Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware unknown


  • Please log in to reply
43 replies to this topic

#1 Banjo09

Banjo09

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:53 PM

Posted 05 April 2010 - 02:24 PM

The maleware pops open new browser screens to various websites.
Won't let me start in Safe Mode.
Won't let me start Malwarebytes.

The gmer scan was interupted after about 3 hours or so with a screen message that said something like; "WARNING! GMER has found system change caused by Rootkit. Scan was stopped.

I saved the file even though it wasn't complete and started another scan with gmer.
In about 10 minutes I got a blue screen with the following info;
Page fault in a nonpaged area
techinical info
Stop: 0x00000050 (0xF946F018, 0x00000000, 0xF0213CF8, 0x00000000)
pxtdapow.sys
address F0213CF8, base at F0208000, date stamp 46274f8d




DDS (Ver_10-03-17.01) - NTFSx86
Run by TCI at 16:19:13.42 on Fri 04/02/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.564 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\TCI\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\TCI\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {97c6c48d-b4fd-4248-b50c-620d93c77d41} - jurumoku.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [wahunuyuwa] Rundll32.exe "ruludoji.dll",s
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [wahunuyuwa] Rundll32.exe "ruludoji.dll",s
mRun: [wigezewol] Rundll32.exe "c:\windows\system32\viriteda.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\purgedns.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} - file:///C:/DOCUME~1/TCI/LOCALS~1/Temp/IXP000.TMP/setup.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269898521984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll ravuhavu.dll c:\windows\system32\viriteda.dll
SSODL: kolatineh - {aafbf23a-f91b-4d27-87a9-e57357f2e982} - c:\windows\system32\viriteda.dll
STS: jugezatag: {aafbf23a-f91b-4d27-87a9-e57357f2e982} - c:\windows\system32\viriteda.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli ravuhavu.dll
IFEO: MpCmdRun.exe - c:\windows\system32\svchost.exe
IFEO: MSASCui.exe - c:\windows\system32\svchost.exe
IFEO: MsMpEng.exe - c:\windows\system32\svchost.exe
IFEO: msseces.exe - c:\windows\system32\svchost.exe

============= SERVICES / DRIVERS ===============

R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-1-13 206608]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-29 133104]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-1-13 206608]

=============== Created Last 30 ================

2010-04-02 22:18:38 0 ----a-w- c:\documents and settings\tci\defogger_reenable
2010-04-02 15:44:19 767952 ----a-w- c:\windows\BDTSupport.dll0403.old
2010-04-02 15:44:19 149456 ----a-w- c:\windows\SGDetectionTool.dll0403.old
2010-04-02 15:44:18 1652688 ----a-w- c:\windows\PCTBDCore.dll0403.old
2010-04-02 15:41:36 0 d-----w- c:\program files\Spyware Doctor
2010-04-02 15:34:40 699904 ----a-w- c:\windows\isRS-000.tmp
2010-03-30 14:22:59 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-03-30 14:22:58 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-29 22:13:25 0 d-----w- c:\docume~1\tci\applic~1\Office Genuine Advantage
2010-03-29 21:22:11 0 d-----w- c:\program files\MSECache
2010-03-29 21:17:56 25685128 ----a-w- c:\program files\wordview_en-us.exe
2010-03-24 14:46:30 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-03-23 14:38:41 0 d-----w- c:\windows\system32\XPSViewer
2010-03-23 14:37:34 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-23 14:37:34 117760 ------w- c:\windows\system32\prntvpt.dll
2010-03-23 14:37:33 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-23 14:37:33 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-03-23 14:37:33 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-03-23 14:37:33 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-03-23 14:37:33 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-03-23 14:37:33 0 d-----w- C:\134ca3d95850b073d76bf7ce
2010-03-19 22:14:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion
2010-03-15 16:12:47 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-04-02 18:58:25 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-30 06:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 06:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 20:09:17 873808 ----a-w- c:\program files\InstallManager_Sun_Sun.exe
2009-10-02 21:20:26 848712 ----a-w- c:\program files\avg_free_stb_all_8_32_cnet.exe
2008-02-13 19:10:57 3064631 ----a-w- c:\program files\FileZilla_3.0.6_win32-setup.exe
2008-02-13 19:06:46 3013211 ----a-w- c:\program files\FileZilla_3.0.5.2_win32-setup.exe
2006-09-18 21:38:10 8 --sh--r- c:\windows\system32\7E9DB2EAA0.sys
2010-01-01 22:55:36 92160 --sha-w- c:\windows\system32\biyedepu.dll
2010-01-02 13:46:56 61952 --sha-w- c:\windows\system32\dataheme.dll
2010-01-02 13:46:56 62464 --sha-w- c:\windows\system32\fujegifu.dll
2010-01-02 13:47:16 62464 --sha-w- c:\windows\system32\jurumoku.dll
2010-01-02 13:46:56 39424 --sha-w- c:\windows\system32\mamapome.dll
2010-01-01 22:55:36 39424 --sha-w- c:\windows\system32\puneromi.dll
2010-01-02 13:47:16 62464 --sha-w- c:\windows\system32\ruludoji.dll
2010-01-02 13:46:56 92160 --sha-w- c:\windows\system32\viriteda.dll
2008-09-24 14:52:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092420080925\index.dat

============= FINISH: 16:20:56.84 ===============

Attached Files


 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:04:53 PM

Posted 08 April 2010 - 04:21 PM

Banjo09,

Welcome to the Bleeping Computer Malware Removal Forum


Please download and run the following tool to help allow other programs to run. (Thanks to Grinler of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif





Now try Malwarebytes


Please download Malwarebytes from Here or Here
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:53 PM

Posted 08 April 2010 - 04:47 PM

Hi Thanks,
I tried rkill, it works still.
MBAM doesn't run. I just get a blip of the hour glass, then nothing.

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:04:53 PM

Posted 08 April 2010 - 04:58 PM

ok, try this.

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Now try Malwarebytes again, if still a no go then do this,




Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2







* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.



mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:53 PM

Posted 08 April 2010 - 05:11 PM

Still doesn't run MBAM. Will download Combo Fix. I have an appointment in a few minutes. I'll get back to this before dinner if I can.
Sorry to have to run. Thanks for the help!!!

Log pasted below:

exeHelper by Raktor
Build 20100329
Run at 16:04:46 on 04/08/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#6 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:53 PM

Posted 08 April 2010 - 06:54 PM

Here is the ComboFix log Pasted below:
I will paste a hijack this log next.
Thanks

ComboFix 10-04-07.04 - TCI 04/08/2010 16:20:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.514 [GMT -6:00]
Running from: c:\documents and settings\TCI\Desktop\BocomFx.exe
.
PEV Error: UserFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\windows\system32\dizagiji.dll
c:\windows\system32\dujujewo.dll
c:\windows\system32\gimujuri.dll
c:\windows\system32\gomopiwe.dll
c:\windows\system32\kidamore.dll
c:\windows\system32\mamapome.dll
c:\windows\system32\nanenipu.dll
c:\windows\system32\niyihese.dll
c:\windows\system32\puneromi.dll
c:\windows\system32\ravuhavu.dll
c:\windows\system32\ruludoji.dll
c:\windows\system32\vafedewe.dll
c:\windows\system32\vovuzidi.dll
c:\windows\Tasks\zaefyiob.job

.
((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-02 22:08 . 2010-04-02 22:08 -------- d-----w- c:\documents and settings\admin\Application Data\Research In Motion
2010-04-02 22:07 . 2010-04-02 22:07 -------- d-----w- c:\documents and settings\admin\Application Data\Windows Desktop Search
2010-04-02 22:07 . 2010-04-02 22:07 -------- d-----w- c:\documents and settings\admin\Application Data\InstallShield
2010-04-02 15:41 . 2010-04-02 16:31 -------- d-----w- c:\program files\Spyware Doctor
2010-03-30 14:22 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-29 22:13 . 2010-03-29 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-03-29 22:13 . 2010-03-29 22:13 -------- d-----w- c:\documents and settings\TCI\Application Data\Office Genuine Advantage
2010-03-29 21:22 . 2010-03-29 21:32 -------- d-----w- c:\program files\MSECache
2010-03-29 21:17 . 2010-03-29 21:18 25685128 ----a-w- c:\program files\wordview_en-us.exe
2010-03-23 14:38 . 2010-03-23 14:38 -------- d-----w- c:\windows\system32\XPSViewer
2010-03-23 14:38 . 2010-03-23 14:38 -------- d-----w- c:\program files\MSBuild
2010-03-23 14:38 . 2010-03-23 14:38 -------- d-----w- c:\program files\Reference Assemblies
2010-03-23 14:37 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-03-23 14:37 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-23 14:37 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-03-23 14:37 . 2010-03-23 14:38 -------- d-----w- C:\134ca3d95850b073d76bf7ce
2010-03-23 14:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-03-23 14:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-03-23 14:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-03-23 14:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-03-23 14:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-03-23 14:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-19 22:14 . 2010-03-19 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-03-15 16:12 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 23:43 . 2007-12-21 16:41 256 ----a-w- c:\windows\system32\pool.bin
2010-04-08 20:57 . 2006-09-16 15:35 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-07 19:42 . 2007-05-24 20:33 -------- d-----w- c:\documents and settings\TCI\Application Data\gtk-2.0
2010-04-02 16:30 . 2010-01-06 23:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-02 15:34 . 2010-04-02 15:34 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-02 15:34 . 2010-01-11 19:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 22:59 . 2008-01-11 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-30 06:46 . 2010-01-11 19:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 06:45 . 2010-01-11 19:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 22:02 . 2006-09-07 13:11 -------- d-----w- c:\program files\Microsoft Works
2010-03-23 17:00 . 2006-09-26 14:25 96080 ----a-w- c:\documents and settings\TCI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-23 15:07 . 2010-01-12 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-19 22:55 . 2006-09-07 13:00 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-03-19 22:55 . 2006-09-07 13:08 -------- d-----w- c:\program files\Roxio
2010-03-19 22:54 . 2007-12-21 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-03-19 22:54 . 2006-09-07 13:00 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-19 22:17 . 2007-12-21 16:27 -------- d-----w- c:\program files\Research In Motion
2010-03-19 22:13 . 2007-12-21 16:27 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-03-17 14:25 . 2010-03-17 14:25 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-17 14:25 . 2010-03-17 14:25 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-17 14:25 . 2010-03-17 14:25 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-17 14:25 . 2010-03-17 14:25 161800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2010-03-11 12:38 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 22:00 17408 ------w- c:\windows\system32\corpol.dll
2010-01-13 20:59 . 2010-01-13 20:59 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-12 18:06 . 2010-01-12 18:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-11 19:20 . 2010-01-11 19:20 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-21 20:09 . 2009-10-21 20:09 873808 ----a-w- c:\program files\InstallManager_Sun_Sun.exe
2009-10-02 21:20 . 2009-10-02 21:20 848712 ----a-w- c:\program files\avg_free_stb_all_8_32_cnet.exe
2008-02-13 19:10 . 2008-02-13 19:09 3064631 ----a-w- c:\program files\FileZilla_3.0.6_win32-setup.exe
2008-02-13 19:06 . 2008-02-13 19:06 3013211 ----a-w- c:\program files\FileZilla_3.0.5.2_win32-setup.exe
2006-09-18 21:38 . 2006-09-18 21:38 8 --sh--r- c:\windows\system32\7E9DB2EAA0.sys
2010-01-01 22:55 . 2010-01-01 22:55 92160 --sha-w- c:\windows\system32\biyedepu.dll
2010-01-02 13:46 . 2010-01-02 13:46 62464 --sha-w- c:\windows\system32\fujegifu.dll
2010-01-01 22:50 . 2010-01-01 22:50 61952 --sha-w- c:\windows\system32\hididofu.dll.tmp
2010-01-02 13:47 . 2010-01-02 13:47 62464 --sha-w- c:\windows\system32\jurumoku.dll
2010-01-07 15:12 . 2010-01-07 15:12 61952 --sha-w- c:\windows\system32\riwakabe.dll
2010-01-03 01:45 . 2010-01-03 01:45 92160 --sha-w- c:\windows\system32\rulisofo.dll
2010-01-07 15:12 . 2010-01-07 15:12 92160 --sha-w- c:\windows\system32\sehajiwi.dll
2010-01-02 13:46 . 2010-01-02 13:46 92160 --sha-w- c:\windows\system32\viriteda.dll
2010-01-01 22:50 . 2010-01-01 22:50 61952 --sha-w- c:\windows\system32\yesigoju.dll.tmp
2010-01-01 22:50 . 2010-01-01 22:50 61952 --sha-w- c:\windows\system32\yetazesu.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97c6c48d-b4fd-4248-b50c-620d93c77d41}]
2010-01-02 13:47 62464 --sha-w- c:\windows\system32\jurumoku.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 77892]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-25 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"wigezewol"="c:\windows\system32\sehajiwi.dll" [2010-01-07 92160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-25 1819992]
purgedns.bat [2006-10-24 104]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-9-14 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{fb830376-a87e-4eb9-ad37-506c182f0523}"= "c:\windows\system32\viriteda.dll" [2010-01-02 92160]
"{aab97e50-95d4-4790-9430-59c233b9606d}"= "c:\windows\system32\sehajiwi.dll" [2010-01-07 92160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gatuyihay"= {fb830376-a87e-4eb9-ad37-506c182f0523} - c:\windows\system32\viriteda.dll [2010-01-02 92160]
"mezazimur"= {aab97e50-95d4-4790-9430-59c233b9606d} - c:\windows\system32\sehajiwi.dll [2010-01-07 92160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\viriteda.dll c:\windows\system32\sehajiwi.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-09-07 13:08 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 12:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-09-07 13:02 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe"=

R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [1/13/2010 3:06 PM 206608]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/29/2009 11:37 AM 133104]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [1/13/2010 3:06 PM 206608]
.
Contents of the 'Scheduled Tasks' folder

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 17:37]

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 17:37]

2006-09-14 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} - file:///C:/DOCUME~1/TCI/LOCALS~1/Temp/IXP000.TMP/setup.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-wahunuyuwa - ruludoji.dll
HKLM-Run-wahunuyuwa - ruludoji.dll
SharedTaskScheduler-{06d0d36c-3552-4f30-ba0f-184efbb37410} - c:\windows\system32\kapidapu.dll
SharedTaskScheduler-{bc1a473e-29cf-4be3-a610-e44d681bcdab} - c:\windows\system32\gimujuri.dll
SharedTaskScheduler-{2c96e7b5-d7c8-4368-9b0c-0e8a0a10c8b1} - c:\windows\system32\gimujuri.dll
SharedTaskScheduler-{97faa765-c497-43da-bc72-0d2a5400014e} - c:\windows\system32\gimujuri.dll
SharedTaskScheduler-{da05d1ca-ea1a-4f48-b40a-a3a9c7b44de3} - c:\windows\system32\gimujuri.dll
SharedTaskScheduler-{ebf1cf89-e9cb-4629-8d82-a4205b9c675e} - c:\windows\system32\niyihese.dll
SharedTaskScheduler-{c5582130-df4b-4f8f-9591-6619b770fe98} - c:\windows\system32\niyihese.dll
SSODL-zejokesig-{06d0d36c-3552-4f30-ba0f-184efbb37410} - c:\windows\system32\kapidapu.dll
SSODL-mitusupiy-{bc1a473e-29cf-4be3-a610-e44d681bcdab} - c:\windows\system32\gimujuri.dll
SSODL-vatupirus-{2c96e7b5-d7c8-4368-9b0c-0e8a0a10c8b1} - c:\windows\system32\gimujuri.dll
SSODL-mokinofum-{97faa765-c497-43da-bc72-0d2a5400014e} - c:\windows\system32\gimujuri.dll
SSODL-fojegewew-{da05d1ca-ea1a-4f48-b40a-a3a9c7b44de3} - c:\windows\system32\gimujuri.dll
SSODL-koveviluh-{ebf1cf89-e9cb-4629-8d82-a4205b9c675e} - c:\windows\system32\niyihese.dll
SSODL-golisibaz-{c5582130-df4b-4f8f-9591-6619b770fe98} - c:\windows\system32\niyihese.dll
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
MSConfigStartUp-MMTray - c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 17:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\WININET.dll
c:\windows\system32\viriteda.dll
c:\windows\system32\sehajiwi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-04-08 17:49:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-08 23:49

Pre-Run: 45,526,900,736 bytes free
Post-Run: 48,018,120,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CDBF9556711FCA8FD4EB8FC15821AA58

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#7 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:53 PM

Posted 08 April 2010 - 06:57 PM

Where do I find Hijack This?
Thanks

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#8 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:53 PM

Posted 08 April 2010 - 06:58 PM

I have gmer if it is the same...

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#9 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:04:53 PM

Posted 08 April 2010 - 07:03 PM

Hi,

I don't believe I need GMER right now, but I may so hang on to it.

There are other files to remove on Combofix, but lets see if Malwarebytes can remove them, you should be able to run Malwarebytes now.

Run it and post the report , then run this program, part of it will run Hijackthis.




  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#10 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:53 PM

Posted 08 April 2010 - 07:09 PM

I came back with the Hijackthis log and see your new message.
Here is the current Hijackthis log, I'll run MB then come back.
Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:45 PM, on 4/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\PC Medkit\2.3.0.7\PCMedkit.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15557&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {97c6c48d-b4fd-4248-b50c-620d93c77d41} - jurumoku.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [wigezewol] Rundll32.exe "c:\windows\system32\viriteda.dll",a
O4 - HKLM\..\Run: [wahunuyuwa] Rundll32.exe "ruludoji.dll",s
O4 - HKLM\..\Run: [PC Medkit] "C:\Program Files\PC Medkit\2.3.0.7\PCMedkit.exe" --start-trayed
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: purgedns.bat
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - file:///C:/DOCUME~1/TCI/LOCALS~1/Temp/IXP000.TMP/setup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1269898521984
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O20 - AppInit_DLLs: c:\windows\system32\viriteda.dll c:\windows\system32\sehajiwi.dll,ravuhavu.dll
O21 - SSODL: gatuyihay - {fb830376-a87e-4eb9-ad37-506c182f0523} - c:\windows\system32\viriteda.dll
O21 - SSODL: mezazimur - {aab97e50-95d4-4790-9430-59c233b9606d} - c:\windows\system32\viriteda.dll
O22 - SharedTaskScheduler: tokatiluy - {fb830376-a87e-4eb9-ad37-506c182f0523} - c:\windows\system32\viriteda.dll
O22 - SharedTaskScheduler: mujuzedij - {aab97e50-95d4-4790-9430-59c233b9606d} - c:\windows\system32\viriteda.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 10400 bytes

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#11 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:53 PM

Posted 08 April 2010 - 07:13 PM

Still can't get MB to open. Will download and use RSIT

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#12 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:53 PM

Posted 08 April 2010 - 07:16 PM

RSIT log txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by TCI at 2010-04-08 18:14:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (63%) free of 73 GB
Total RAM: 1022 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:40 PM, on 4/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\PC Medkit\2.3.0.7\PCMedkit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\TCI\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\TCI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15557&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {97c6c48d-b4fd-4248-b50c-620d93c77d41} - jurumoku.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [wigezewol] Rundll32.exe "c:\windows\system32\viriteda.dll",a
O4 - HKLM\..\Run: [wahunuyuwa] Rundll32.exe "ruludoji.dll",s
O4 - HKLM\..\Run: [PC Medkit] "C:\Program Files\PC Medkit\2.3.0.7\PCMedkit.exe" --start-trayed
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: purgedns.bat
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - file:///C:/DOCUME~1/TCI/LOCALS~1/Temp/IXP000.TMP/setup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1269898521984
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O20 - AppInit_DLLs: c:\windows\system32\viriteda.dll c:\windows\system32\sehajiwi.dll,ravuhavu.dll
O21 - SSODL: gatuyihay - {fb830376-a87e-4eb9-ad37-506c182f0523} - c:\windows\system32\viriteda.dll
O21 - SSODL: mezazimur - {aab97e50-95d4-4790-9430-59c233b9606d} - c:\windows\system32\viriteda.dll
O22 - SharedTaskScheduler: tokatiluy - {fb830376-a87e-4eb9-ad37-506c182f0523} - c:\windows\system32\viriteda.dll
O22 - SharedTaskScheduler: mujuzedij - {aab97e50-95d4-4790-9430-59c233b9606d} - c:\windows\system32\viriteda.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 10431 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\PC Medkit.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97c6c48d-b4fd-4248-b50c-620d93c77d41}]
jurumoku.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2007-05-08 757760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-07-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll [2008-12-05 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2007-05-08 757760]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll [2008-12-05 83800]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-10 282624]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2008-10-24 206112]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2008-10-24 79136]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-07-12 1117184]
"QuickFinder Scheduler"=C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [2006-07-04 77892]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2010-03-25 648536]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-07-08 236016]
"wigezewol"=c:\windows\system32\viriteda.dll [2010-01-02 92160]
"wahunuyuwa"=ruludoji.dll,s []
"PC Medkit"=C:\Program Files\PC Medkit\2.3.0.7\PCMedkit.exe [2010-03-29 832992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-31 68856]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-09-07 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-09-07 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
purgedns.bat
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\viriteda.dll c:\windows\system32\sehajiwi.dll,ravuhavu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
gatuyihay - {fb830376-a87e-4eb9-ad37-506c182f0523} - c:\windows\system32\viriteda.dll [2010-01-02 92160]
mezazimur - {aab97e50-95d4-4790-9430-59c233b9606d} - c:\windows\system32\viriteda.dll [2010-01-02 92160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
tokatiluy - {fb830376-a87e-4eb9-ad37-506c182f0523} - c:\windows\system32\viriteda.dll [2010-01-02 92160]
mujuzedij - {aab97e50-95d4-4790-9430-59c233b9606d} - c:\windows\system32\viriteda.dll [2010-01-02 92160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ravuhavu.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe"="C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Disabled:MediaManager9 Module"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Disabled:RoxioUPnPRenderer9"
"C:\Program Files\Windows Desktop Search\WindowsSearch.exe"="C:\Program Files\Windows Desktop Search\WindowsSearch.exe:*:Disabled:WindowsSearch"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"

======List of files/folders created in the last 2 months======

2010-04-08 18:14:36 ----D---- C:\rsit
2010-04-08 18:03:04 ----D---- C:\Program Files\Ask.com
2010-04-08 18:02:58 ----D---- C:\Documents and Settings\TCI\Application Data\Blitware
2010-04-08 18:02:55 ----D---- C:\Program Files\PC Medkit
2010-04-08 17:49:55 ----A---- C:\ComboFix.txt
2010-04-08 16:18:25 ----A---- C:\Boot.bak
2010-04-08 16:18:13 ----RASHD---- C:\cmdcons
2010-04-08 16:17:14 ----A---- C:\WINDOWS\zip.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\SWSC.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\SWREG.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\sed.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\PEV.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\MBR.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\grep.exe
2010-04-08 16:17:05 ----D---- C:\WINDOWS\ERDNT
2010-04-08 16:16:12 ----D---- C:\Qoobox
2010-04-02 09:44:19 ----A---- C:\WINDOWS\SGDetectionTool.dll0403.old
2010-04-02 09:44:19 ----A---- C:\WINDOWS\BDTSupport.dll0403.old
2010-04-02 09:44:18 ----A---- C:\WINDOWS\PCTBDCore.dll0403.old
2010-04-02 09:41:36 ----D---- C:\Program Files\Spyware Doctor
2010-04-02 09:34:40 ----A---- C:\WINDOWS\isRS-000.tmp
2010-03-30 08:22:59 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-03-30 08:22:58 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-03-29 16:13:27 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-03-29 16:13:25 ----D---- C:\Documents and Settings\TCI\Application Data\Office Genuine Advantage
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\zh-TW
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\zh-HK
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\tr-TR
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\sv-SE
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\pt-BR
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\nl-NL
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\nb-NO
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\ko-KR
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\it-IT
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\he-IL
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\fr-FR
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\fi-FI
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\es-ES
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\el-GR
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\de-DE
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\da-DK
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\ar-SA
2010-03-29 15:22:11 ----D---- C:\Program Files\MSECache
2010-03-29 15:17:56 ----A---- C:\Program Files\wordview_en-us.exe
2010-03-24 17:07:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-03-23 08:38:41 ----D---- C:\WINDOWS\system32\XPSViewer
2010-03-23 08:38:34 ----D---- C:\Program Files\MSBuild
2010-03-23 08:38:19 ----D---- C:\Program Files\Reference Assemblies
2010-03-23 08:37:34 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-03-23 08:37:33 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-03-23 08:37:33 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-03-23 08:37:33 ----D---- C:\134ca3d95850b073d76bf7ce
2010-03-19 16:14:17 ----D---- C:\Documents and Settings\All Users\Application Data\Research In Motion
2010-03-15 17:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-02-24 17:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-10 18:33:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 18:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 18:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 18:30:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 18:30:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 18:30:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 18:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 18:30:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 18:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 2 months======

2010-04-08 18:14:21 ----D---- C:\WINDOWS\Prefetch
2010-04-08 18:06:35 ----D---- C:\Program Files\Trend Micro
2010-04-08 18:03:10 ----SHD---- C:\WINDOWS\Installer
2010-04-08 18:03:07 ----SD---- C:\WINDOWS\Tasks
2010-04-08 18:03:04 ----RD---- C:\Program Files
2010-04-08 17:49:58 ----D---- C:\WINDOWS\system32\drivers
2010-04-08 17:49:57 ----D---- C:\WINDOWS\Temp
2010-04-08 17:48:47 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-08 17:43:28 ----D---- C:\WINDOWS
2010-04-08 17:43:28 ----A---- C:\WINDOWS\system.ini
2010-04-08 16:33:54 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2010-04-08 16:33:48 ----A---- C:\WINDOWS\ModemLog_Verizon Wireless Phone HS (1xRTT).txt
2010-04-08 16:31:12 ----D---- C:\WINDOWS\system32\config
2010-04-08 16:27:12 ----D---- C:\WINDOWS\system32
2010-04-08 16:25:26 ----D---- C:\WINDOWS\AppPatch
2010-04-08 16:25:20 ----D---- C:\Program Files\Common Files
2010-04-08 16:18:25 ----RASH---- C:\boot.ini
2010-04-08 16:17:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-08 14:57:41 ----D---- C:\WINDOWS\system32\FxsTmp
2010-04-08 14:57:30 ----A---- C:\WINDOWS\hpbafd.ini
2010-04-08 09:36:49 ----SD---- C:\Documents and Settings\TCI\Application Data\Microsoft
2010-04-07 13:42:54 ----D---- C:\Documents and Settings\TCI\Application Data\gtk-2.0
2010-04-05 13:04:24 ----D---- C:\WINDOWS\Minidump
2010-04-02 16:28:29 ----D---- C:\unzipped
2010-04-02 16:07:35 ----A---- C:\WINDOWS\OEWABLog.txt
2010-04-02 10:30:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-02 09:49:19 ----D---- C:\WINDOWS\WinSxS
2010-04-02 09:34:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-31 17:04:34 ----HD---- C:\WINDOWS\inf
2010-03-31 17:04:26 ----SHD---- C:\WINDOWS\system32\dllcache
2010-03-31 17:04:24 ----D---- C:\WINDOWS\system32\en-US
2010-03-31 17:04:24 ----D---- C:\Program Files\Internet Explorer
2010-03-31 17:04:13 ----D---- C:\WINDOWS\ie7updates
2010-03-31 09:35:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-30 16:59:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-03-29 16:02:04 ----D---- C:\Program Files\Microsoft Works
2010-03-29 15:59:38 ----RSD---- C:\WINDOWS\assembly
2010-03-29 15:58:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-29 15:56:16 ----A---- C:\WINDOWS\win.ini
2010-03-29 15:35:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-29 15:22:42 ----D---- C:\Program Files\Microsoft Office
2010-03-26 16:31:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-25 09:36:17 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-24 17:10:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-24 17:08:04 ----A---- C:\WINDOWS\imsins.BAK
2010-03-24 17:07:59 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-23 09:07:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-03-23 08:38:27 ----RSD---- C:\WINDOWS\Fonts
2010-03-23 08:37:56 ----D---- C:\WINDOWS\system32\spool
2010-03-19 16:55:30 ----D---- C:\Program Files\Common Files\Roxio Shared
2010-03-19 16:55:16 ----D---- C:\Program Files\Roxio
2010-03-19 16:54:34 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2010-03-19 16:54:33 ----D---- C:\Program Files\Common Files\Sonic Shared
2010-03-19 16:25:26 ----D---- C:\WINDOWS\security
2010-03-19 16:17:08 ----D---- C:\Program Files\Research In Motion
2010-03-19 16:13:57 ----D---- C:\Program Files\Common Files\Research In Motion
2010-03-15 17:25:00 ----D---- C:\Program Files\Movie Maker
2010-03-11 06:38:54 ----N---- C:\WINDOWS\system32\wininet.dll
2010-03-11 06:38:54 ----A---- C:\WINDOWS\system32\webcheck.dll
2010-03-11 06:38:54 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-03-11 06:38:53 ----N---- C:\WINDOWS\system32\occache.dll
2010-03-11 06:38:53 ----N---- C:\WINDOWS\system32\mstime.dll
2010-03-11 06:38:53 ----N---- C:\WINDOWS\system32\msrating.dll
2010-03-11 06:38:53 ----N---- C:\WINDOWS\system32\mshtmled.dll
2010-03-11 06:38:53 ----N---- C:\WINDOWS\system32\mshtml.dll
2010-03-11 06:38:53 ----A---- C:\WINDOWS\system32\url.dll
2010-03-11 06:38:53 ----A---- C:\WINDOWS\system32\pngfilt.dll
2010-03-11 06:38:53 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-03-11 06:38:53 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-03-11 06:38:52 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-03-11 06:38:52 ----N---- C:\WINDOWS\system32\iernonce.dll
2010-03-11 06:38:52 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-03-11 06:38:52 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-03-11 06:38:52 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-03-11 06:38:52 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\ieaksie.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\ieakeng.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\extmgr.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\dxtrans.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\corpol.dll
2010-03-11 06:38:51 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2010-03-11 06:38:51 ----A---- C:\WINDOWS\system32\icardie.dll
2010-03-11 06:38:51 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2010-03-11 06:38:51 ----A---- C:\WINDOWS\system32\advpack.dll
2010-03-10 07:18:21 ----A---- C:\WINDOWS\system32\ieudinit.exe
2010-03-10 07:18:20 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-02-22 23:18:28 ----N---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-09-07 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-03 1273344]
R3 catchme;catchme; \??\C:\BocomFx\catchme.sys []
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224]
R3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\TCI\LOCALS~1\Temp\mbr.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-03 380928]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-29 133104]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-07-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-07-08 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-07 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-07-08 1108464]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


RSIT info txt:

info.txt logfile of random's system information tool 1.06 2010-04-08 18:14:42

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /I{F5BDF2BB-C990-4351-A05B-B2243D4037D4}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /i{F5BDF2BB-C990-4351-A05B-B2243D4037D4}
BlackBerry® Media Sync-->MsiExec.exe /X{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Software Uninstall-->C:\Program Files\Dell_HostCD\Install\x86\Uninstall.exe
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
FileZilla Client 3.0.9.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.1.249.1045\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTK+ 2.10.6-1 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Outlook 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKR /dll OSETUP.DLL
Microsoft Office Outlook 2007-->MsiExec.exe /X{91120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSN Toolbar-->MsiExec.exe /I{7C7D6EC8-F8CC-4B13-AF27-0A9D51EE4E40}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PC Medkit-->"C:\Program Files\PC Medkit\2.3.0.7\unins000.exe"
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5421.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5421.exe" -hu _?=C:\Program Files\PDFCreator Toolbar
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Rapattoni MLS PDF Creator-->MsiExec.exe /I{691652E3-D900-49C8-843B-2EB459A13653}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Media Manager-->MsiExec.exe /X{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
The GIMP 2.2.14-->"C:\Program Files\GIMP-2.0\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Outlook 2007 Junk Email Filter (kb979895)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VZAccess Manager for RIM-->MsiExec.exe /X{41E993EE-14C3-413D-A922-4A941AB2BCC1}
Windows Desktop Search 3.01-->"C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordPerfect Office X3-->MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}
YouSendIt Plug-in for Outlook-->"C:\Program Files\InstallShield Installation Information\{20DFF861-31EE-41F6-98D5-0A992AE7D116}\setup.exe" -runfromtemp -l0x0409 -removeonly
YouSendIt Plug-in for Outlook-->MsiExec.exe /X{20DFF861-31EE-41F6-98D5-0A992AE7D116}

======System event log======

Computer Name: E07
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 25978
Source Name: DCOM
Time Written: 20100112105809.000000-420
Event Type: error
User: E07\TCI

Computer Name: E07
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 25977
Source Name: DCOM
Time Written: 20100112105809.000000-420
Event Type: error
User: E07\TCI

Computer Name: E07
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 25976
Source Name: DCOM
Time Written: 20100112105809.000000-420
Event Type: error
User: E07\TCI

Computer Name: E07
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 25975
Source Name: DCOM
Time Written: 20100112105809.000000-420
Event Type: error
User: E07\TCI

Computer Name: E07
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 25974
Source Name: DCOM
Time Written: 20100112105809.000000-420
Event Type: error
User: E07\TCI

=====Application event log=====

Computer Name: E07
Event Code: 1000
Message: Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Record Number: 8992
Source Name: Application Error
Time Written: 20100107084538.000000-420
Event Type: error
User:

Computer Name: E07
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16945, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0000e843.

Record Number: 8988
Source Name: Application Error
Time Written: 20100107082854.000000-420
Event Type: error
User:

Computer Name: E07
Event Code: 1000
Message: Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Record Number: 8971
Source Name: Application Error
Time Written: 20100107081203.000000-420
Event Type: error
User:

Computer Name: E07
Event Code: 1000
Message: Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Record Number: 8970
Source Name: Application Error
Time Written: 20100107081158.000000-420
Event Type: error
User:

Computer Name: E07
Event Code: 1517
Message: Windows saved user E07\TCI registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 8968
Source Name: Userenv
Time Written: 20100106171945.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#13 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:04:53 PM

Posted 08 April 2010 - 07:42 PM

Hello Banjo,

How did you pick the log on name, do you play the banjo ?


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: (no name) - {97c6c48d-b4fd-4248-b50c-620d93c77d41} - jurumoku.dll (file missing)

O4 - HKLM\..\Run: [wigezewol] Rundll32.exe "c:\windows\system32\viriteda.dll",a
O4 - HKLM\..\Run: [wahunuyuwa] Rundll32.exe "ruludoji.dll",s
O4 - Global Startup: purgedns.bat

O20 - AppInit_DLLs: c:\windows\system32\viriteda.dll c:\windows\system32\sehajiwi.dll,ravuhavu.dll

O21 - SSODL: gatuyihay - {fb830376-a87e-4eb9-ad37-506c182f0523} - c:\windows\system32\viriteda.dll
O21 - SSODL: mezazimur - {aab97e50-95d4-4790-9430-59c233b9606d} - c:\windows\system32\viriteda.dll

O22 - SharedTaskScheduler: tokatiluy - {fb830376-a87e-4eb9-ad37-506c182f0523} - c:\windows\system32\viriteda.dll
O22 - SharedTaskScheduler: mujuzedij - {aab97e50-95d4-4790-9430-59c233b9606d} - c:\windows\system32\viriteda.dll





Reboot to Safemode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode



Now try and run Malwarebytes again. If no luck, then run RSIT and post a new log please

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#14 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:53 PM

Posted 08 April 2010 - 11:02 PM

Banjo is my faithful dog. I do play guitar a little though!
When I get to work tomorrow morning I'll do the scan and post.
I couldn't start in safe mode after I got this infection, hopefully it will tomorrow.
Thanks

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#15 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:53 PM

Posted 09 April 2010 - 10:31 AM

Ran Hijackthis, removed said files. Couldn't boot in Safe Mode. Couldn't run MBAM.

RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by TCI at 2010-04-09 09:26:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (63%) free of 73 GB
Total RAM: 1022 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:04 AM, on 4/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\PC Medkit\2.3.0.7\PCMedkit.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\TCI\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\TCI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15557&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PC Medkit] "C:\Program Files\PC Medkit\2.3.0.7\PCMedkit.exe" --start-trayed
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - file:///C:/DOCUME~1/TCI/LOCALS~1/Temp/IXP000.TMP/setup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1269898521984
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 9435 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\PC Medkit.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2007-05-08 757760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-07-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll [2008-12-05 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2007-05-08 757760]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0989.0\msneshellx.dll [2008-12-05 83800]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-10 282624]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2008-10-24 206112]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2008-10-24 79136]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-07-12 1117184]
"QuickFinder Scheduler"=C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [2006-07-04 77892]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2010-03-25 648536]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-07-08 236016]
"PC Medkit"=C:\Program Files\PC Medkit\2.3.0.7\PCMedkit.exe [2010-03-29 832992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-31 68856]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2008-10-24 206112]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-09-07 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-09-07 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ravuhavu.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe"="C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Disabled:MediaManager9 Module"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Disabled:RoxioUPnPRenderer9"
"C:\Program Files\Windows Desktop Search\WindowsSearch.exe"="C:\Program Files\Windows Desktop Search\WindowsSearch.exe:*:Disabled:WindowsSearch"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"

======List of files/folders created in the last 2 months======

2010-04-08 18:14:36 ----D---- C:\rsit
2010-04-08 18:03:04 ----D---- C:\Program Files\Ask.com
2010-04-08 18:02:58 ----D---- C:\Documents and Settings\TCI\Application Data\Blitware
2010-04-08 18:02:55 ----D---- C:\Program Files\PC Medkit
2010-04-08 17:49:55 ----A---- C:\ComboFix.txt
2010-04-08 16:18:25 ----A---- C:\Boot.bak
2010-04-08 16:18:13 ----RASHD---- C:\cmdcons
2010-04-08 16:17:14 ----A---- C:\WINDOWS\zip.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\SWSC.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\SWREG.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\sed.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\PEV.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\MBR.exe
2010-04-08 16:17:14 ----A---- C:\WINDOWS\grep.exe
2010-04-08 16:17:05 ----D---- C:\WINDOWS\ERDNT
2010-04-08 16:16:12 ----D---- C:\Qoobox
2010-04-02 09:44:19 ----A---- C:\WINDOWS\SGDetectionTool.dll0403.old
2010-04-02 09:44:19 ----A---- C:\WINDOWS\BDTSupport.dll0403.old
2010-04-02 09:44:18 ----A---- C:\WINDOWS\PCTBDCore.dll0403.old
2010-04-02 09:41:36 ----D---- C:\Program Files\Spyware Doctor
2010-04-02 09:34:40 ----A---- C:\WINDOWS\isRS-000.tmp
2010-03-30 08:22:59 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-03-30 08:22:58 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-03-29 16:13:27 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-03-29 16:13:25 ----D---- C:\Documents and Settings\TCI\Application Data\Office Genuine Advantage
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\zh-TW
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\zh-HK
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\tr-TR
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\sv-SE
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\pt-BR
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\nl-NL
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\nb-NO
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\ko-KR
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\it-IT
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\he-IL
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\fr-FR
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\fi-FI
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\es-ES
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\el-GR
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\de-DE
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\da-DK
2010-03-29 16:00:37 ----D---- C:\WINDOWS\system32\ar-SA
2010-03-29 15:22:11 ----D---- C:\Program Files\MSECache
2010-03-29 15:17:56 ----A---- C:\Program Files\wordview_en-us.exe
2010-03-24 17:07:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-03-23 08:38:41 ----D---- C:\WINDOWS\system32\XPSViewer
2010-03-23 08:38:34 ----D---- C:\Program Files\MSBuild
2010-03-23 08:38:19 ----D---- C:\Program Files\Reference Assemblies
2010-03-23 08:37:34 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-03-23 08:37:33 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-03-23 08:37:33 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-03-23 08:37:33 ----D---- C:\134ca3d95850b073d76bf7ce
2010-03-19 16:14:17 ----D---- C:\Documents and Settings\All Users\Application Data\Research In Motion
2010-03-15 17:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-02-24 17:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-10 18:33:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 18:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 18:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 18:30:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 18:30:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 18:30:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 18:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 18:30:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 18:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 2 months======

2010-04-09 09:25:46 ----D---- C:\WINDOWS\Prefetch
2010-04-09 09:24:59 ----D---- C:\WINDOWS\Temp
2010-04-09 09:23:39 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2010-04-09 09:23:33 ----A---- C:\WINDOWS\ModemLog_Verizon Wireless Phone HS (1xRTT).txt
2010-04-09 09:21:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-09 09:13:17 ----D---- C:\WINDOWS\system32
2010-04-09 08:59:30 ----A---- C:\WINDOWS\hpbafd.ini
2010-04-08 18:33:08 ----D---- C:\unzipped
2010-04-08 18:06:35 ----D---- C:\Program Files\Trend Micro
2010-04-08 18:03:10 ----SHD---- C:\WINDOWS\Installer
2010-04-08 18:03:07 ----SD---- C:\WINDOWS\Tasks
2010-04-08 18:03:04 ----RD---- C:\Program Files
2010-04-08 17:49:58 ----D---- C:\WINDOWS\system32\drivers
2010-04-08 17:48:47 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-08 17:43:28 ----D---- C:\WINDOWS
2010-04-08 17:43:28 ----A---- C:\WINDOWS\system.ini
2010-04-08 16:31:12 ----D---- C:\WINDOWS\system32\config
2010-04-08 16:25:26 ----D---- C:\WINDOWS\AppPatch
2010-04-08 16:25:20 ----D---- C:\Program Files\Common Files
2010-04-08 16:18:25 ----RASH---- C:\boot.ini
2010-04-08 14:57:41 ----D---- C:\WINDOWS\system32\FxsTmp
2010-04-08 09:36:49 ----SD---- C:\Documents and Settings\TCI\Application Data\Microsoft
2010-04-07 13:42:54 ----D---- C:\Documents and Settings\TCI\Application Data\gtk-2.0
2010-04-05 13:04:24 ----D---- C:\WINDOWS\Minidump
2010-04-02 16:07:35 ----A---- C:\WINDOWS\OEWABLog.txt
2010-04-02 10:30:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-02 09:49:19 ----D---- C:\WINDOWS\WinSxS
2010-04-02 09:34:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-31 17:04:34 ----HD---- C:\WINDOWS\inf
2010-03-31 17:04:26 ----SHD---- C:\WINDOWS\system32\dllcache
2010-03-31 17:04:24 ----D---- C:\WINDOWS\system32\en-US
2010-03-31 17:04:24 ----D---- C:\Program Files\Internet Explorer
2010-03-31 17:04:13 ----D---- C:\WINDOWS\ie7updates
2010-03-31 09:35:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-30 16:59:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-03-29 16:02:04 ----D---- C:\Program Files\Microsoft Works
2010-03-29 15:59:38 ----RSD---- C:\WINDOWS\assembly
2010-03-29 15:58:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-29 15:56:16 ----A---- C:\WINDOWS\win.ini
2010-03-29 15:35:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-29 15:22:42 ----D---- C:\Program Files\Microsoft Office
2010-03-26 16:31:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-25 09:36:17 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-24 17:10:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-24 17:08:04 ----A---- C:\WINDOWS\imsins.BAK
2010-03-24 17:07:59 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-23 09:07:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-03-23 08:38:27 ----RSD---- C:\WINDOWS\Fonts
2010-03-23 08:37:56 ----D---- C:\WINDOWS\system32\spool
2010-03-19 16:55:30 ----D---- C:\Program Files\Common Files\Roxio Shared
2010-03-19 16:55:16 ----D---- C:\Program Files\Roxio
2010-03-19 16:54:34 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2010-03-19 16:54:33 ----D---- C:\Program Files\Common Files\Sonic Shared
2010-03-19 16:25:26 ----D---- C:\WINDOWS\security
2010-03-19 16:17:08 ----D---- C:\Program Files\Research In Motion
2010-03-19 16:13:57 ----D---- C:\Program Files\Common Files\Research In Motion
2010-03-15 17:25:00 ----D---- C:\Program Files\Movie Maker
2010-03-11 06:38:54 ----N---- C:\WINDOWS\system32\wininet.dll
2010-03-11 06:38:54 ----A---- C:\WINDOWS\system32\webcheck.dll
2010-03-11 06:38:54 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-03-11 06:38:53 ----N---- C:\WINDOWS\system32\occache.dll
2010-03-11 06:38:53 ----N---- C:\WINDOWS\system32\mstime.dll
2010-03-11 06:38:53 ----N---- C:\WINDOWS\system32\msrating.dll
2010-03-11 06:38:53 ----N---- C:\WINDOWS\system32\mshtmled.dll
2010-03-11 06:38:53 ----N---- C:\WINDOWS\system32\mshtml.dll
2010-03-11 06:38:53 ----A---- C:\WINDOWS\system32\url.dll
2010-03-11 06:38:53 ----A---- C:\WINDOWS\system32\pngfilt.dll
2010-03-11 06:38:53 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-03-11 06:38:53 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-03-11 06:38:52 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-03-11 06:38:52 ----N---- C:\WINDOWS\system32\iernonce.dll
2010-03-11 06:38:52 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-03-11 06:38:52 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-03-11 06:38:52 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-03-11 06:38:52 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\ieaksie.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\ieakeng.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\extmgr.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\dxtrans.dll
2010-03-11 06:38:51 ----N---- C:\WINDOWS\system32\corpol.dll
2010-03-11 06:38:51 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2010-03-11 06:38:51 ----A---- C:\WINDOWS\system32\icardie.dll
2010-03-11 06:38:51 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2010-03-11 06:38:51 ----A---- C:\WINDOWS\system32\advpack.dll
2010-03-10 07:18:21 ----A---- C:\WINDOWS\system32\ieudinit.exe
2010-03-10 07:18:20 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-02-22 23:18:28 ----N---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-09-07 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-03 1273344]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224]
R3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 catchme;catchme; \??\C:\BocomFx\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-03 380928]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-29 133104]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-07-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-07-08 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-07 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-07-08 1108464]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users