Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC has been compromised


  • This topic is locked This topic is locked
2 replies to this topic

#1 siggo

siggo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 16 May 2010 - 01:04 AM

I attempted to follow the malware prep guide but stalled out on step 7 when DDS would not run. I followed the threads in the forums to download and run RSIT and have posted the logs below. I have also included the inital logs for recent events from Norton Internet Security which keeps flagging and removing local virus and blocking attacks from the internet. Any help is greatly appreciated.

My basic problem is that Norton is locating and eliminating a virus every time I boot my pc. Norton also picks up and blocks some internet attacks everytime I attach to the internet. However each time I restart my pc the virus re-appears.

thanks!


NORTON RECENT SCAN DATA:
Category: Backup
Date & Time,Severity,Activity,Status,Recommended Action,Action,Location,Media Type
5/15/2010 10:00 PM,Info,Backup performed to I:,"Canceled, Canceled",None,Backup,I:,CD/DVD Drive


Category: Firewall - Network and Connections
Date & Time,Severity,Activity,Status,Recommended Action,Subnet Identifier,Gateway Physical Address,Category,Gateway IP Address
5/15/2010 9:45 PM,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,,
5/15/2010 9:45 PM,Info,Connected to a shared network. (00 12 17 C5 E0 D9),Trusted,No Action Required,,00 12 17 C5 E0 D9,,
5/15/2010 9:45 PM,Info,"Protecting your connection to a newly detected network on adapter \"Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport\" (IP address: 192.168.1.115).",Detected,No Action Required,,,Firewall - Activities,
5/8/2010 11:46 PM,Info,"IP address has disappeared from adapter Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport and is no longer being protected (IP address: 192.168.1.115).",Detected,No Action Required,,,Firewall - Activities,
5/8/2010 11:22 PM,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,,
5/8/2010 11:22 PM,Info,Connected to a shared network. (00 12 17 C5 E0 D9),Trusted,No Action Required,,00 12 17 C5 E0 D9,,
5/8/2010 11:21 PM,Info,"Protecting your connection to a newly detected network on adapter \"Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport\" (IP address: 192.168.1.115).",Detected,No Action Required,,,Firewall - Activities,
5/8/2010 10:50 PM,Info,Connected to a shared network. (00 12 17 C5 E0 D9),Trusted,No Action Required,,00 12 17 C5 E0 D9,,
5/8/2010 10:50 PM,Info,Connected to a protected network. (192.168.1.1),Protected,No Action Required,,,,192.168.1.1
5/8/2010 10:50 PM,Info,"Protecting your connection to a newly detected network on adapter \"Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport\" (IP address: 192.168.1.115).",Detected,No Action Required,,,Firewall - Activities,
5/8/2010 10:50 PM,Info,Connected to a shared network. (192.168.1.0/255.255.255.0),Trusted,No Action Required,192.168.1.0/255.255.255.0,,,
5/8/2010 10:42 PM,Info,"IP address has disappeared from adapter Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport and is no longer being protected (IP address: 192.168.1.111).",Detected,No Action Required,,,Firewall - Activities,


Category: Firewall - Activities
Date & Time,Severity,Activity,Status,Recommended Action,Category,Program Name,Program Path,Default Action,Action Taken,Local Computer,Traffic Description
5/15/2010 10:04 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 10:03 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 10:01 PM,Info,Firewall configuration updated: 97 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 10:01 PM,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,<path>C:\WINDOWS\system32\spoolsv.exe</path>,No Action Required,Automatically create rules,"192.168.1.115, 1397","Outbound TCP, Port 9100"
5/15/2010 10:01 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:59 PM,Info,"An instance of \"<path>C:\Program Files\Microsoft Office\Office12\WINWORD.EXE</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:56 PM,Info,"An instance of \"<path>C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CLTLMH.EXE</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:48 PM,Info,"An instance of \"<path>C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:47 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:47 PM,Info,"An instance of \"<path>C:\Program Files\PeerGuardian2\pg2.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:47 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:46 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:46 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\UStorSrv.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:46 PM,Info,"An instance of \"<path>C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:46 PM,Info,"An instance of \"<path>C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:46 PM,Info,"An instance of \"<path>C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:46 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\PnkBstrB.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\lsass.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\PnkBstrA.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"An instance of \"<path>C:\Program Files\iTunes\iTunesHelper.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"An instance of \"<path>C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\spoolsv.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"An instance of \"<path>C:\Program Files\Bonjour\mDNSResponder.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"An instance of \"<path>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"Rule \"Default Block Windows File Sharing\" permitted communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/15/2010 9:45 PM,Info,"Rule \"Default Block EPMAP\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
5/9/2010 12:12 AM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
5/9/2010 12:12 AM,Info,"An instance of \"<path>C:\Program Files\Comcast\Desktop Doctor\agent\bin\bcont_nm.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/9/2010 12:12 AM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/9/2010 12:12 AM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:50 PM,Info,"An instance of \"<path>E:\Mass Effect 2\Binaries\MassEffect2.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:50 PM,Info,"An instance of \"<path>E:\Mass Effect 2\MassEffect2Launcher.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:46 PM,Info,"An instance of \"<path>E:\Mass Effect 2\MassEffect2Launcher.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:38 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:38 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:35 PM,Info,Firewall configuration updated: 96 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:32 PM,Info,"An instance of \"<path>C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:24 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:23 PM,Info,"An instance of \"<path>C:\Program Files\iTunes\iTunesHelper.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:23 PM,Info,"An instance of \"<path>C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:22 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\alg.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:22 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\UStorSrv.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:22 PM,Info,"An instance of \"<path>C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:22 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:22 PM,Info,"An instance of \"<path>C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"An instance of \"<path>C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\PnkBstrB.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\lsass.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\spoolsv.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\PnkBstrA.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"An instance of \"<path>C:\Program Files\Bonjour\mDNSResponder.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"An instance of \"<path>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"Rule \"Default Block Windows File Sharing\" permitted communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"Rule \"Default Block EPMAP\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:21 PM,Info,"Rule \"Default Block Microsoft Windows 2000 SMB\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 11:19 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:58 PM,Info,Firewall rules were automatically created for .NET Runtime Optimization Service.,Protected,No Action Required,,.NET Runtime Optimization Service,<path>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe</path>,No Action Required,Automatically create rules,"192.168.1.115, 3544","Outbound TCP, www-http"
5/8/2010 10:58 PM,Info,Firewall configuration updated: 98 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:57 PM,Info,Firewall configuration updated: 97 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:57 PM,Info,Firewall rules were automatically created for .NET Runtime Optimization Service.,Protected,No Action Required,,.NET Runtime Optimization Service,<path>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe</path>,No Action Required,Automatically create rules,"192.168.1.115, 0","Outbound UDP, Port 53"
5/8/2010 10:57 PM,Info,"An instance of \"<path>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:57 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\msiexec.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:54 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:53 PM,Info,Firewall configuration updated: 96 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:53 PM,Info,Firewall rules were automatically created for Windows® installer.,Protected,No Action Required,,Windows® installer,<path>C:\WINDOWS\system32\msiexec.exe</path>,No Action Required,Automatically create rules,"192.168.1.115, 3491","Outbound TCP, https"
5/8/2010 10:53 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\msiexec.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:53 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\msiexec.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:53 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:53 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:50 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:50 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:47 PM,Info,"An instance of \"<path>E:\Mass Effect 2\Binaries\MassEffect2.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:47 PM,Info,"An instance of \"<path>E:\Mass Effect 2\MassEffect2Launcher.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:45 PM,Info,"An instance of \"<path>E:\Mass Effect 2\MassEffect2Launcher.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:44 PM,Info,"An instance of \"<path>C:\Program Files\DAEMON Tools Pro\DTPro.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:41 PM,Info,"An instance of \"<path>E:\Mass Effect 2\Binaries\MassEffect2.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:32 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:28 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:28 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:27 PM,Info,"An instance of \"<path>C:\Program Files\Spybot - Search & Destroy\SDFiles.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:27 PM,Info,"An instance of \"<path>C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:26 PM,Info,"An instance of \"<path>C:\Program Files\WinRAR\WinRAR.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:24 PM,Info,"An instance of \"<path>C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:23 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:22 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:21 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
5/8/2010 10:21 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,


Category: Intrusion Prevention
Date & Time,Severity,Activity,Status,Recommended Action,Risk Name,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description,Category
5/15/2010 9:49 PM,High,"An intrusion attempt by m01n83kjf7.com was blocked. Application path <path>\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE</path>",Blocked,No Action Required,HTTP Tidserv Request,"m01n83kjf7.com (85.12.46.159, 80)","7gafd33ja90a.com/cVr0EDYe7X6QKkS4dmVyPTMuNyZiaWQ9M2ExZWFiMTQtYjVmNC00OTJiLThmZjctZTBhNTA3NGRjNTk0JmFpZD0yMDcwMyZzaWQ9MCZyZD03LjUuMjAxMCZlbmc9c2VhcmNoLnlhaG9vLmNvbSZxPWJsZWVwaW5nJTIwY29tcHV0ZXIlMjBmb3I=06k","SIGGO-PRIME (192.168.1.115, 1066)",85.12.46.159 (85.12.46.159),"TCP, www-http",
5/15/2010 9:45 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,,Intrusion Prevention
5/15/2010 9:45 PM,Info,Intrusion Prevention is monitoring 1552 signatures. Driver version: 9.1.2.5,Detected,No Action Required,,,,,,,Intrusion Prevention
5/15/2010 9:45 PM,Info,Intrusion Prevention Engine version: 4.5.0.67 Definitions Set version: 20100505.001,Detected,No Action Required,,,,,,,Intrusion Prevention
5/8/2010 11:21 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,,Intrusion Prevention
5/8/2010 11:21 PM,Info,Intrusion Prevention is monitoring 1552 signatures. Driver version: 9.1.2.5,Detected,No Action Required,,,,,,,Intrusion Prevention
5/8/2010 11:21 PM,Info,Intrusion Prevention Engine version: 4.5.0.67 Definitions Set version: 20100505.001,Detected,No Action Required,,,,,,,Intrusion Prevention
5/8/2010 11:04 PM,High,"An intrusion attempt by 91.212.226.59 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,HTTPS Tidserv Request 2,"91.212.226.59, 443",,"SIGGO-PRIME (192.168.1.115, 3804)",91.212.226.59,"TCP, https",
5/8/2010 10:53 PM,High,"An intrusion attempt by m01n83kjf7.com was blocked. Application path <path>\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE</path>",Blocked,No Action Required,HTTP Tidserv Request,"m01n83kjf7.com (85.12.46.159, 80)","7gafd33ja90a.com/fzc1LRyP6B3Jozc3dmVyPTMuNyZiaWQ9M2ExZWFiMTQtYjVmNC00OTJiLThmZjctZTBhNTA3NGRjNTk0JmFpZD0yMDcwMyZzaWQ9MCZyZD03LjUuMjAxMCZlbmc9c2VhcmNoLnlhaG9vLmNvbSZxPWF0aSUyMGRyaXZl26g","SIGGO-PRIME (192.168.1.115, 3484)",85.12.46.159 (85.12.46.159),"TCP, www-http",
5/8/2010 10:34 PM,High,"An intrusion attempt by 91.212.226.59 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,HTTPS Tidserv Request 2,"91.212.226.59, 443",,"192.168.1.111, 3184",91.212.226.59,"TCP, https",
5/8/2010 10:29 PM,High,"An intrusion attempt by m01n83kjf7.com was blocked. Application path <path>\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE</path>",Blocked,No Action Required,HTTP Tidserv Request,"m01n83kjf7.com (85.12.46.159, 80)","7gafd33ja90a.com/yA30pKcp6k3jwdO3dmVyPTMuNyZiaWQ9M2ExZWFiMTQtYjVmNC00OTJiLThmZjctZTBhNTA3NGRjNTk0JmFpZD0yMDcwMyZzaWQ9MCZyZD03LjUuMjAxMCZlbmc9c2VhcmNoLnlhaG9vLmNvbSZxPW1hc3MrZWZmZWN0KzIrdjEuMStwYXRjaCtkb3dubG8=05c","192.168.1.111, 2357",85.12.46.159 (85.12.46.159),"TCP, www-http",
5/8/2010 10:28 PM,High,"An intrusion attempt by m01n83kjf7.com was blocked. Application path <path>\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE</path>",Blocked,No Action Required,HTTP Tidserv Request,"m01n83kjf7.com (85.12.46.159, 80)","7gafd33ja90a.com/QAd1S57E6V4J8to8dmVyPTMuNyZiaWQ9M2ExZWFiMTQtYjVmNC00OTJiLThmZjctZTBhNTA3NGRjNTk0JmFpZD0yMDcwMyZzaWQ9MCZyZD03LjUuMjAxMCZlbmc9c2VhcmNoLnlhaG9vLmNvbSZxPW1hc3MrZWZmZWN0KzIrdjEuMStwYXQ=07g","192.168.1.111, 2222",85.12.46.159 (85.12.46.159),"TCP, www-http",
5/8/2010 10:23 PM,High,"An intrusion attempt by m01n83kjf7.com was blocked. Application path <path>\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE</path>",Blocked,No Action Required,HTTP Tidserv Request,"m01n83kjf7.com (85.12.46.159, 80)","7gafd33ja90a.com/RAm3wbrD573QD9O7dmVyPTMuNyZiaWQ9M2ExZWFiMTQtYjVmNC00OTJiLThmZjctZTBhNTA3NGRjNTk0JmFpZD0yMDcwMyZzaWQ9MCZyZD03LjUuMjAxMCZlbmc9c2VhcmNoLnlhaG9vLmNvbSZxPWFsbCttYXNzK2VmZmVjdCsyK25vK2NkK3BhdGNoK2Z1bGwrb2Yrdmly26g","192.168.1.111, 2014",85.12.46.159 (85.12.46.159),"TCP, www-http",
5/8/2010 10:22 PM,High,"An intrusion attempt by m01n83kjf7.com was blocked. Application path <path>\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE</path>",Blocked,No Action Required,HTTP Tidserv Request,"m01n83kjf7.com (85.12.46.159, 80)","7gafd33ja90a.com/Dzx02WaP6Q6qNIc5dmVyPTMuNyZiaWQ9M2ExZWFiMTQtYjVmNC00OTJiLThmZjctZTBhNTA3NGRjNTk0JmFpZD0yMDcwMyZzaWQ9MCZyZD03LjUuMjAxMCZlbmc9c2VhcmNoLnlhaG9vLmNvbSZxPWFsbCttYXNzK2VmZmVjdCsyK25vK2NkK3BhdGNoK2Z1bGwrb2Yrdmly25c","192.168.1.111, 1976",85.12.46.159 (85.12.46.159),"TCP, www-http",


Category: Resolved Security Risks
Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State,File Name
5/15/2010 9:55 PM,Low,Tracking Cookies detected by Virus scanner,Quarantined,Resolved - No Action,Virus scanner,2010.05.15.019,109.2.3.12,Tracking Cookies,Cookie,File Based,Fully removed,
5/8/2010 10:24 PM,High,Auto-Protect has detected Trojan.FakeAV,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2010.05.08.019,,,Virus,,,c:\documents and settings\killgore\local settings\temp\0.5969618411543802.exe
5/8/2010 10:21 PM,High,Auto-Protect has detected Trojan.Gen,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2010.05.08.019,,,Virus,,,c:\documents and settings\killgore\desktop\downloads\mass effect 2 crack patcher + keygen\mass effect 2 crack patcher.exe


Category: Scan Results
Date & Time,Severity,Activity,Status,Task Name,Scan Time,Total items scanned,Files & Directories,Registry Entries,Processes & Start-Up Items,Network & Browser Items,Other,Trusted Files,Skipped Files,Total Security Risks Detected,Cookie,Total Security Risks Resolved,Cookie Resolved,Total Security Risks Requiring Attention
5/15/2010 10:12 PM,Info,Full System Scan results,Aborted,Full System Scan,0:00:21:23 (d:h:m:s),"73,562","66,147",486,"5,377","1,546",6,172,309,1,1,1,1,0
5/15/2010 9:56 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:54 (d:h:m:s),"6,086","1,123",309,"4,504",36,114,166,872,0,,0,,0
5/15/2010 9:50 PM,Info,Quick Scan results,Aborted,Quick Scan,0:00:01:18 (d:h:m:s),"1,794",394,0,"1,400",0,0,79,0,0,,0,,0
5/15/2010 9:50 PM,Info,Full System Scan results,Aborted,Full System Scan,0:00:00:10 (d:h:m:s),"1,553",332,0,"1,221",0,0,69,246,0,,0,,0


Category: System Activity Monitoring
Date & Time,Severity,Activity,Status,Recommended Action,Program,Last Updated,Affected Area,Modified resource
5/15/2010 10:07 PM,Low,"defogger.exe made 2 modifications to your computer., Resource",Detected,"No Action Required, No Action Required",c:\documents and settings\killgore\desktop\virus\defogger.exe,"Saturday, May 15, 2010 10:07 PM",System Configuration,"\REGISTRY\USER\S-1-5-21-1844237615-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\DAEMON Tools Pro Agent, \REGISTRY\USER\S-1-5-21-1844237615-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\AlcoholAutomount"
5/8/2010 11:42 PM,Low,"glb15.tmp made 7 modifications to your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\documents and settings\killgore\local settings\temp\glb15.tmp,"Saturday, May 08, 2010 11:42 PM",System Configuration,"c:\documents and settings\killgore\local settings\temp\glc16.tmp, c:\documents and settings\killgore\local settings\temp\glm17.tmp, c:\documents and settings\killgore\local settings\temp\glf1a.tmp\seatoolsforwindows.exe, c:\documents and settings\killgore\local settings\temp\glf1a.tmp\wiseprereq.dll, c:\documents and settings\killgore\local settings\temp\glf1a.tmp\wiseprereq.exe, c:\documents and settings\killgore\local settings\temp\glf1a.tmp\filepath1\vcredist_x86.exe, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{5B5B278F-BA85-4F6A-AAC9-5F75D5946F6E}"
5/8/2010 11:41 PM,Low,"seatoolsforwindows.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\documents and settings\killgore\local settings\temp\glf1a.tmp\seatoolsforwindows.exe,"Saturday, May 08, 2010 11:41 PM",System Configuration,c:\program files\common files\wise installation wizard\wis98613c991399416ca07c1ee1c585d872_1_2_0_1.msi
5/8/2010 11:40 PM,Low,"seatoolsforwindowssetup-1201.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\documents and settings\killgore\desktop\key items\downloads\drivers\hard drive\seatoolsforwindowssetup-1201.exe,"Saturday, May 08, 2010 11:40 PM",System Configuration,c:\documents and settings\killgore\local settings\temp\glb15.tmp
5/8/2010 11:16 PM,Low,"cccinstall.exe made 22 modifications to your computer., Resource",Detected,"No Action Required, No Action Required",c:\program files\ati technologies\ati.ace\core-static\cccinstall.exe,"Saturday, May 08, 2010 11:16 PM",System Configuration,"c:\windows\assembly\gac_msil\cli.aib.tutorialinfocentre.tutorial.dashboard\1.2.2600.29179__90ba9c70f846762e\cli.aib.tutorialinfocentre.tutorial.dashboard.dll, c:\windows\assembly\gac_msil\aem.server\2.0.3748.36822__90ba9c70f846762e\aem.server.dll, c:\windows\assembly\gac_msil\apm.server\2.0.3748.36823__90ba9c70f846762e\apm.server.dll, c:\windows\assembly\gac_msil\aem.ui\2.0.3748.36922__90ba9c70f846762e\aem.ui.dll, c:\windows\assembly\gac_msil\aticccom\2.0.0.0__90ba9c70f846762e\aticccom.dll, c:\windows\assembly\gac_msil\ccc.implementation\2.0.3748.36923__90ba9c70f846762e\ccc.implementation.dll, c:\windows\assembly\gac_msil\cli.aspect.customformatselection.graphics.dashboard.shared.private\2.0.3748.36866__90ba9c70f846762e\cli.aspect.customformatselection.graphics.dashboard.shared.private.dll, c:\windows\assembly\gac_msil\cli.caste.graphics.runtime.shared.private\2.0.3748.36849__90ba9c70f846762e\cli.caste.graphics.runtime.shared.private.dll, c:\windows\assembly\gac_msil\cli.component.autoremoval\2.0.3748.36907__90ba9c70f846762e\cli.component.autoremoval.dll, c:\windows\assembly\gac_msil\cli.component.client.shared.private\2.0.3748.36830__90ba9c70f846762e\cli.component.client.shared.private.dll, c:\windows\assembly\gac_msil\cli.component.dashboard\2.0.3748.36832__90ba9c70f846762e\cli.component.dashboard.dll, c:\windows\assembly\gac_msil\cli.component.dashboard.hotkeymanager\2.0.3748.36865__90ba9c70f846762e\cli.component.dashboard.hotkeymanager.dll, c:\windows\assembly\gac_msil\cli.component.dashboard.hotkeymanager.resources\2.0.3748.36865__90ba9c70f846762e\cli.component.dashboard.hotkeymanager.resources.dll, c:\windows\assembly\gac_msil\cli.component.dashboard.profilemanager\2.0.3748.36866__90ba9c70f846762e\cli.component.dashboard.profilemanager.dll, c:\windows\assembly\gac_msil\cli.component.dashboard.profilemanager.resources\2.0.3748.36866__90ba9c70f846762e\cli.component.dashboard.profilemanager.resources.dll, c:\windows\assembly\gac_msil\cli.component.dashboard.shared.private\2.0.3748.36831__90ba9c70f846762e\cli.component.dashboard.shared.private.dll, c:\windows\assembly\gac_msil\cli.component.eeu\2.0.3748.36903__90ba9c70f846762e\cli.component.eeu.dll, c:\windows\assembly\gac_msil\cli.component.erecord\2.0.3748.36860__90ba9c70f846762e\cli.component.erecord.dll, c:\windows\assembly\gac_msil\cli.component.help\2.0.3748.36920__90ba9c70f846762e\cli.component.help.dll, c:\windows\assembly\gac_msil\cli.component.icomponent\2.0.3748.36849__90ba9c70f846762e\cli.component.icomponent.dll, c:\windows\assembly\gac_msil\cli.component.load\2.0.3748.36921__90ba9c70f846762e\cli.component.load.dll, c:\windows\assembly\gac_msil\cli.component.launchpad\2.0.3748.36941__90ba9c70f846762e\cli.component.launchpad.dll"
5/8/2010 11:15 PM,Low,"set1d0.tmp made 5 modifications to your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\documents and settings\killgore\local settings\temp\set1d0.tmp,"Saturday, May 08, 2010 11:15 PM",System Configuration,"c:\documents and settings\killgore\local settings\temp\isp1d2.tmp\_setup.dll, c:\documents and settings\killgore\local settings\temp\{10a5db9d-8efe-4611-8832-7722de8a296c}\{055ee59d-217b-43a7-abff-507b966405d8}\isrt.dll, c:\documents and settings\killgore\local settings\temp\{10a5db9d-8efe-4611-8832-7722de8a296c}\{055ee59d-217b-43a7-abff-507b966405d8}\_isres.dll, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{055EE59D-217B-43A7-ABFF-507B966405D8}\DisplayIcon, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{055EE59D-217B-43A7-ABFF-507B966405D8}\UninstallString"
5/8/2010 11:06 PM,Low,"installmanagerapp.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\ati\support\10-4_xp32_dd_ccc_wdm_enu\bin\installmanagerapp.exe,"Saturday, May 08, 2010 11:06 PM",System Configuration,c:\windows\system32\drvstore\cx_98765_961bd920012c5f1d746167641c7e29fb53cae123\b_98282\atiiiexx.dll
5/8/2010 11:03 PM,Low,"10-4_xp32_dd_ccc_wdm_enu.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\documents and settings\killgore\desktop\key items\downloads\drivers\video\10-4_xp32_dd_ccc_wdm_enu.exe,"Saturday, May 08, 2010 11:03 PM",System Configuration,c:\documents and settings\killgore\local settings\temp\nsv16e.tmp\system.dll
5/8/2010 10:28 PM,Low,"7zfm.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\program files\7-zip\7zfm.exe,"Saturday, May 08, 2010 10:28 PM",System Configuration,c:\documents and settings\killgore\desktop\downloads\masseffect2.exe


Category: Identity
Date & Time,Severity,Activity,Status,Recommended Action
5/15/2010 9:48 PM,Info,Antiphishing definitions version 20100516.002 downloaded,Detected,No Action Required
5/8/2010 10:39 PM,Info,Using Antiphishing definitions version 20100509.002,Detected,No Action Required


Category: Tuneup
Date & Time,Severity,Activity,Status,Submitted By,Result
5/15/2010 10:13 PM,Info,Internet Explorer Temporary Files,Canceled,Tuneup,Fixed: 854
5/15/2010 9:51 PM,Info,Internet Explorer Temporary Files,Canceled,Tuneup,Fixed: 1382


Category: Silent Mode
Date & Time,Severity,Activity,Status,Recommended Action
5/9/2010 12:11 AM,Info,Light Silent Mode turned off.,Completed,No Action Required
5/8/2010 11:50 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
5/8/2010 10:49 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
5/8/2010 10:47 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
5/8/2010 10:43 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
5/8/2010 10:41 PM,Info,Light Silent Mode turned on.,Completed,No Action Required


Category: Norton Product Tamper Protection
Date & Time,Severity,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
5/15/2010 9:49 PM,Medium,Unauthorized access blocked (Send Terminate Message to Window),Blocked,No Action Required,"Saturday, May 15, 2010 9:49 PM",c:\windows\explorer.exe,1936,C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe,3412,Send Terminate Message to Window,Unauthorized access blocked
5/8/2010 11:17 PM,Medium,Unauthorized access blocked (Send Terminate Message to Window),Blocked,No Action Required,"Saturday, May 08, 2010 11:17 PM",c:\windows\explorer.exe,3280,C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe,2948,Send Terminate Message to Window,Unauthorized access blocked
5/8/2010 10:21 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, May 08, 2010 10:21 PM",c:\windows\explorer.exe,3280,C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe,2948,Open Process Token,Unauthorized access blocked


RSIT DATA:

info.txt logfile of random's system information tool 1.06 2010-05-15 22:50:28

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A8392AA2-3E6A-4DB5-B8EE-42DA53A16451}
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Active@ Partition Recovery Enterprise-->"C:\Program Files\Active Data Recovery Software\Active Partition Recovery\UNWISE.EXE" "C:\Program Files\Active Data Recovery Software\Active Partition Recovery\INSTALL.LOG"
Active@ Partition Recovery-->"C:\Program Files\InstallShield Installation Information\{B705AA09-2E48-4095-904C-F6CE8B97DEF6}\setup.exe" -runfromtemp -l0x0009 -removeonly
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Avery Wizard 3.1-->MsiExec.exe /I{F19F7B24-AAD4-4236-8475-5335483DA676}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{65C49E8C-2F21-4A3E-9399-EE18B7833F65}
Catalyst Control Center - Branding-->MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA}
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Data Lifeguard Diagnostic for Windows-->MsiExec.exe /X{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DMI Browse-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\DMI Browser\Uninst.isu"
Dragon Age: Origins-->C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe
DualCoreCenter-->"C:\Program Files\MSI\DualCoreCenter\unins000.exe"
DVDFab 6.2.0.5 (11/11/2009)-->"C:\Program Files\DVDFab 6\unins000.exe"
Easy CD & DVD Creator 6-->MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}
Europa Universalis III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}\setup.exe" -l0x9
Garmin City Navigator North America NT v8-->MsiExec.exe /X{5301C483-40FB-4F94-B56E-D7D5A114D2F6}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Garmin WebUpdater-->MsiExec.exe /X{E0783143-EAE2-4047-A8D6-E155523C594C}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HDD Regenerator-->MsiExec.exe /X{9064B17E-9FC9-439D-A4A0-668EC6AAFDEC}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
hp officejet d series-->MsiExec.exe /X{C0B88772-EACC-4F69-9F77-59A4894CF170}
HP Photo Printing Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\Photo Printing\hpiunPC.dll
HP Share-to-Web-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9
InfoView-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\InfoView\Uninst.isu"
i-Speeder-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\i-Speeder\Uninst.isu"
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
MapSource - US Topo v3.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD4203ED-7683-435E-B436-C299773A9936}\setup.exe" -l0x9 AddRemove
Mass Effect 2-->"C:\Program Files\Common Files\BioWare\Uninstall Mass Effect 2.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:03 AM

Posted 16 May 2010 - 01:21 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 PM

Posted 24 May 2010 - 01:37 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users