Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet another REDIRECT virus =\


  • This topic is locked This topic is locked
13 replies to this topic

#1 Da64u

Da64u

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 28 May 2010 - 12:36 AM

Hey, I have seen this site before but have usually been able to fix problems without posting. I have recently became
overwhelmed with redirects mostly from clicking google links, but it appears that MALWARE BYTES is blocking attempts when just viewing some pages. I have had fake antivirus messages pop up before but I usually just end the task, delete the start-up entry and do a system restore and that keeps them gone for a while but they always come back. I could really use some help in fixing these problems =] I have done a full scan with Malware Bytes, and Spybot S&D. I would really not like to waste anyones time so I will post as many logs as I can to avoid wasting time. I really hope it doesnt come off as disrecpectfull, im just trying to save time.


Thanks SO much! =]


Index:

1: Malwarebytes PROTECTION Log
2: DDS logfile.
3: GMER logfile
4: Malware Bytes logfile
5: RSIT Logfile





1: Malwarebytes PROTECTION Log






13:14:24 Bobby MESSAGE Protection started successfully
13:14:31 Bobby MESSAGE IP Protection started successfully
13:23:20 Bobby IP-BLOCK 85.12.46.159
13:23:23 Bobby IP-BLOCK 85.12.46.159
13:23:29 Bobby IP-BLOCK 85.12.46.159
13:23:41 Bobby IP-BLOCK 85.12.46.159
13:23:44 Bobby IP-BLOCK 85.12.46.159
13:23:50 Bobby IP-BLOCK 85.12.46.159
13:24:02 Bobby IP-BLOCK 85.12.46.159
13:24:05 Bobby IP-BLOCK 85.12.46.159
13:24:11 Bobby IP-BLOCK 85.12.46.159
13:24:23 Bobby IP-BLOCK 85.12.46.158
13:24:26 Bobby IP-BLOCK 85.12.46.158
13:24:32 Bobby IP-BLOCK 85.12.46.158
13:24:44 Bobby IP-BLOCK 85.12.46.159
13:24:47 Bobby IP-BLOCK 85.12.46.159
13:24:53 Bobby IP-BLOCK 85.12.46.159
13:25:05 Bobby IP-BLOCK 85.12.46.158
13:25:08 Bobby IP-BLOCK 85.12.46.158
13:25:14 Bobby IP-BLOCK 85.12.46.158
13:25:26 Bobby IP-BLOCK 85.12.46.158
13:25:29 Bobby IP-BLOCK 85.12.46.158
13:25:35 Bobby IP-BLOCK 85.12.46.158
13:25:47 Bobby IP-BLOCK 91.212.226.178
13:25:50 Bobby IP-BLOCK 91.212.226.178
13:25:56 Bobby IP-BLOCK 91.212.226.178
13:26:08 Bobby IP-BLOCK 85.12.46.158
13:26:08 Bobby IP-BLOCK 91.212.226.178
13:26:11 Bobby IP-BLOCK 85.12.46.158
13:26:11 Bobby IP-BLOCK 91.212.226.178
13:26:17 Bobby IP-BLOCK 85.12.46.158
13:27:31 Bobby IP-BLOCK 78.26.187.170
13:27:33 Bobby IP-BLOCK 64.111.196.126
13:27:34 Bobby IP-BLOCK 78.26.187.170
13:27:38 Bobby IP-BLOCK 64.111.196.126
13:27:40 Bobby IP-BLOCK 78.26.187.170
13:27:47 Bobby IP-BLOCK 85.12.46.159
13:27:48 Bobby IP-BLOCK 64.111.196.126
13:27:49 Bobby IP-BLOCK 208.87.33.151
13:27:50 Bobby IP-BLOCK 85.12.46.159
13:27:52 Bobby IP-BLOCK 208.87.33.151
13:27:56 Bobby IP-BLOCK 85.12.46.159
13:27:58 Bobby IP-BLOCK 208.87.33.151
13:27:59 Bobby IP-BLOCK 208.87.33.151
13:28:02 Bobby IP-BLOCK 208.87.33.151
13:28:08 Bobby IP-BLOCK 85.12.46.158
13:28:08 Bobby IP-BLOCK 64.111.196.126
13:28:08 Bobby IP-BLOCK 208.87.33.151
13:28:11 Bobby IP-BLOCK 85.12.46.158
13:28:17 Bobby IP-BLOCK 85.12.46.158
13:28:29 Bobby IP-BLOCK 91.212.226.178
13:28:32 Bobby IP-BLOCK 91.212.226.178
13:28:38 Bobby IP-BLOCK 91.212.226.178
13:28:48 Bobby IP-BLOCK 64.111.196.126
13:28:50 Bobby IP-BLOCK 91.212.226.130
13:28:53 Bobby IP-BLOCK 91.212.226.130
13:28:59 Bobby IP-BLOCK 91.212.226.130
13:29:11 Bobby IP-BLOCK 85.12.46.159
13:29:14 Bobby IP-BLOCK 85.12.46.159
13:29:20 Bobby IP-BLOCK 85.12.46.159
13:36:05 Bobby IP-BLOCK 85.12.46.159
13:36:08 Bobby IP-BLOCK 85.12.46.159
13:36:14 Bobby IP-BLOCK 85.12.46.159
13:36:26 Bobby IP-BLOCK 85.12.46.158
13:36:29 Bobby IP-BLOCK 85.12.46.158
13:36:35 Bobby IP-BLOCK 85.12.46.158
13:36:47 Bobby IP-BLOCK 91.212.226.178
13:36:50 Bobby IP-BLOCK 91.212.226.178
13:36:56 Bobby IP-BLOCK 91.212.226.178
13:37:08 Bobby IP-BLOCK 91.212.226.130
13:37:11 Bobby IP-BLOCK 91.212.226.130
13:37:17 Bobby IP-BLOCK 91.212.226.130
13:37:29 Bobby IP-BLOCK 85.12.46.159
13:37:32 Bobby IP-BLOCK 85.12.46.159
13:38:04 Bobby DETECTION C:\WINDOWS\system32\dllcache\beep.sys Fake.Beep.sys QUARANTINE
13:38:04 Bobby DETECTION C:\WINDOWS\system32\dllcache\beep.sys Fake.Beep.sys DENY
13:38:05 Bobby ERROR Quarantine failed: UtilityReadFile failed with error code 2
13:39:21 Bobby DETECTION C:\WINDOWS\system32\dllcache\cdrom.sys Trojan.Patched QUARANTINE
13:39:21 Bobby DETECTION C:\WINDOWS\system32\dllcache\cdrom.sys Trojan.Patched DENY
13:39:22 Bobby ERROR Quarantine failed: UtilityReadFile failed with error code 2
13:39:34 Bobby IP-BLOCK 85.12.46.159
13:39:37 Bobby IP-BLOCK 85.12.46.159
13:39:43 Bobby IP-BLOCK 85.12.46.159
13:39:55 Bobby IP-BLOCK 85.12.46.158
13:39:58 Bobby IP-BLOCK 85.12.46.158
13:40:04 Bobby IP-BLOCK 85.12.46.158
13:40:16 Bobby IP-BLOCK 91.212.226.178
13:40:19 Bobby IP-BLOCK 91.212.226.178
13:40:25 Bobby IP-BLOCK 91.212.226.178
13:40:37 Bobby IP-BLOCK 91.212.226.130
13:40:40 Bobby IP-BLOCK 91.212.226.130
13:40:46 Bobby IP-BLOCK 91.212.226.130
13:40:58 Bobby IP-BLOCK 85.12.46.159
13:41:01 Bobby IP-BLOCK 85.12.46.159
13:41:07 Bobby IP-BLOCK 85.12.46.159
13:41:19 Bobby IP-BLOCK 85.12.46.159
13:41:22 Bobby IP-BLOCK 85.12.46.159
13:41:28 Bobby IP-BLOCK 85.12.46.159
13:41:40 Bobby IP-BLOCK 85.12.46.158
13:41:42 Bobby IP-BLOCK 85.12.46.159
13:41:43 Bobby IP-BLOCK 85.12.46.158
13:41:45 Bobby IP-BLOCK 85.12.46.159
13:41:49 Bobby IP-BLOCK 85.12.46.158
13:41:51 Bobby IP-BLOCK 85.12.46.159
13:42:01 Bobby IP-BLOCK 91.212.226.178
13:42:03 Bobby IP-BLOCK 85.12.46.158
13:42:04 Bobby IP-BLOCK 91.212.226.178
13:42:06 Bobby IP-BLOCK 85.12.46.158
13:42:10 Bobby IP-BLOCK 91.212.226.178
13:42:12 Bobby IP-BLOCK 85.12.46.158
13:42:22 Bobby IP-BLOCK 91.212.226.130
13:42:24 Bobby IP-BLOCK 91.212.226.178
13:42:25 Bobby IP-BLOCK 91.212.226.130
13:42:27 Bobby IP-BLOCK 91.212.226.178
13:42:31 Bobby IP-BLOCK 91.212.226.130
13:42:33 Bobby IP-BLOCK 91.212.226.178
13:42:43 Bobby IP-BLOCK 85.12.46.159
13:42:45 Bobby IP-BLOCK 91.212.226.130
13:42:46 Bobby IP-BLOCK 85.12.46.159
13:42:48 Bobby IP-BLOCK 91.212.226.130
13:42:52 Bobby IP-BLOCK 85.12.46.159
13:42:54 Bobby IP-BLOCK 91.212.226.130
13:43:06 Bobby IP-BLOCK 85.12.46.159
13:43:09 Bobby IP-BLOCK 85.12.46.159
13:43:15 Bobby IP-BLOCK 85.12.46.159
13:45:07 Bobby IP-BLOCK 94.228.209.200
13:45:10 Bobby IP-BLOCK 94.228.209.200
13:45:16 Bobby IP-BLOCK 94.228.209.200
13:51:38 Bobby IP-BLOCK 85.12.46.159
13:51:41 Bobby IP-BLOCK 85.12.46.159
13:51:47 Bobby IP-BLOCK 85.12.46.159
13:51:59 Bobby IP-BLOCK 85.12.46.159
13:52:02 Bobby IP-BLOCK 85.12.46.159
13:52:08 Bobby IP-BLOCK 85.12.46.159
13:52:20 Bobby IP-BLOCK 85.12.46.158
13:52:23 Bobby IP-BLOCK 85.12.46.158
13:52:29 Bobby IP-BLOCK 85.12.46.158
13:52:41 Bobby IP-BLOCK 85.12.46.158
13:52:44 Bobby IP-BLOCK 85.12.46.158
13:52:51 Bobby IP-BLOCK 85.12.46.158
13:53:03 Bobby IP-BLOCK 91.212.226.178
13:53:06 Bobby IP-BLOCK 91.212.226.178
13:53:12 Bobby IP-BLOCK 91.212.226.178
13:53:24 Bobby IP-BLOCK 91.212.226.178
13:53:27 Bobby IP-BLOCK 91.212.226.178
13:53:33 Bobby IP-BLOCK 91.212.226.178
13:53:45 Bobby IP-BLOCK 85.12.46.159
13:53:48 Bobby IP-BLOCK 85.12.46.159
13:53:54 Bobby IP-BLOCK 85.12.46.159
13:54:06 Bobby IP-BLOCK 91.212.226.130
13:54:09 Bobby IP-BLOCK 91.212.226.130
13:54:15 Bobby IP-BLOCK 91.212.226.130
13:54:27 Bobby IP-BLOCK 91.212.226.130
13:54:30 Bobby IP-BLOCK 91.212.226.130
13:54:36 Bobby IP-BLOCK 91.212.226.130
13:54:48 Bobby IP-BLOCK 85.12.46.158
13:54:51 Bobby IP-BLOCK 85.12.46.158
13:54:57 Bobby IP-BLOCK 85.12.46.158
13:55:09 Bobby IP-BLOCK 85.12.46.159
13:55:12 Bobby IP-BLOCK 85.12.46.159
13:55:18 Bobby IP-BLOCK 85.12.46.159
13:55:30 Bobby IP-BLOCK 85.12.46.159
13:55:33 Bobby IP-BLOCK 85.12.46.159
13:55:39 Bobby IP-BLOCK 85.12.46.159
13:55:51 Bobby IP-BLOCK 91.212.226.178
13:55:54 Bobby IP-BLOCK 91.212.226.178
13:56:00 Bobby IP-BLOCK 91.212.226.178
13:56:12 Bobby IP-BLOCK 85.12.46.159
13:56:15 Bobby IP-BLOCK 85.12.46.159
13:56:21 Bobby IP-BLOCK 85.12.46.159
13:56:33 Bobby IP-BLOCK 91.212.226.130
13:56:36 Bobby IP-BLOCK 91.212.226.130
13:56:42 Bobby IP-BLOCK 91.212.226.130
13:56:54 Bobby IP-BLOCK 85.12.46.158
13:56:57 Bobby IP-BLOCK 85.12.46.158
13:57:03 Bobby IP-BLOCK 85.12.46.158
13:57:15 Bobby IP-BLOCK 85.12.46.159
13:57:18 Bobby IP-BLOCK 85.12.46.159
13:57:24 Bobby IP-BLOCK 85.12.46.159
13:57:36 Bobby IP-BLOCK 91.212.226.178
13:57:39 Bobby IP-BLOCK 91.212.226.178
13:57:45 Bobby IP-BLOCK 91.212.226.178
13:57:57 Bobby IP-BLOCK 91.212.226.130
13:58:00 Bobby IP-BLOCK 91.212.226.130
13:58:06 Bobby IP-BLOCK 91.212.226.130
13:58:18 Bobby IP-BLOCK 85.12.46.159
13:58:21 Bobby IP-BLOCK 85.12.46.159
13:58:27 Bobby IP-BLOCK 85.12.46.159
14:01:28 Bobby IP-BLOCK 94.228.209.200
14:01:31 Bobby IP-BLOCK 94.228.209.200
14:01:37 Bobby IP-BLOCK 94.228.209.200
14:01:57 Bobby IP-BLOCK 91.212.226.67
14:02:00 Bobby IP-BLOCK 91.212.226.67
14:02:06 Bobby IP-BLOCK 91.212.226.67
14:06:12 Bobby DETECTION C:\WINDOWS\system32\dllcache\setup.exe Trojan.Dropper QUARANTINE
14:06:12 Bobby DETECTION C:\WINDOWS\system32\dllcache\setup.exe Trojan.Dropper DENY
14:06:13 Bobby ERROR Quarantine failed: UtilityReadFile failed with error code 2
14:06:26 Bobby IP-BLOCK 85.12.46.159
14:06:29 Bobby IP-BLOCK 85.12.46.159
14:06:35 Bobby IP-BLOCK 85.12.46.159
14:06:47 Bobby IP-BLOCK 85.12.46.158
14:06:50 Bobby IP-BLOCK 85.12.46.158
14:06:56 Bobby IP-BLOCK 85.12.46.158
14:07:08 Bobby IP-BLOCK 91.212.226.178
14:07:11 Bobby IP-BLOCK 91.212.226.178
14:07:17 Bobby IP-BLOCK 91.212.226.178
14:07:29 Bobby IP-BLOCK 91.212.226.130
14:07:32 Bobby IP-BLOCK 91.212.226.130
14:07:38 Bobby IP-BLOCK 91.212.226.130
14:07:50 Bobby IP-BLOCK 85.12.46.159
14:07:53 Bobby IP-BLOCK 85.12.46.159
14:07:59 Bobby IP-BLOCK 85.12.46.159






2:DDS logfile






DDS (Ver_10-03-17.01) - NTFSx86
Run by Bobby at 15:08:41.21 on Thu 05/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1532 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Bobby\Desktop\dds.EXE

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search &

destroy\SDHelper.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [CursorXP] "c:\program files\cursorxp\CursorXP.exe" -s
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM
mRun: [BootSkin Startup Jobs] "c:\program files\stardock\wincustomize\bootskin\BootSkin.exe" /StartupJobs
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\bobby\startm~1\programs\startup\digsby.lnk - c:\documents and settings\bobby\local

settings\application data\digsby\app\digsby.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\bobby\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search &

destroy\SDHelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} -

hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: {D542AEF8-992B-4FBA-A21A-00C46D344652} = 68.87.74.166,68.87.68.166
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bobby\applic~1\mozilla\firefox\profiles\az47jzth.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - component: c:\documents and settings\bobby\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken",

false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual",

"http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-24 304464]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe

[2009-12-23 370688]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2010-4-21 37376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-24 20952]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-05-27 18:19:24 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-05-27 18:19:18 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-05-27 18:19:17 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-05-27 18:19:11 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-05-27 18:19:06 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-05-27 18:18:57 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-05-27 18:18:56 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2010-05-27 18:18:50 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-05-27 18:18:48 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-05-27 18:18:43 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-05-27 18:18:41 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-05-27 18:18:38 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-05-27 18:18:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-05-27 18:18:01 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-05-27 18:17:55 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-05-27 18:17:41 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-05-27 18:17:29 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-05-27 18:17:23 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-05-27 18:17:21 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-05-27 18:17:21 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-05-27 18:17:14 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2010-05-27 18:17:12 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2010-05-27 18:17:10 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-05-27 18:17:05 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2010-05-27 18:17:00 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2010-05-27 18:15:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-05-27 18:15:48 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-05-27 18:15:42 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-05-27 18:15:36 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-05-27 18:15:31 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-05-27 18:15:24 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-05-27 18:15:18 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-05-27 18:15:13 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2010-05-27 18:15:07 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2010-05-27 18:15:05 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-05-27 18:15:03 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-27 18:15:02 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-27 18:15:00 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-05-27 18:14:56 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2010-05-27 18:14:47 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-05-27 18:14:42 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-05-27 18:14:37 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-05-27 18:14:32 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-05-27 18:14:26 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-05-27 18:14:21 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-05-27 18:14:16 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-05-27 18:14:11 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-05-27 18:14:05 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-05-27 18:14:00 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-05-27 18:13:54 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2010-05-27 18:13:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-05-27 18:13:47 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2010-05-27 18:13:37 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-05-27 18:13:32 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2010-05-27 18:13:27 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-05-27 18:13:21 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2010-05-27 18:13:16 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-05-27 18:13:10 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2010-05-27 18:13:05 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2010-05-27 18:11:59 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-05-27 18:11:54 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-05-27 18:11:54 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys
2010-05-27 18:11:52 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys
2010-05-27 18:11:45 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-05-27 18:11:37 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-05-27 18:11:32 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-05-27 18:11:27 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-05-27 18:11:18 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-05-27 18:11:13 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-05-27 18:11:08 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-05-27 18:11:03 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-05-27 18:10:58 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2010-05-27 18:10:53 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2010-05-27 18:10:48 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-05-27 18:10:43 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-05-27 18:10:38 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-05-27 18:10:33 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-05-27 18:10:28 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-05-27 18:10:25 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-05-27 18:10:19 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-05-27 18:10:14 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-05-27 18:10:09 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2010-05-27 18:10:03 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2010-05-27 18:09:54 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-05-27 18:09:48 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2010-05-27 18:09:48 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-05-27 18:09:40 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-05-27 18:09:32 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-05-27 18:09:27 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-05-27 18:09:22 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-05-27 18:09:16 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-05-27 18:09:12 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-05-27 18:09:07 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-05-27 18:09:01 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-05-27 18:07:59 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2010-05-27 18:06:58 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-05-27 18:06:53 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-05-27 18:06:48 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-05-27 18:06:48 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-05-27 18:06:33 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-05-27 18:06:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-05-27 18:06:24 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-05-27 18:06:19 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-05-27 18:06:14 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-05-27 18:06:00 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-05-27 18:04:58 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2010-05-27 18:03:56 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-05-27 18:03:51 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-05-27 18:03:47 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2010-05-27 18:03:40 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-05-27 18:03:35 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-05-27 18:03:29 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2010-05-27 18:03:23 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-05-27 18:03:17 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-05-27 18:03:15 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2010-05-27 18:03:14 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2010-05-27 18:03:01 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-05-27 18:01:58 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-05-27 18:00:58 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2010-05-27 17:59:59 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2010-05-27 17:58:59 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2010-05-27 17:58:55 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-05-27 17:58:50 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2010-05-27 17:58:45 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2010-05-27 17:58:40 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2010-05-27 17:58:27 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-05-27 17:58:23 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-05-27 17:58:10 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-05-27 17:58:10 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-05-27 17:58:04 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-05-27 17:58:00 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-05-27 17:56:56 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2010-05-27 17:56:52 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2010-05-27 17:56:47 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2010-05-27 17:56:43 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2010-05-27 17:56:39 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2010-05-27 17:56:34 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2010-05-27 17:56:30 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2010-05-27 17:56:26 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2010-05-27 17:56:22 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-05-27 17:56:17 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-05-27 17:56:17 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2010-05-27 17:56:12 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-05-27 17:55:54 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-05-27 17:55:53 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-05-27 17:55:43 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-05-27 17:55:33 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-05-27 17:55:30 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-05-27 17:55:30 1875968 -c--a-w- c:\windows\system32\dllcache\msir3jp.lex
2010-05-27 17:55:29 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-05-27 17:55:15 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-05-27 17:55:11 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-05-27 17:55:10 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2010-05-27 17:55:09 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-05-27 17:53:56 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2010-05-27 17:52:58 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2010-05-27 17:51:47 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-05-27 17:50:59 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-05-27 17:49:56 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2010-05-27 17:48:59 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2010-05-27 17:48:38 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-05-27 17:48:31 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-05-27 17:48:27 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2010-05-27 17:48:23 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2010-05-27 17:48:16 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2010-05-27 17:48:13 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2010-05-27 17:48:08 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2010-05-27 17:48:04 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2010-05-27 17:48:00 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2010-05-27 17:46:56 101376 -c--a-w- c:\windows\system32\dllcache\hpgt34.dll
2010-05-27 17:45:58 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2010-05-27 17:44:57 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2010-05-27 17:43:58 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys
2010-05-27 17:42:59 69194 -c--a-w- c:\windows\system32\dllcache\el656cd5.sys
2010-05-27 17:41:58 37962 -c--a-w- c:\windows\system32\dllcache\divaprop.dll
2010-05-27 17:40:58 110592 -c--a-w- c:\windows\system32\dllcache\dc260usd.dll
2010-05-27 17:39:54 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2010-05-27 17:38:59 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2010-05-27 17:37:31 18432 -c--a-w- c:\windows\system32\dllcache\bdaplgin.ax
2010-05-27 17:36:59 281600 -c--a-w- c:\windows\system32\dllcache\atimtai.sys
2010-05-27 17:35:59 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2010-05-27 17:35:59 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-05-27 17:35:58 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2010-05-27 17:35:58 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2010-05-27 17:35:57 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2010-05-27 17:35:57 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2010-05-27 17:34:48 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-05-27 17:08:59 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-27 17:08:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-27 09:33:10 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-21 12:45:47 0 d--h--w- c:\windows\PIF
2010-05-19 19:47:30 0 d-----w- c:\program files\SystemRequirementsLab
2010-05-19 13:03:36 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-19 13:03:36 215920 ----a-w- c:\windows\system32\muweb.dll
2010-05-19 13:02:37 53693 ----a-w- c:\windows\UNDPX2A.sys
2010-05-19 13:02:37 15429 ----a-w- c:\windows\system32\drivers\Sacm2A.sys
2010-05-19 13:02:37 135168 ----a-w- c:\windows\UNDPX2A.exe
2010-05-19 07:00:25 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-18 07:48:00 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-05-18 03:37:51 0 d-----w- c:\documents and settings\bobby\Tracing
2010-05-18 03:33:31 0 d-----w- c:\program files\common files\Windows Live
2010-05-14 05:13:22 0 d-----w- c:\program files\Wondershare
2010-05-11 16:37:58 2820500 ----a-w- C:\18 Twisted Love.mp3
2010-05-11 16:34:56 0 d-----w- c:\program files\Free Audio Pack
2010-05-10 00:46:39 0 d-----w- c:\program files\Hero Editor
2010-05-09 23:29:28 0 d-----w- c:\program files\Trend Micro
2010-05-08 16:53:06 0 d-----w- c:\docume~1\bobby\applic~1\Thinstall
2010-05-07 15:23:08 0 d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2010-05-07 05:20:07 0 d-----w- c:\program files\Diablo II
2010-05-07 05:19:19 0 d-----w- c:\program files\Ventrilo
2010-05-07 05:19:05 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-05-07 05:18:46 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-07 02:43:43 0 d-----w- c:\docume~1\alluse~1\applic~1\WinMount
2010-05-05 00:18:04 0 d-----w- C:\downloads
2010-05-05 00:18:04 0 d-----w- c:\docume~1\bobby\applic~1\GrabPro
2010-05-04 01:52:11 0 d-----w- c:\program files\iPod
2010-05-04 01:45:31 0 d-----w- c:\program files\Bonjour
2010-04-29 16:41:17 0 d-----w- c:\docume~1\bobby\applic~1\TeamViewer
2010-04-29 16:41:11 0 d-----w- c:\documents and settings\bobby\temp
2010-04-28 22:02:08 0 d-----w- c:\program files\VideoLAN
2010-04-28 18:21:24 0 d-----w- c:\program files\Valve
2010-04-28 02:24:18 0 d-----w- c:\docume~1\bobby\applic~1\Vivox

==================== Find3M ====================

2010-05-10 00:44:16 249856 ------w- c:\windows\Setup1.exe
2010-05-10 00:44:13 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-08 16:55:47 41084 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 19:35:08 37376 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 19:25:38 7351 ----a-w- c:\windows\SCXEunin.dat
2010-04-04 19:25:22 72704 ----a-w- c:\windows\SCXEUnin.exe
2010-04-04 19:25:22 41268 ----a-w- c:\windows\fonts\Starcraft.ttf
2010-03-31 15:35:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-23 05:08:10 6993920 ----a-w- c:\windows\system32\logonuiX.exe
2010-03-23 04:25:40 45056 ----a-w- c:\windows\system32\sstunst3.exe
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 21:16:28 87608 ----a-w- c:\docume~1\bobby\applic~1\inst.exe
2010-03-09 21:16:28 47360 ----a-w- c:\docume~1\bobby\applic~1\pcouffin.sys
2010-03-05 14:13:40 947472 ----a-w- c:\windows\system32\msjava.dll
2010-02-08 21:04:41 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 15:10:32.85 ===============











3: GMER logfile











GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-27 21:25:42
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1.E58\LOCALS~1\Temp\pgpcykod.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\DRIVERS\mouclass.sys

entry point in ".rsrc" section [0xF77DB814]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtProtectVirtualMemory

7C90D6EE 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtWriteVirtualMemory

7C90DFAE 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!KiUserExceptionDispatcher

7C90E47C 5 Bytes JMP 007D000C
.text C:\WINDOWS\system32\svchost.exe[556] ole32.dll!CoCreateInstance

7750057E 5 Bytes JMP 00B0000A
.text C:\WINDOWS\Explorer.EXE[884] ntdll.dll!NtProtectVirtualMemory

7C90D6EE 5 Bytes JMP 00C8000A
.text C:\WINDOWS\Explorer.EXE[884] ntdll.dll!NtWriteVirtualMemory

7C90DFAE 5 Bytes JMP 00D2000A
.text C:\WINDOWS\Explorer.EXE[884] ntdll.dll!KiUserExceptionDispatcher

7C90E47C 5 Bytes JMP 00C7000C

---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0

8A50BD01

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04


Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0

0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew

0x4E 0x40 0x54 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0

C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001


Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0

0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew

0x18 0x07 0x87 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40


Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew

0x48 0xE3 0x2C 0x7A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)


Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0

0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew

0x4E 0x40 0x54 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0

C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)


Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0

0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew

0x18 0x07 0x87 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active

ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew

0x48 0xE3 0x2C 0x7A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{6302e47b-b5a2-43b0-a6f3-05c83c6dcb05}@Model

146
Reg HKLM\SOFTWARE\Classes\CLSID\{6302e47b-b5a2-43b0-a6f3-05c83c6dcb05}@Therad

21
Reg HKLM\SOFTWARE\Classes\CLSID\{6302e47b-b5a2-43b0-a6f3-05c83c6dcb05}@MData

0x73 0xD5 0xCF 0xB8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk

0xE6 0x31 0x2F 0x75 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\mouclass.sys

suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys

suspicious modification

---- EOF - GMER 1.0.15 ----









4: Malware Bytes logfile











Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4148

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/27/2010 2:55:51 PM
mbam-log-2010-05-27 (14-55-51).txt

Scan type: Full scan (C:\|)
Objects scanned: 264724
Time elapsed: 1 hour(s), 33 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Bobby\Desktop\malwarebytes\Malwarebytes Anti-Malware v1.46\patrick.exe (Trojan.Agent.CK) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Bobby\Desktop\Cerberus\DirectX.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bobby\Local Settings\Temp\144F.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bobby\Local Settings\Temp\UjlE.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Dreamweaver CS5\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3FB54717-8ED4-4CF6-8316-1C34E468C3C0}\RP138\A0034599.exe (Trojan.Refroso) ->

Quarantined and deleted successfully.
C:\System Volume Information\_restore{3FB54717-8ED4-4CF6-8316-1C34E468C3C0}\RP138\A0034607.exe (Trojan.Banker) ->

Quarantined and deleted successfully.
C:\System Volume Information\_restore{3FB54717-8ED4-4CF6-8316-1C34E468C3C0}\RP138\A0034610.exe (Trojan.Banker) ->

Quarantined and deleted successfully.
C:\System Volume Information\_restore{3FB54717-8ED4-4CF6-8316-1C34E468C3C0}\RP138\A0034612.exe (Trojan.Banker) ->

Quarantined and deleted successfully.
C:\System Volume Information\_restore{3FB54717-8ED4-4CF6-8316-1C34E468C3C0}\RP138\A0034619.exe (Trojan.Banker) ->

Quarantined and deleted successfully.
C:\System Volume Information\_restore{3FB54717-8ED4-4CF6-8316-1C34E468C3C0}\RP138\A0034604.exe (Trojan.Banker) ->

Quarantined and deleted successfully.
C:\System Volume Information\_restore{3FB54717-8ED4-4CF6-8316-1C34E468C3C0}\RP138\A0034623.exe (Trojan.Banker) ->

Quarantined and deleted successfully.
C:\System Volume Information\_restore{3FB54717-8ED4-4CF6-8316-1C34E468C3C0}\RP138\A0034630.exe (Trojan.Banker) ->

Quarantined and deleted successfully.
C:\System Volume Information\_restore{3FB54717-8ED4-4CF6-8316-1C34E468C3C0}\RP138\A0034641.exe (Trojan.Banker) ->

Quarantined and deleted successfully.
C:\System Volume Information\_restore{3FB54717-8ED4-4CF6-8316-1C34E468C3C0}\RP138\A0034642.exe (Trojan.Banker) ->

Quarantined and deleted successfully.
C:\WINDOWS\Temp\1451.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.









5: RSIT Logfile










Logfile of random's system information tool 1.07 (written by random/random)
Run by Bobby at 2010-05-28 01:32:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 86 GB (58%) free of 147 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:32:46 AM, on 5/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Bobby\Desktop\RSIT.exe
C:\Program Files\trend micro\Bobby.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Digsby.lnk = C:\Documents and Settings\Bobby\Local Settings\Application Data\Digsby\App\digsby.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bobby\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s...el_4.1.66.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D542AEF8-992B-4FBA-A21A-00C46D344652}: NameServer = 68.87.74.166,68.87.68.166
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11088 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-E58AEB3F9A6342E-Bobby.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FEE18DAC-672E-45DB-8D44-99D399927BC8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2010-01-20 181680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-02-26 1657344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2004-11-15 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-31 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2004-11-15 720896]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-02-26 1657344]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-10-21 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-10-21 2744832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2004-10-13 57344]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-09-10 344064]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-20 28672]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"LogonStudio"=C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]
"BootSkin Startup Jobs"=C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe [2004-04-26 270336]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2010-02-08 160592]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2010-03-08 3179952]
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 140288]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VzFw"=2
"VzCdbSvc"=2
"Vcsw"=3
"VAIOMediaPlatform-VideoServer-UPnP"=3
"VAIOMediaPlatform-VideoServer-AppServer"=3
"VAIOMediaPlatform-Mobile-Gateway"=3
"VAIOMediaPlatform-IntegratedServer-UPnP"=3
"VAIOMediaPlatform-IntegratedServer-HTTP"=3
"VAIOMediaPlatform-IntegratedServer-AppServer"=3
"VAIO Entertainment TV Device Arbitration Service"=3
"VAIO Entertainment Task Scheduler"=3
"VAIO Entertainment Aggregation and Control Service"=3

C:\Documents and Settings\Bobby\Start Menu\Programs\Startup
Digsby.lnk - C:\Documents and Settings\Bobby\Local Settings\Application Data\Digsby\App\digsby.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-10-08 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2006-03-25 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=8

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Bobby\Local Settings\Temp\7zS36.tmp\SymNRT.exe"="C:\Documents and Settings\Bobby\Local Settings\Temp\7zS36.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Novalogic\MIG-29 Fulcrum\M29.exe"="C:\Program Files\Novalogic\MIG-29 Fulcrum\M29.exe:*:Disabled:MiG29"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52c0c0cc-1677-11df-a0f5-001111dfcd8b}]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77490f51-26f0-11df-a0fe-001111dfcd8b}]
shell\AutoRun\command - J:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95ce554a-14db-11df-a0e7-001111dfcd8b}]
shell\AutoRun\command - setup.exe


======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 1 months======

2010-05-28 01:32:31 ----D---- C:\rsit
2010-05-27 15:26:16 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-27 13:08:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-05-27 13:08:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-27 05:09:06 ----D---- C:\Documents and Settings\Bobby\Application Data\Google
2010-05-21 08:45:47 ----HD---- C:\WINDOWS\PIF
2010-05-19 15:47:30 ----D---- C:\Program Files\SystemRequirementsLab
2010-05-19 09:03:36 ----A---- C:\WINDOWS\system32\muweb.dll
2010-05-19 09:03:36 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-05-19 09:02:37 ----A---- C:\WINDOWS\UNDPX2A.exe
2010-05-19 08:49:34 ----D---- C:\Documents and Settings\Bobby\Application Data\InterVideo
2010-05-19 08:48:10 ----D---- C:\Config.Msi
2010-05-19 03:01:44 ----DC---- C:\WINDOWS\$NtUninstallKB961503$
2010-05-19 03:00:25 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-05-18 03:48:00 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-05-17 23:36:22 ----D---- C:\Program Files\Windows Live
2010-05-17 23:33:31 ----D---- C:\Program Files\Common Files\Windows Live
2010-05-16 20:58:37 ----A---- C:\SendRequestLog.txt
2010-05-16 20:58:37 ----A---- C:\SendLog.txt
2010-05-16 20:58:37 ----A---- C:\RecvRequestLog.txt
2010-05-16 20:58:37 ----A---- C:\RecvLog.txt
2010-05-16 20:58:37 ----A---- C:\PersonalRequestLog.txt
2010-05-14 01:13:22 ----D---- C:\Program Files\Wondershare
2010-05-13 03:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-11 12:34:56 ----D---- C:\Program Files\Free Audio Pack
2010-05-09 20:46:39 ----D---- C:\Program Files\Hero Editor
2010-05-09 19:29:28 ----D---- C:\Program Files\Trend Micro
2010-05-08 13:24:35 ----D---- C:\Program Files\Common Files\Adobe
2010-05-08 12:53:06 ----D---- C:\Documents and Settings\Bobby\Application Data\Thinstall
2010-05-07 11:23:08 ----D---- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
2010-05-07 11:20:27 ----D---- C:\Program Files\Adobe Media Player
2010-05-07 11:19:41 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-05-07 01:24:42 ----D---- C:\Documents and Settings\Bobby\Application Data\Ventrilo
2010-05-07 01:20:07 ----D---- C:\Program Files\Diablo II
2010-05-07 01:19:19 ----D---- C:\Program Files\Ventrilo
2010-05-07 01:19:05 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-05-07 01:18:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-05-06 22:43:43 ----D---- C:\Documents and Settings\All Users\Application Data\WinMount
2010-05-06 21:55:46 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2010-05-04 20:18:04 ----D---- C:\downloads
2010-05-04 20:18:04 ----D---- C:\Documents and Settings\Bobby\Application Data\GrabPro
2010-05-04 20:18:00 ----D---- C:\Documents and Settings\Bobby\Application Data\Orbit
2010-05-03 21:52:11 ----D---- C:\Program Files\iPod
2010-05-03 21:45:31 ----D---- C:\Program Files\Bonjour
2010-05-03 15:35:20 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-04-29 12:41:17 ----D---- C:\Documents and Settings\Bobby\Application Data\TeamViewer

======List of files/folders modified in the last 1 months======

2010-05-28 01:32:14 ----D---- C:\WINDOWS\Temp
2010-05-28 00:14:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-27 21:35:01 ----D---- C:\WINDOWS\network diagnostic
2010-05-27 21:29:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-27 21:29:40 ----D---- C:\Documents and Settings\Bobby\Application Data\DMCache
2010-05-27 21:29:40 ----A---- C:\WINDOWS\LogonStudio.ini
2010-05-27 15:26:58 ----D---- C:\Documents and Settings
2010-05-27 15:26:16 ----D---- C:\WINDOWS
2010-05-27 15:20:04 ----D---- C:\WINDOWS\Prefetch
2010-05-27 14:58:39 ----DC---- C:\WINDOWS\system32\dllcache
2010-05-27 14:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2010-05-27 14:58:03 ----D---- C:\WINDOWS\system32\drivers
2010-05-27 14:11:54 ----SHD---- C:\WINDOWS\Installer
2010-05-27 13:11:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-27 13:08:59 ----RD---- C:\Program Files
2010-05-27 05:34:15 ----D---- C:\Program Files\uTorrent
2010-05-27 05:33:30 ----D---- C:\WINDOWS\system32\config
2010-05-27 05:33:10 ----D---- C:\WINDOWS\system32\wbem
2010-05-27 05:33:10 ----D---- C:\WINDOWS\Registration
2010-05-27 05:32:45 ----D---- C:\Documents and Settings\Bobby\Application Data\uTorrent
2010-05-27 05:09:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-05-27 05:08:58 ----SD---- C:\WINDOWS\Tasks
2010-05-27 05:08:54 ----D---- C:\Program Files\Google
2010-05-26 15:13:26 ----D---- C:\Documents and Settings\Bobby\Application Data\U3
2010-05-24 14:30:36 ----D---- C:\WINDOWS\Debug
2010-05-22 14:31:28 ----D---- C:\WINDOWS\system32
2010-05-19 19:17:29 ----D---- C:\Documents and Settings\Bobby\Application Data\Vso
2010-05-19 15:47:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-19 15:44:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-19 15:43:34 ----HD---- C:\WINDOWS\inf
2010-05-19 15:43:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-05-19 08:52:59 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-19 08:49:11 ----D---- C:\Program Files\Outlook Express
2010-05-18 03:51:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-17 23:37:48 ----SD---- C:\Documents and Settings\Bobby\Application Data\Microsoft
2010-05-17 23:36:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-05-17 23:36:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-05-17 23:33:31 ----D---- C:\Program Files\Common Files
2010-05-09 23:50:37 ----D---- C:\Program Files\StarCraft
2010-05-09 20:44:16 ----N---- C:\WINDOWS\Setup1.exe
2010-05-09 20:44:13 ----A---- C:\WINDOWS\ST6UNST.EXE
2010-05-07 23:33:09 ----D---- C:\WINDOWS\WinSxS
2010-05-07 23:32:06 ----D---- C:\Documents and Settings\Bobby\Application Data\Adobe
2010-05-07 23:31:53 ----D---- C:\Program Files\Adobe
2010-05-07 23:04:07 ----D---- C:\Program Files\JDownloader
2010-05-07 22:59:26 ----RSD---- C:\WINDOWS\Fonts
2010-05-07 01:23:59 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-05-07 00:08:15 ----D---- C:\Program Files\StarCraft II Beta
2010-05-07 00:03:52 ----D---- C:\Program Files\iTunes
2010-05-06 23:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2010-05-03 21:52:08 ----D---- C:\Program Files\Common Files\Apple
2010-05-03 15:35:59 ----D---- C:\Documents and Settings\Bobby\Application Data\AdobeUM
2010-04-30 14:51:06 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
R2 WMDrive;WMDrive; \??\C:\WINDOWS\system32\drivers\WMDrive.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-10-27 2297984]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-03-09 47360]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-10 15429]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 adnmph30;adnmph30; C:\WINDOWS\system32\drivers\adnmph30.sys []
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-10-08 752093]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-29 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-31 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 NoIPDUCService;NoIPDUCService; C:\Program Files\No-IP\DUC20.exe [2010-03-30 1172992]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TVersityMediaServer;TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [2010-02-25 856064]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S4 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2004-08-23 139264]
S4 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe [2004-11-02 339968]
S4 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2004-10-25 73728]
S4 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2004-11-02 1826816]
S4 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2004-06-16 57344]
S4 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2004-06-22 733184]
S4 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2004-06-16 188416]
S4 VAIOMediaPlatform-VideoServer-AppServer;VAIO Media Video Server; C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe [2003-10-30 1286144]
S4 VAIOMediaPlatform-VideoServer-UPnP;VAIO Media Video Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2004-06-22 733184]
S4 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2004-10-25 278528]
S4 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2004-10-25 131072]
S4 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2004-10-25 118784]

-----------------EOF-----------------





Thanks! =]



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 29 May 2010 - 03:13 PM

Hello, Da64u.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
(The info.txt will not appear for you. Please find it at C:\rsit)
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 Da64u

Da64u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 29 May 2010 - 10:32 PM

QUOTE(aommaster @ May 29 2010, 04:13 PM) View Post
Hello, Da64u.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".
Please do the following so I can take a look at the current state of your system.

We need to run RSIT
(The info.txt will not appear for you. Please find it at C:\rsit)
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.
In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log




Thanks very much for picking up my topic. There is NO reason to appoligize, take your time =]

2/3 of the logs were included in the first post, and I will now paste the third log info.txt. I have made an index up top to help you find the correct logfile =]


Thanks again!





info.txt logfile of random's system information tool 1.06 2010-05-28 01:32:49

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32BC2460-6246-11D3-88BC-0000B43BC585}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{C79312BD-3E76-4474-A10C-1435D1856A4B}"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Premiere Standard-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{7998F67D-655B-42E3-B651-18D96DD17268}\setup.exe"
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Agere Systems PCI Soft Modem-->agrsmdel
AIM 7-->C:\Program Files\AIM\uninst.exe
AlienGUIse Theme Manager-->C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
AlienGUIse Theme Manager-->C:\PROGRA~1\ALIENG~1\UNWISE.EXE C:\PROGRA~1\ALIENG~1\INSTALL.LOG
Any Video Converter 3.0.3-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avi2Dvd 0.5-->C:\Program Files\Avi2Dvd\uninst.exe
AVIcodec (remove only)-->"C:\Program Files\AVIcodec\uninst.exe"
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
BootSkin-->C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
Catalyst Control Center - Branding-->MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Click to DVD 2.0.02 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.2.10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
ConvertXtoDVD 4.0.9.322-->"C:\Program Files\VSO\ConvertX\4\unins000.exe"
CursorXP-->C:\Program Files\CursorXP\CurXPUtil.exe -u
Diablo II-->C:\Program Files\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe
Digsby-->C:\Documents and Settings\Bobby\Local Settings\Application Data\Digsby\App\uninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
ffdshow [rev 2844] [2009-03-30]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
FL Studio 9-->C:\Program Files\Image-Line\FL Studio 9\uninstall.exe
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Half-Life Dedicated Server Update Tool-->C:\PROGRA~1\Valve\HLServer\UNWISE.EXE C:\PROGRA~1\Valve\HLServer\INSTALL.LOG
Half-Life® 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Hardcore-->C:\Program Files\Image-Line\Hardcore\uninstall.exe
Hero Editor V0.95-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
IconPackager-->C:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
InterVideo WinDVD 5 for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVDX-->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
K-Lite Codec Pack 5.7.0 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LogonStudio-->C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Magic ISO Maker v5.5 (build 0281)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
MIG-29 Fulcrum-->C:\PROGRA~1\NOVALO~1\MIG-29~1\UNWISE.EXE C:\PROGRA~1\NOVALO~1\MIG-29~1\INSTALL.LOG
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Native Instruments Guitar Rig 3-->C:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG
No-IP.com DUC (remove only)-->"C:\Program Files\No-IP\DUC20.exe" -uninstall
OpenMG Limited Patch 4.0-04-08-02-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.0-04-08-02-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.0.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F1974D6-4249-43B6-88B0-9A9B8A33956C} /l1033 UNINSTALL
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
ResumeMaker Ultimate-->MsiExec.exe /I{BF901F72-A7E8-4F3C-9E70-5E1B8FD05CEB}
Sawer-->C:\Program Files\Image-Line\Sawer\uninstall.exe
Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SonicStage 2.1.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\Setup.exe" -l0x9 UNINSTALL
SonicStage Mastering Studio 1.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF3B304B-8A18-452D-A19F-6012CA8418D7}\Setup.exe" -l0x9
SonicStage Mastering Studio Audio Filter Custom Preset-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}\setup.exe" -l0x9
SonicStage Mastering Studio Plugins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}\Setup.exe" -l0x9
SonicStage MP3 Add-on program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA7ECDA9-C6DD-4E4A-8EB8-9899E08C6740}\Setup.exe" -l0x9
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StarCraft II Beta-->C:\Program Files\Common Files\Blizzard Entertainment\StarCraft II Beta\Uninstall.exe
StarCraft-->C:\Program Files\Common Files\Blizzard Entertainment\StarCraft\Uninstall.exe
StarForge-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\StarForge\ST6UNST.LOG"
StealthBot 2.7-->MsiExec.exe /I{C05DEB30-501D-4106-958D-C5E147D2BF7E}
Steam™-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab for Intel-->MsiExec.exe /I{F7FC9307-374E-4017-8E9D-DE1154780480}
TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
TreeSize Free V2.4-->"C:\Program Files\JAM Software\TreeSize Free\unins000.exe"
TVersity Media Server 1.8 Beta-->C:\Program Files\TVersity\Media Server\uninst.exe
Unlocker 1.8.8-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
USB Video Driver-->C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36B1F7D-3B51-4DBC-A4AE-F25B06DF2AD1}\setup.exe" -l0x9
VAIO Edit Components-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01AE599F-7B72-4135-8C56-9191F4ACBA88}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\setup.exe" -l0x9
VAIO Help and Support-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A43F939E-A863-433D-AC78-0897E44CFEB2}\setup.exe" -l0x9
VAIO Media 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL
VAIO Media Redistribution 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Original Screen Saver VAIO Scene HD Normal Contents-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25CF0627-2EF6-4FCE-A0DE-7D6350C774B2}\setup.exe" -l0x9
VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.exe" -l0x9
VAIO Structure Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E715FA41-46EB-4D3F-B4D9-A45973E76026}\setup.exe" -l0x9
VAIO Update 4-->"C:\Program Files\InstallShield Installation Information\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Zone-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}\Setup.exe" -l0x9
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WindowBlinds-->C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\embda_754491038463AF55DC013DBF40581C2B1BFEE429\embda.inf
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\emaudio_754491038463AF55DC013DBF40581C2B1BFEE429\emaudio.inf
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMount V3.2.0423-->"C:\Program Files\WinMount3\unins000.exe"
WinPcap 4.1.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRar\uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======System event log======

Computer Name: E58AEB3F9A6342E
Event Code: 240
Message: A request to suspend power was denied by BitLord.exe.

Record Number: 5204
Source Name: Win32k
Time Written: 20100226221012.000000-300
Event Type: warning
User:

Computer Name: E58AEB3F9A6342E
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 5195
Source Name: Tcpip
Time Written: 20100226142102.000000-300
Event Type: warning
User:

Computer Name: E58AEB3F9A6342E
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001111DFCD8B. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 5104
Source Name: Dhcp
Time Written: 20100225151101.000000-300
Event Type: warning
User:

Computer Name: E58AEB3F9A6342E
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 5103
Source Name: Tcpip
Time Written: 20100224230541.000000-300
Event Type: warning
User:

Computer Name: E58AEB3F9A6342E
Event Code: 1073
Message: The attempt to reboot E58AEB3F9A6342E failed

Record Number: 5083
Source Name: USER32
Time Written: 20100224225706.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: E58AEB3F9A6342E
Event Code: 1000
Message: Faulting application starcraft.exe, version 1.16.1.1, faulting module , version 0.0.0.0, fault address 0x00000000.

Record Number: 535
Source Name: Application Error
Time Written: 20100325140646.000000-240
Event Type: error
User:

Computer Name: E58AEB3F9A6342E
Event Code: 1000
Message: Faulting application starcraft.exe, version 1.16.1.1, faulting module , version 0.0.0.0, fault address 0x00000000.

Record Number: 534
Source Name: Application Error
Time Written: 20100325140456.000000-240
Event Type: error
User:

Computer Name: E58AEB3F9A6342E
Event Code: 1000
Message: Faulting application starcraft.exe, version 1.16.1.1, faulting module , version 0.0.0.0, fault address 0x00000000.

Record Number: 532
Source Name: Application Error
Time Written: 20100325140357.000000-240
Event Type: error
User:

Computer Name: E58AEB3F9A6342E
Event Code: 1000
Message: Faulting application starcraft.exe, version 1.16.1.1, faulting module , version 0.0.0.0, fault address 0x00000000.

Record Number: 530
Source Name: Application Error
Time Written: 20100325140324.000000-240
Event Type: error
User:

Computer Name: E58AEB3F9A6342E
Event Code: 1000
Message: Faulting application ah.scr, version 4.0.0.206, faulting module ah.scr, version 4.0.0.206, fault address 0x00014314.

Record Number: 506
Source Name: Application Error
Time Written: 20100323002600.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 29 May 2010 - 10:56 PM

Hello, Da64u.
You're more than welcome. Reason I asked for the logs again is due to the fact that they change often, so it's always better to have a fresh log. But it's fine, since I'll ask for one later on smile.gif

Also, no need to use the quote button, you can use the "Add Reply" button at the bottom of the page to add your reply. It'll make your posts shorter as well as enable you to copy and paste longer logs in.

Let's begin smile.gif
P2P Program Warning!

uTorrent

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
Here

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall the programs listed above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




We need to disable TeaTimer
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. ClickMode and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press yes
  5. Click on Tools
  6. Click on Resident
  7. Uncheck the following checkboxes:
    • Resident "SDHelper" (Internet Explorer bad download blocker) active.
    • Resident "TeaTimer" (Protection for over-all system settings) active.
  8. Close/Exit Spybot Search and Destroy


NEXT:

We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 Da64u

Da64u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 30 May 2010 - 08:36 PM

I attempted to run CompoFix But unfourtonatly I wasn't able to connect to the internet to download the recovery console, Im using a USB connection with my modem and im guessing combofix disables most drivers to prevent interfearing. Do you have a link to the Recovery Console download? Im not able to use ethernet connection. Thanks!

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 30 May 2010 - 09:03 PM

Hi!

Yes, you can have combofix manually install the recovery console. To do this:
  1. Go to Microsoft's website
  2. Select the download that's appropriate for your Operating System
    Note: If you are using Windows XP SP3, download the SP2 package
  3. Download the file & save it as it's originally named
  4. Drag the setup package onto ComboFix.exe and drop it.
  5. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  6. At the next prompt, click Yes to run the full ComboFix scan

Edited by aommaster, 30 May 2010 - 09:03 PM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 Da64u

Da64u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 30 May 2010 - 10:36 PM

Okay I did it, the redirects DID go away =] Im really wondering what it was though. Any guesses? I didnt see any files running that looked bad. . .

thanks for your help.








ComboFix 10-05-30.04 - Bobby 05/30/2010 22:54:38.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1429 [GMT -4:00]
Running from: c:\documents and settings\Bobby\Desktop\CombFix.exe
Command switches used :: c:\documents and settings\Bobby\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bobby\Application Data\inst.exe
c:\documents and settings\Bobby\Local Settings\Application Data\{703C8175-50C4-4CF2-A168-4D9D3B1EDC62}
c:\documents and settings\Bobby\Local Settings\Application Data\{703C8175-50C4-4CF2-A168-4D9D3B1EDC62}\chrome\content\_cfg.js
c:\documents and settings\Bobby\Local Settings\Application Data\{703C8175-50C4-4CF2-A168-4D9D3B1EDC62}\chrome\content\overlay.xul
c:\documents and settings\Bobby\Local Settings\Application Data\{703C8175-50C4-4CF2-A168-4D9D3B1EDC62}\install.rdf
c:\windows\setup.exe
H:\autorun.inf

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-29 13:29 . 2010-05-29 13:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-05-28 18:31 . 2010-05-28 18:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-28 16:56 . 2010-05-28 16:56 3205464 ----a-w- c:\documents and settings\Bobby\Application Data\IDM\idmupdt.exe
2010-05-28 05:32 . 2010-05-28 05:32 -------- d-----w- C:\rsit
2010-05-27 19:26 . 2010-05-27 19:27 -------- d-----w- c:\documents and settings\Administrator.E58AEB3F9A6342E
2010-05-27 18:19 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-05-27 18:19 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-05-27 18:19 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-05-27 18:19 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-05-27 18:19 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-05-27 18:18 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-05-27 18:18 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-05-27 18:18 . 2004-08-04 02:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-05-27 18:18 . 2008-04-13 17:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-05-27 18:18 . 2004-08-04 02:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-05-27 18:18 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-05-27 18:18 . 2008-04-13 17:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-05-27 18:18 . 2004-08-04 02:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-05-27 18:17 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-05-27 18:17 . 2001-08-17 17:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-05-27 18:17 . 2001-08-18 02:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-05-27 18:17 . 2001-08-18 02:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-05-27 18:17 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-05-27 18:17 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-05-27 18:17 . 2001-08-17 17:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2010-05-27 18:17 . 2004-08-04 02:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2010-05-27 18:17 . 2008-04-13 17:45 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-05-27 18:17 . 2001-08-17 16:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2010-05-27 18:17 . 2004-08-04 02:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2010-05-27 18:15 . 2008-04-13 23:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-05-27 18:15 . 2001-08-17 17:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-05-27 18:15 . 2001-08-17 17:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-05-27 18:15 . 2001-08-17 17:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-05-27 18:15 . 2001-08-17 17:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-05-27 18:15 . 2001-08-17 17:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-05-27 18:15 . 2001-08-17 17:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-05-27 18:15 . 2001-08-17 17:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2010-05-27 18:15 . 2001-08-17 17:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2010-05-27 18:15 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-05-27 18:15 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-27 18:15 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-27 18:15 . 2008-04-13 17:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-05-27 18:14 . 2004-08-04 02:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2010-05-27 18:14 . 2001-08-18 02:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-05-27 18:14 . 2001-08-18 02:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-05-27 18:14 . 2001-08-18 02:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-05-27 18:14 . 2001-08-18 02:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-05-27 18:14 . 2001-08-18 02:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-05-27 18:14 . 2001-08-17 17:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-05-27 18:14 . 2001-08-18 02:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-05-27 18:14 . 2001-08-18 02:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-05-27 18:14 . 2001-08-18 02:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-05-27 18:14 . 2001-08-18 02:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-05-27 18:13 . 2001-08-17 17:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2010-05-27 18:13 . 2001-08-17 17:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-05-27 18:13 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2010-05-27 18:13 . 2001-08-17 16:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-05-27 18:13 . 2001-08-18 02:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2010-05-27 18:13 . 2001-08-17 16:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-05-27 18:13 . 2001-08-17 18:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2010-05-27 18:13 . 2001-08-17 16:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-05-27 18:13 . 2001-08-17 18:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2010-05-27 18:13 . 2001-08-17 16:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2010-05-27 18:11 . 2001-08-17 16:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-05-27 18:11 . 2004-08-04 12:00 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys
2010-05-27 18:11 . 2001-08-17 16:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-05-27 18:11 . 2004-08-04 12:00 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys
2010-05-27 18:11 . 2001-08-17 17:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-05-27 18:11 . 2001-08-17 17:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-05-27 18:11 . 2001-08-17 16:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-05-27 18:11 . 2001-08-17 18:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-05-27 18:11 . 2001-08-17 18:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-05-27 18:11 . 2001-08-17 18:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-05-27 18:11 . 2001-08-17 18:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-05-27 18:11 . 2001-08-17 18:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-05-27 18:10 . 2001-08-18 02:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2010-05-27 18:10 . 2001-08-17 17:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2010-05-27 18:10 . 2001-08-17 18:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-05-27 18:10 . 2001-08-18 02:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-05-27 18:10 . 2001-08-18 02:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-05-27 18:10 . 2001-08-18 02:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-05-27 18:10 . 2001-08-18 02:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-05-27 18:10 . 2008-04-13 17:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-05-27 18:10 . 2001-08-18 02:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-05-27 18:10 . 2001-08-18 02:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-05-27 18:10 . 2001-08-17 16:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2010-05-27 18:10 . 2001-08-17 17:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2010-05-27 18:09 . 2001-08-17 16:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-05-27 18:09 . 2004-08-04 12:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-05-27 18:09 . 2001-08-18 02:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2010-05-27 18:09 . 2001-08-18 02:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-05-27 18:09 . 2001-08-17 17:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-05-27 18:09 . 2001-08-18 02:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-05-27 18:09 . 2001-08-17 18:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-05-27 18:09 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-05-27 18:09 . 2001-08-17 16:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-05-27 18:09 . 2001-08-18 02:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-05-27 18:09 . 2001-08-17 16:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-05-27 18:07 . 2001-08-18 02:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2010-05-27 18:06 . 2001-08-17 16:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-05-27 18:06 . 2001-08-17 18:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-05-27 18:06 . 2004-08-04 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-05-27 18:06 . 2001-08-17 16:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-05-27 18:06 . 2001-07-21 18:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-05-27 18:06 . 2001-07-21 18:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-05-27 18:06 . 2001-08-17 16:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-05-27 18:06 . 2001-08-18 02:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-05-27 18:06 . 2001-08-17 16:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-05-27 18:06 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-05-27 18:04 . 2001-08-17 16:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2010-05-27 18:03 . 2004-08-04 02:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-05-27 18:03 . 2001-08-17 16:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-05-27 18:03 . 2001-08-17 16:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2010-05-27 18:03 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-05-27 18:03 . 2001-08-17 16:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-05-27 18:03 . 2008-04-13 17:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2010-05-27 18:03 . 2001-08-17 16:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-05-27 18:03 . 2001-08-18 02:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-05-27 18:03 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2010-05-27 18:03 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2010-05-27 18:03 . 2001-08-17 17:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-05-27 18:01 . 2001-08-17 17:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-05-27 18:00 . 2001-08-17 18:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2010-05-27 17:59 . 2001-08-17 16:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2010-05-27 17:58 . 2001-08-17 18:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 16:57 . 2010-03-08 18:52 218544 ----a-w- c:\documents and settings\Bobby\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-28 16:57 . 2010-03-08 18:52 -------- d-----w- c:\documents and settings\Bobby\Application Data\DMCache
2010-05-28 16:56 . 2010-03-08 18:52 -------- d-----w- c:\documents and settings\Bobby\Application Data\IDM
2010-05-27 17:11 . 2010-02-25 03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 09:34 . 2010-04-22 02:32 -------- d-----w- c:\program files\uTorrent
2010-05-27 09:32 . 2010-04-22 02:32 -------- d-----w- c:\documents and settings\Bobby\Application Data\uTorrent
2010-05-27 09:08 . 2004-11-15 23:42 -------- d-----w- c:\program files\Google
2010-05-26 19:13 . 2010-02-10 19:15 -------- d-----w- c:\documents and settings\Bobby\Application Data\U3
2010-05-19 23:17 . 2010-03-09 21:16 -------- d-----w- c:\documents and settings\Bobby\Application Data\Vso
2010-05-19 12:48 . 2010-05-18 03:36 -------- d-----w- c:\program files\Windows Live
2010-05-19 12:48 . 2010-05-19 07:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-18 03:33 . 2010-05-18 03:33 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-10 03:50 . 2010-03-22 22:40 -------- d-----w- c:\program files\StarCraft
2010-05-10 00:44 . 2010-04-04 19:42 249856 ------w- c:\windows\Setup1.exe
2010-05-10 00:44 . 2010-04-04 19:42 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-08 16:55 . 2010-04-11 06:10 41084 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-08 03:04 . 2010-04-19 15:28 -------- d-----w- c:\program files\JDownloader
2010-05-07 15:50 . 2010-02-08 18:52 44416 ----a-w- c:\documents and settings\Bobby\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 15:19 . 2010-05-27 19:27 38784 ----a-w- c:\documents and settings\Administrator.E58AEB3F9A6342E\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-07 05:23 . 2010-03-22 22:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-07 04:08 . 2010-04-14 14:17 -------- d-----w- c:\program files\StarCraft II Beta
2010-05-07 04:03 . 2010-04-03 15:51 -------- d-----w- c:\program files\iTunes
2010-05-04 01:52 . 2010-03-03 23:48 -------- d-----w- c:\program files\Common Files\Apple
2010-05-03 19:35 . 2010-02-10 21:34 -------- d-----w- c:\documents and settings\Bobby\Application Data\AdobeUM
2010-04-29 19:39 . 2010-02-25 03:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-02-25 03:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 16:41 . 2010-04-29 16:41 -------- d-----w- c:\documents and settings\Bobby\Application Data\TeamViewer
2010-04-29 01:56 . 2010-04-28 22:26 -------- d-----w- c:\documents and settings\Bobby\Application Data\vlc
2010-04-28 22:02 . 2010-04-28 22:02 -------- d-----w- c:\program files\VideoLAN
2010-04-28 20:24 . 2010-04-28 18:21 -------- d-----w- c:\program files\Valve
2010-04-28 18:21 . 2010-04-28 18:21 15872 ----a-r- c:\documents and settings\Bobby\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2010-04-28 02:24 . 2010-04-28 02:24 -------- d-----w- c:\documents and settings\Bobby\Application Data\Vivox
2010-04-22 20:07 . 2010-04-22 20:07 -------- d-----w- c:\documents and settings\Bobby\Application Data\JAM Software
2010-04-22 20:07 . 2010-04-22 20:07 -------- d-----w- c:\program files\JAM Software
2010-04-22 20:00 . 2010-04-22 20:00 -------- d-----w- c:\program files\MagicISO
2010-04-21 20:08 . 2010-04-21 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk
2010-04-21 19:54 . 2010-04-21 19:54 -------- d-----w- c:\documents and settings\Bobby\Application Data\Cakewalk
2010-04-21 19:51 . 2010-04-21 19:51 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-04-21 19:51 . 2010-04-21 19:51 -------- d-----w- c:\program files\Common Files\Digidesign
2010-04-21 19:51 . 2010-04-19 21:53 -------- d-----w- c:\program files\VstPlugins
2010-04-21 19:51 . 2010-04-21 19:51 -------- d-----w- c:\program files\Native Instruments
2010-04-21 19:36 . 2010-04-21 19:35 -------- d-----w- c:\program files\WinMount3
2010-04-21 19:35 . 2010-04-21 19:35 -------- d-----w- c:\documents and settings\Bobby\Application Data\Local Settings
2010-04-21 19:35 . 2010-04-21 19:35 37376 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2010-04-19 22:42 . 2010-04-19 22:19 -------- d-----w- c:\documents and settings\Bobby\Application Data\Juce VST Host
2010-04-19 22:19 . 2010-04-19 22:19 -------- d-----w- c:\documents and settings\Bobby\Application Data\Hardcore
2010-04-19 21:54 . 2010-04-19 21:54 -------- d-----w- c:\program files\ASIO4ALL v2
2010-04-19 21:53 . 2010-04-19 21:50 -------- d-----w- c:\program files\Image-Line
2010-04-19 21:53 . 2010-04-19 21:53 -------- d-----w- c:\program files\Outsim
2010-04-15 01:26 . 2010-04-15 01:26 -------- d-----w- c:\program files\MSECache
2010-04-14 14:23 . 2010-04-14 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-04-14 14:16 . 2010-04-14 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-04-14 14:16 . 2010-04-14 13:31 -------- d-----w- c:\program files\StarCraft II Beta enUS 13891 Installer
2010-04-14 14:13 . 2010-04-14 03:46 -------- d-----w- c:\documents and settings\Bobby\Application Data\Skype
2010-04-14 12:09 . 2010-04-14 03:47 -------- d-----w- c:\documents and settings\Bobby\Application Data\skypePM
2010-04-14 07:17 . 2010-04-14 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-14 03:47 . 2010-04-14 03:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-14 03:46 . 2010-04-14 03:46 -------- d-----r- c:\program files\Skype
2010-04-14 03:46 . 2010-04-14 03:46 -------- d-----w- c:\program files\Common Files\Skype
2010-04-14 03:46 . 2010-04-14 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-14 00:50 . 2010-04-14 00:50 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-04-13 14:56 . 2010-04-13 14:56 0 ----a-w- c:\windows\nsreg.dat
2010-04-11 23:14 . 2010-04-10 17:48 -------- d-----w- c:\documents and settings\Bobby\Application Data\Digsby
2010-04-11 23:14 . 2010-04-10 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Digsby
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 18:21 . 2010-03-03 23:50 -------- d-----w- c:\documents and settings\Bobby\Application Data\Apple Computer
2010-04-04 19:43 . 2010-04-04 19:42 -------- d-----w- c:\program files\StarForge
2010-04-04 19:25 . 2010-04-04 19:25 7351 ----a-w- c:\windows\SCXEunin.dat
2010-04-04 19:25 . 2010-04-04 19:25 967 ----a-w- c:\windows\SCXEUnin.pif
2010-04-04 19:25 . 2010-04-04 19:25 72704 ----a-w- c:\windows\SCXEUnin.exe
2010-04-03 15:52 . 2010-04-03 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-03 15:47 . 2010-04-03 15:47 -------- d-----w- c:\program files\QuickTime
2010-03-31 15:35 . 2010-03-29 16:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 16:46 . 2010-03-29 16:46 503808 ----a-w- c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-676f941c-n\msvcp71.dll
2010-03-29 16:46 . 2010-03-29 16:46 499712 ----a-w- c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-676f941c-n\jmc.dll
2010-03-29 16:46 . 2010-03-29 16:46 348160 ----a-w- c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-676f941c-n\msvcr71.dll
2010-03-29 16:46 . 2010-03-29 16:46 61440 ----a-w- c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e0dee6e-n\decora-sse.dll
2010-03-29 16:46 . 2010-03-29 16:46 12800 ----a-w- c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e0dee6e-n\decora-d3d.dll
2010-03-23 20:01 . 2010-03-23 20:01 7358 ----a-r- c:\documents and settings\Bobby\Application Data\Microsoft\Installer\{C05DEB30-501D-4106-958D-C5E147D2BF7E}\_7a653c12.exe
2010-03-23 20:01 . 2010-03-23 20:01 7358 ----a-r- c:\documents and settings\Bobby\Application Data\Microsoft\Installer\{C05DEB30-501D-4106-958D-C5E147D2BF7E}\_3c6a7f4.exe
2010-03-23 05:08 . 2004-11-15 20:29 6993920 ----a-w- c:\windows\system32\logonuiX.exe
2010-03-23 04:32 . 2010-03-23 04:31 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2010-03-23 04:25 . 2010-03-23 04:25 45056 ----a-w- c:\windows\system32\sstunst3.exe
2010-03-10 06:15 . 2004-11-15 20:30 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 21:16 . 2010-03-09 21:16 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-09 21:16 . 2010-03-09 21:16 47360 ----a-w- c:\documents and settings\Bobby\Application Data\pcouffin.sys
2010-03-09 21:16 . 2010-03-09 21:16 47360 ----a-w- c:\documents and settings\Bobby\Application Data\pcouffin.sys
2010-03-05 14:13 . 2007-02-13 20:22 947472 ----a-w- c:\windows\system32\msjava.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-02-08 160592]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-28 3220912]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 140288]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-22 2744832]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\Bobby\Start Menu\Programs\Startup\
Digsby.lnk - c:\documents and settings\Bobby\Local Settings\Application Data\Digsby\App\digsby.exe [2010-3-3 141488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2006-03-25 15:54 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VzFw"=2 (0x2)
"VzCdbSvc"=2 (0x2)
"Vcsw"=3 (0x3)
"VAIOMediaPlatform-VideoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-AppServer"=3 (0x3)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"VAIO Entertainment Task Scheduler"=3 (0x3)
"VAIO Entertainment Aggregation and Control Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Novalogic\\MIG-29 Fulcrum\\M29.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:star
"6112:UDP"= 6112:UDP:star1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/24/2010 11:33 PM 304464]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [4/21/2010 3:35 PM 37376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/24/2010 11:33 PM 20952]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/8/2010 11:05 PM 691696]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-05-31 c:\windows\Tasks\User_Feed_Synchronization-{FEE18DAC-672E-45DB-8D44-99D399927BC8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Bobby\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {D542AEF8-992B-4FBA-A21A-00C46D344652} = 68.87.74.166,68.87.68.166
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\az47jzth.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - component: c:\documents and settings\Bobby\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Adobe_435a6af7459cb02a9c1138113a26e93 - c:\program files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
AddRemove-{C79312BD-3E76-4474-A10C-1435D1856A4B} - c:\program files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 23:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1258296462-675890375-2005029889-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6302e47b-b5a2-43b0-a6f3-05c83c6dcb05}]
@Denied: (Full) (Everyone)
"Model"=dword:00000092
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e6,31,2f,75,93,9f,0a,d0,3c,00,39,0a,e4,10,26,ec,9e,0e,5c,c1,d7,
95,2d,a5,e3,16,71,18,eb,b8,a6,c5,58,d9,3a,29,92,1c,79,0d,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Completion time: 2010-05-30 23:09:40
ComboFix-quarantined-files.txt 2010-05-31 03:09

Pre-Run: 92,265,082,880 bytes free
Post-Run: 92,399,575,040 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 813E0958C4F1B314716A4786E29E027F


#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 30 May 2010 - 10:41 PM

Hello, Da64u.
Good to hear smile.gif

You had the newest variant of TDSS (TDL3). It's a really advanced rootkit that patches a random windows driver. However, if you query that driver (e.g. ask for its file size, or modification date etc.), the rootkit will provide you with the correct information, so there's no way of determining that the driver is non-legit without the use of an advanced rootkit program such as GMER.

We need to run an ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the ESET Online Scanner button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the Eset Smart Installer icon on your desktop.
  4. Check the "YES, I accept the Terms of Use"
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check Scan archives
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push "List of found threats"
  11. Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the "<<Back" button.
  13. Push Finish

In your next reply, please include the following:
  • Eset Scan Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 Da64u

Da64u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 31 May 2010 - 08:40 AM

Here we go




C:\Program Files\Siber Systems\AI RoboForm\roboform.dll probably a variant of Win32/Rbot trojan
C:\Program Files\Stardock\Object Desktop\IconPackager\patch.exe a variant of Win32/HackTool.Patcher.A application
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mouclass.sys.vir Win32/Olmarik.ZC trojan
Operating memory probably a variant of Win32/Rbot trojan


#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 31 May 2010 - 12:13 PM

Hello, Da64u.
Looks good!

We need to uninstall Combofix
  1. Click on your Start Menu, then Run....
  2. Now type combofix /uninstall in the runbox and click OK. Notice the space between the "x" and "/".




Your Log looks Clean please take the time to read below to secure your machine and take the necessary steps to keep it clean smile.gif

There are many ways to reduce the chance of getting infected in the future. Below, I have listed a few:
  1. Practice Safe Internet
    • Be weary about attachments in emails. Avoid opening .exe, .com, .bat, or .pif files.
    • Watch out for Foistware. More info can be found on Foistware, And how to avoid it.
    • Do not fall for Rogue/Suspect Anti-Spyware Products & Web Sites
    • Do not go to adult sites.
    • When using an Instant Messaging program be cautious about clicking on links people send to you.
    • Stay away from Warez and Crack sites. In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Use McAfee Siteadvisor to look up info on a site if you are not sure whether it is legitimate
    • Do not install any software without first reading the End User License Agreement, otherwise known as the EULA.
  2. Make Internet Explorer more secure
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt

        When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Make Firefox more secure
    Firefox is a relatively safe browser compared to Internet Explorer. However, if you'd still like to enhance security, consider some of these extensions:
    • NoScript: Add-on which automatically blocks Javascript and Java from running on sites.
    • Firekeeper: Add-on which aims to protect your from malicious websites which may exploit browser and code security flaws.
    • KeyScrambler: Add-on that protects your passwords from being detected by keyloggers.
  4. Keep Windows updated
    Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install.
  5. Install and update the following programs frequently
    1. An outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here
    2. An antivirus software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
    3. An antispyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    4. SpywareBlaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    5. MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  6. Keep your other software updated too
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

Some more links you might find of interest:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 Da64u

Da64u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 31 May 2010 - 06:46 PM

My last log did show infected files, and I specified not to delete infections that way I could review them first. The roboform.dll is a patch for my full version. Whats are the odds that its maliscious?

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 31 May 2010 - 06:48 PM

Hi!

It's highly unlikely that they are trojans as stated on the log if you've downloaded them from legitimate websites (which was my assumption). The third one belongs to Combofix, and will be removed once you uninstall combofix.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 Da64u

Da64u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 31 May 2010 - 06:55 PM

Ohhhh, GREAT. Thanks for your help man =]

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:06 AM

Posted 31 May 2010 - 07:00 PM

No problem! Glad to help smile.gif

Since this problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please send me a PM with the address of this thread. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users