000} - hxxps://wc.wachovia.com/common/cab/ikcntrls.cab
TCP: {A74347F4-7135-48EC-8940-CB2782DF1E1D} = 10.10.10.20
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: tarowata.dll c:\windows\system32\nisawoyi.dll c:\windows\system32\lafegana.dll c:\windows\system32\darususi.dll c:\windows\system32\luwapeta.dll c:\windows\system32\dineyata.dll c:\windows\system32\tasusape.dll c:\windows\system32\lomewura.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: juferonek - {53bfb412-22d7-4c8c-9ec8-6c62d92f3605} - c:\windows\system32\lafegana.dll
STS: kupuhivus: {53bfb412-22d7-4c8c-9ec8-6c62d92f3605} - c:\windows\system32\lomewura.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Notification Packages = scecli zugibiru.dll
Hosts: 10.10.10.20 s_dutch.dutch.local
================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rjesus~1.dut\applic~1\mozilla\firefox\profiles\al8lkr3f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ddfoodsolutions.com/portal.htm
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-12-18 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-12-18 80032]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\cbeyond secure desktop\hips\drivers\fshs.sys [2009-12-18 67808]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\cbeyond secure desktop\anti-virus\fsgk32st.exe [2009-12-18 215648]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-11-5 10384]
R2 MSSQL$ESHA;MSSQL$ESHA;c:\program files\microsoft sql server\mssql$esha\binn\sqlservr.exe [2005-5-4 9158656]
R2 TeamViewer;TeamViewer 3;c:\program files\teamviewer3\TeamViewer_Service.exe [2008-10-7 185640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home\TomTomHOMEService.exe [2009-8-27 92008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\cbeyond secure desktop\anti-virus\minifilter\fsgk.sys [2009-12-18 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\cbeyond secure desktop\orsp client\fsorsp.exe [2009-12-18 55904]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 SQLAgent$ESHA;SQLAgent$ESHA;c:\program files\microsoft sql server\mssql$esha\binn\sqlagent.EXE [2005-5-3 323584]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\cbeyond secure desktop\anti-virus\win2k\fsfilter.sys [2009-12-18 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\cbeyond secure desktop\anti-virus\win2k\fsrec.sys [2009-12-18 25184]
S4 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?]

=============== Created Last 30 ================

2009-12-18 18:42:03 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-12-18 18:29:41 639 ----a-w- c:\windows\event_5.xml
2009-12-18 18:07:57 683 ----a-w- c:\windows\event_2.xml
2009-12-18 18:07:56 602 ----a-w- c:\windows\event_1.xml
2009-12-18 18:02:39 0 d-----w- c:\docume~1\rjesus~1.dut\applic~1\F-Secure
2009-12-18 17:34:23 80032 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-12-18 17:34:23 36736 ----a-w- c:\windows\system32\drivers\fsndis5.sys
2009-12-18 17:33:46 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2009-12-18 17:32:18 0 d-----w- c:\program files\Cbeyond Secure Desktop
2009-12-18 17:31:47 0 d-----w- c:\docume~1\alluse~1\applic~1\fssg
2009-12-18 14:35:22 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-17 23:18:54 0 d-----w- c:\docume~1\rjesus~1.dut\applic~1\AVG8
2009-12-17 22:48:50 0 ----a-w- c:\windows\system32\41.exe
2009-12-17 22:48:19 2854 ----a-w- c:\windows\system32\critical_warning.html

==================== Find3M ====================

2009-11-05 16:18:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-11-05 16:18:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-11-05 16:18:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-11-05 16:18:35 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-27 16:04:55 256 ----a-w- c:\documents and settings\rjesus.dutch\pool.bin
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-20 10:54:33 39424 --sha-w- c:\windows\system32\bepafajo.dll
2009-09-20 22:54:47 38400 --sha-w- c:\windows\system32\bihidilo.dll
2009-09-19 10:53:58 92160 --sha-w- c:\windows\system32\darususi.dll
2009-09-20 10:54:33 92672 --sha-w- c:\windows\system32\dineyata.dll
2009-09-21 10:55:06 38912 --sha-w- c:\windows\system32\fewagohu.dll
2009-09-18 10:53:23 52224 --sha-w- c:\windows\system32\fureyeva.dll
2009-09-18 10:53:19 52224 --sha-w- c:\windows\system32\hebowugi.dll
2009-09-18 22:53:37 92672 --sha-w- c:\windows\system32\lafegana.dll
2009-09-21 10:55:06 92672 --sha-w- c:\windows\system32\lomewura.dll
2009-09-19 22:54:09 91648 --sha-w- c:\windows\system32\luwapeta.dll
2009-09-18 10:53:19 91648 --sha-w- c:\windows\system32\nisawoyi.dll
2009-09-17 22:53:07 38912 --sha-w- c:\windows\system32\noturogu.dll
2009-09-19 10:53:58 38400 --sha-w- c:\windows\system32\ruyopaku.dll
2009-09-18 10:53:23 52224 --sha-w- c:\windows\system32\tarowata.dll
2009-09-20 22:54:47 92672 --sha-w- c:\windows\system32\tasusape.dll
2009-09-18 10:53:19 38400 --sha-w- c:\windows\system32\tidadegi.dll
2009-09-19 10:53:58 60928 --sha-w- c:\windows\system32\wilawape.dll
2009-09-18 22:53:37 38400 --sha-w- c:\windows\system32\yifiroso.dll
2009-09-18 10:53:23 52224 --sha-w- c:\windows\system32\zugibiru.dll
2008-09-05 17:32:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 12:00:34.27 ===============

TODAY IS 12/22.

When I came in this morning before I logged there was a window on my screen with the following message from F-Secure Anti-Virus software:

Malicious code found in file C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1655\A0139660.dll
Infection: Trojan.Win32.Monder.cvov
Action: The file was renamed

After I clicked on OK in that window then the next window would say:

Malicious code found in file C:\....[same as above]....\A0139660.0ll
Infection: .....[same as above]...
Action: Failed

After I clicked on OK in that window then I keep getting the same window for a couple of times. I stopped clicking on OK and just logged in. Once in I clicked a couple more times on the OK and the window stopped coming back.

When I started Chrome in order to add the above to this post I immediately got the same advertisement pop up windows to buy virus protection.

--------------------------END of this addition-----------

Attached Files


Edited by a-non-y-moose, 22 December 2009 - 10:01 AM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:13 AM

Posted 03 January 2010 - 03:10 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 a-non-y-moose

a-non-y-moose
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 04 January 2010 - 10:37 AM

Hi, thanks for helping out. Hereby the report after running RSIT:




info.txt logfile of random's system information tool 1.06 2010-01-04 10:23:06

======Uninstall list======

-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Cbeyond Secure Desktop\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
-->MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
-->MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 6.0 Standard-->MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator 10.0.3-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe InDesign 2.0.1-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\InDesign 2.0\Uninst.isu" -c"C:\Program Files\Adobe\InDesign 2.0\Uninst.dll"
Adobe Interactive Forms Update SP1-->MsiExec.exe /I{AC76BA86-0000-F676-9FA0-000000000603}
Adobe Photoshop 7.0.1-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{C178B38F-613A-4EFE-B718-A675BD27A1E1}
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{C178B38F-613A-4EFE-B718-A675BD27A1E1}
Broadcom Advanced Control Suite-->MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Business Contact Manager for Outlook 2003-->MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
Cbeyond Secure Desktop-->"C:\Program Files\Cbeyond Secure Desktop\FSGUI\PostInstall.exe" /tUnInstall
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CoLOS Create Pro 3.1-->MsiExec.exe /I{18C22E8E-6B5D-496E-9F05-C08CCA8CBB43}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DBA Manufacturing Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63EE5FB4-47ED-4129-82DB-E38DBACB8B0C}\Setup.exe" -l0x9
erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
File, Print FedEx Kinko's-->MsiExec.exe /X{94DB1FD3-10E1-4C2F-81FA-AFDE9DC06BF5}
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
G.Neil Optima Attendance Controller 8.0-->"C:\Program Files\InstallShield Installation Information\GNeilUninst.exe" -uninstall -guid"{7043B64C-9602-41E5-8A3D-2170485ECE95}_1"
G.Neil Optima Time Clock 8.0-->"C:\Program Files\InstallShield Installation Information\GNeilUninst.exe" -uninstall -guid"{65DCC174-38B7-4562-B128-2069264B07EF}_1"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix 2055 for SQL Server 2000 ENU (KB960082)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (ESHA)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (1.0.7)-->C:\WINDOWS\UninstallFirefox.exe /ua "1.0.7 (en-US)"
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NI LabVIEW Run-Time Engine 5.1.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\National Instruments\Shared\LabVIEW Run-Time\5.1\Uninst.isu"
OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Plaxo Toolbar for Windows-->C:\Program Files\Plaxo\3.23.0.11\uninstall.exe
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QBFC2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{795F2EA4-9798-4BA5-B31A-C8F41A124FC8}\Setup.exe" -l0x9 \-ADDREMOVE
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Media Manager-->MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe
TomTom HOME 2.7.2.1825-->C:\Program Files\TomTom HOME\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Version 2.0.0.3-->"C:\Program Files\XP Access\unins000.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
VNC 3.3.7-->"C:\Program Files\RealVNC\unins000.exe"
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

10.10.10.20 s_dutch.dutch.local

======Security center information======

AV: Microsoft Security Essentials
AV: Cbeyond Secure Desktop 8.00
FW: Cbeyond Secure Desktop 8.00

======System event log======

Computer Name: DUTCH01
Event Code: 4321
Message: The name "DUTCH :1d" could not be registered on the Interface with IP address 10.10.10.30.
The machine with the IP address 10.10.10.20 did not allow the name to be claimed by
this machine.

Record Number: 43633
Source Name: NetBT
Time Written: 20091228104243.000000-300
Event Type: error
User:

Computer Name: DUTCH01
Event Code: 4321
Message: The name "DUTCH :1d" could not be registered on the Interface with IP address 10.10.10.30.
The machine with the IP address 10.10.10.20 did not allow the name to be claimed by
this machine.

Record Number: 43632
Source Name: NetBT
Time Written: 20091228103733.000000-300
Event Type: error
User:

Computer Name: DUTCH01
Event Code: 4321
Message: The name "DUTCH :1d" could not be registered on the Interface with IP address 10.10.10.30.
The machine with the IP address 10.10.10.20 did not allow the name to be claimed by
this machine.

Record Number: 43631
Source Name: NetBT
Time Written: 20091228103223.000000-300
Event Type: error
User:

Computer Name: DUTCH01
Event Code: 4321
Message: The name "DUTCH :1d" could not be registered on the Interface with IP address 10.10.10.30.
The machine with the IP address 10.10.10.20 did not allow the name to be claimed by
this machine.

Record Number: 43630
Source Name: NetBT
Time Written: 20091228102712.000000-300
Event Type: error
User:

Computer Name: DUTCH01
Event Code: 4321
Message: The name "DUTCH :1d" could not be registered on the Interface with IP address 10.10.10.30.
The machine with the IP address 10.10.10.20 did not allow the name to be claimed by
this machine.

Record Number: 43629
Source Name: NetBT
Time Written: 20091228102203.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: DUTCH01
Event Code: 5000
Message: EventType mptelemetry, P1 80070422, P2 beginsearch, P3 search, P4 2.0.6212.0, P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL.

Record Number: 150776
Source Name: MPSampleSubmission
Time Written: 20091223184559.000000-300
Event Type: error
User:

Computer Name: DUTCH01
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 150773
Source Name: Application Hang
Time Written: 20091223180916.000000-300
Event Type: error
User:

Computer Name: DUTCH01
Event Code: 5000
Message: EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 1.1.5302.0, P3 1.71.1013.0, P4 1.71.1013.0, P5 001bf361-0000-0000-0000-000000000000_da9f8d1f26d4638b97323545283d50bc95470cda, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Record Number: 150771
Source Name: MPSampleSubmission
Time Written: 20091223180116.000000-300
Event Type: error
User:

Computer Name: DUTCH01
Event Code: 5000
Message: EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 1.1.5302.0, P3 1.71.1013.0, P4 1.71.1013.0, P5 200000a700000001_da9f8d1f26d4638b97323545283d50bc95470cda, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Record Number: 150758
Source Name: MPSampleSubmission
Time Written: 20091223123636.000000-300
Event Type: error
User:

Computer Name: DUTCH01
Event Code: 5000
Message: EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 1.1.5302.0, P3 1.71.1013.0, P4 1.71.1013.0, P5 200000a700000001_da9f8d1f26d4638b97323545283d50bc95470cda, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Record Number: 150756
Source Name: MPSampleSubmission
Time Written: 20091223123557.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:13 AM

Posted 12 January 2010 - 02:57 PM

  • Please download Trend Micro - HijackThis.
  • Double click HJTInstall.exe to begin installation.
  • Accept the installation location, which by default is C:\Program Files\Trend Micro\HijackThis or click the Browse... button if you want to save it in another location.
  • Click Install.
  • A shortcut will be created on your Desktop and HijackThis will run automatically.
  • You will need to accept the EULA, if it appears, to be able to use the tool.
  • When HijackThis opens, click on the Do a system scan and save a log file button.
  • When HijackThis has finished scanning, a window entitled hijackthis.log will open. When you close this window, the log will be saved into the HijackThis folder.
  • If needed, see TrendMicro™ HijackThis™ Quick Start Guide
  • Copy and paste this log into your next reply.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 a-non-y-moose

a-non-y-moose
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 January 2010 - 07:52 PM

Hi, thank you again for helping out.

Hereby the hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:37 PM, on 1/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsgk32st.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FSMA32.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ESHA\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FCH32.EXE
C:\Program Files\Cbeyond Secure Desktop\Common\FAMEH32.EXE
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Program Files\TomTom HOME\TomTomHOMEService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\Cbeyond Secure Desktop\FSAUA\program\fsaua.exe
C:\Program Files\Cbeyond Secure Desktop\FWES\Program\fsdfwd.exe
C:\Program Files\Cbeyond Secure Desktop\FSAUA\program\fsus.exe
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsav32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\FSGK32.EXE
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fssm32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\TomTom HOME\TomTomHOMERunner.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Cbeyond Secure Desktop\FSGUI\fsguidll.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
H:\rustico\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ddfoodsolutions.com/portal.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
F2 - REG:system.ini: UserInit=Userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Cbeyond Secure Desktop\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Cbeyond Secure Desktop\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\rjesus.DUTCH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-21-117609710-1647877149-839522115-1107\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-117609710-1647877149-839522115-1107\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-117609710-1647877149-839522115-1107\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe -a (User '?')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://10.10.10.55
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...l?noreloadredir
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129893904646
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/i...ViewerSetup.cab
O16 - DPF: {AB828640-9B09-4752-9C41-070FCAF537F3} (DVRRemote Control) - http://10.10.10.55/DVRRemote.cab
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://209.42.43.170:9090/WebDvr3.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://blr.webex.com/client/T23L/sales/ieatgpc.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia.com/common/cab/ikcntrls.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dutch.local
O17 - HKLM\Software\..\Telephony: DomainName = dutch.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{A74347F4-7135-48EC-8940-CB2782DF1E1D}: NameServer = 10.10.10.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dutch.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dutch.local
O20 - AppInit_DLLs: c:\windows\system32\nisawoyi.dll c:\windows\system32\luwapeta.dll c:\windows\system32\revojime.dll c:\windows\system32\pewejima.dll c:\windows\system32\dineyata.dll c:\windows\system32\danujave.dll,tarowata.dll
O21 - SSODL: morifodin - {ca034450-3996-4302-91b0-84d6ce5cdf20} - c:\windows\system32\fanokogu.dll (file missing)
O21 - SSODL: kamepupos - {bc2924fa-b28c-413d-bb87-f620e288c73c} - c:\windows\system32\pewejima.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {ca034450-3996-4302-91b0-84d6ce5cdf20} - c:\windows\system32\fanokogu.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {bc2924fa-b28c-413d-bb87-f620e288c73c} - c:\windows\system32\pewejima.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {ce5a8866-1f73-4970-aff3-50e638ce1589} - (no file)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Cbeyond Secure Desktop\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Cbeyond Secure Desktop\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Cbeyond Secure Desktop\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Cbeyond Secure Desktop\ORSP Client\fsorsp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME\TomTomHOMEService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14346 bytes

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:13 AM

Posted 30 January 2010 - 09:48 AM

I apologize for the delay in responding. I am taking Chemo and recently found out that I have blood clots in my left leg. I am feeling better now and will work on your log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:13 AM

Posted 30 January 2010 - 05:21 PM

Is this a business computer?
If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?

I ask because I do not help in cleaning business or corporate computers or Windows Server editions, like Windows 2003, for several reasons:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:13 PM

Posted 11 February 2010 - 04:48 PM

Hi a-non-y-moose,

I will be helping you out since suebaby41 is not well at the moment, since it has been a while I would like to see some fresh log and also
please let me know any problems that you are still having.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following logs and tell me about any remaining problems:
  • log.txt
  • info.txt
Thanks

unite.jpg


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:13 PM

Posted 16 February 2010 - 11:47 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users