Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Firefox Targeting Competing VPN Sites With ProtonVPN Offer in New Test

Featured Deal: Get 95% Off the Certified Information Systems Security Professional Training Course

Photo

Search engine redirects

Started by Logan6901 , May 29 2010 10:22 PM

  • This topic is locked This topic is locked
11 replies to this topic

#1 Logan6901

Logan6901

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 29 May 2010 - 10:22 PM

I am having a problem getting rid of this search engine redirect bug. I have run both malwarebytes and spybot both have found items and removed them, but I am still getting redirected. Here are my latest Malware and hijack this logs. I already have the latest version of combofix download so if you need that log i can provide it also. thanks in advanced for the help.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4154

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/29/2010 11:11:24 PM
mbam-log-2010-05-29 (23-11-24).txt

Scan type: Full scan (C:\|)
Objects scanned: 241592
Time elapsed: 47 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Application Data\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45E23ECB-6D90-4423-80E4-78C3D62FC033}\RP1859\A0204761.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45E23ECB-6D90-4423-80E4-78C3D62FC033}\RP1861\A0206007.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:21:22 PM, on 5/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - https://research.flagler.edu:9253/lib/flagl...s/ebraryRdr.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_6-1-2.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182477918953
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} (CPlayFirstWeddingDasControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.11.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/tryphara...gamesplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab40641.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11786 bytes

BC AdBot (Login to Remove)

 

#2 Logan6901

Logan6901
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 30 May 2010 - 10:49 AM

Here are a few more logs to help out.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-30 11:34:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwtiakog.sys


---- System - GMER 1.0.15 ----

SSDT sppf.sys ZwCreateKey [0xF743A0E0]
SSDT sppf.sys ZwEnumerateKey [0xF7457CA2]
SSDT sppf.sys ZwEnumerateValueKey [0xF7458030]
SSDT sppf.sys ZwOpenKey [0xF743A0C0]
SSDT sppf.sys ZwQueryKey [0xF7458108]
SSDT sppf.sys ZwQueryValueKey [0xF7457F88]
SSDT sppf.sys ZwSetValueKey [0xF745819A]

INT 0x62 ? 898A8BF8
INT 0x63 ? 896BCBF8
INT 0x73 ? 896BCBF8
INT 0x82 ? 898A8BF8
INT 0xA4 ? 896BCBF8
INT 0xB4 ? 896BCBF8

---- Kernel code sections - GMER 1.0.15 ----

? hpbbfpic.sys The system cannot find the file specified. !
? sppf.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B92718AC 5 Bytes JMP 896BC1D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8BDC360, 0x372FAD, 0xE8000020]
init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7782760]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[96] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[96] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[96] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[880] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00E3000A
.text C:\WINDOWS\System32\svchost.exe[880] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EA000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 898AA2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F746A93C] sppf.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F746A990] sppf.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F743B040] sppf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F743B13C] sppf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F743B0BE] sppf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F743B7FC] sppf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F743B6D2] sppf.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 896BC2D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F744AD92] sppf.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 898A71F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4D24F5AA-E77D-4F40-81B9-23CEDAD2C3BC} 890921F8
Device \Driver\usbuhci \Device\USBPDO-0 896BB1F8
Device \Driver\usbuhci \Device\USBPDO-1 896BB1F8
Device \Driver\usbuhci \Device\USBPDO-2 896BB1F8
Device \Driver\usbehci \Device\USBPDO-3 8965F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 899171F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 899171F8
Device \Driver\Cdrom \Device\CdRom0 8958A1F8
Device \Driver\Cdrom \Device\CdRom1 8958A1F8
Device \Driver\atapi \Device\Ide\IdePort0 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 890921F8
Device \Driver\NetBT \Device\NetbiosSmb 890921F8
Device \Driver\usbuhci \Device\USBFDO-0 896BB1F8
Device \Driver\usbuhci \Device\USBFDO-1 896BB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8906F1F8
Device \Driver\usbuhci \Device\USBFDO-2 896BB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8906F1F8
Device \Driver\usbehci \Device\USBFDO-3 8965F1F8
Device \Driver\Ftdisk \Device\FtControl 899171F8
Device \FileSystem\Cdfs \Cdfs 8950F1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x1A 0x8B 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x1A 0x8B 0x0A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x1A 0x8B 0x0A ...

---- EOF - GMER 1.0.15 ----

[attachment=58911:Attach.txt]

Edited by Logan6901, 31 May 2010 - 10:16 AM.
Move to log forum. ~ OB

#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:05 AM

Posted 31 May 2010 - 03:59 PM

Hello, Logan6901.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

#4 Logan6901

Logan6901
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 31 May 2010 - 06:04 PM

here are the requested logs. Before I ran these I used a tutorial I found on another website and I think i might have fixed the problem.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Owner at 2010-05-31 18:58:39
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (5%) free of 38 GB
Total RAM: 1534 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:58:41 PM, on 5/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesDell Support Centerbinsprtsvc.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesJavajre6binjusched.exe
C:Program FilesDell Support Centerbinsprtcmd.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesDellSupportDSAgnt.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsOwnerDesktopRSIT.exe
C:Program FilesTrend MicroHiJackThisOwner.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program FilesMSNToolbar3.0.1125.0msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:Program FilesMSNToolbar3.0.1125.0msneshellx.dll
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [dscactivate] "C:Program FilesDell Support Centergs_agentcustomdsca.exe"
O4 - HKLM..Run: [DellSupportCenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P DellSupportCenter
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Microsoft Default Manager] "C:Program FilesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" -resume
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [DellSupport] "C:Program FilesDellSupportDSAgnt.exe" /startup
O4 - HKCU..Run: [updateMgr] "C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU..Run: [EA Core] "C:Program FilesElectronic ArtsEADMCore.exe" -silent
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil9e.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - https://research.flagler.edu:9253/lib/flagl...s/ebraryRdr.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_6-1-2.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182477918953
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} (CPlayFirstWeddingDasControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.11.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/tryphara...gamesplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab40641.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSSystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSSystem32browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 11807 bytes

======Scheduled tasks folder======

C:WINDOWStasksAd-Aware Update (Weekly).job
C:WINDOWStasksAppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-07-30 308856]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:Program FilesMSNToolbar3.0.1125.0msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:Program FilesJavajre6binjp2ssv.dll [2009-09-27 41760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-09-27 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:Program FilesMSNToolbar3.0.1125.0msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"IgfxTray"=C:WINDOWSSystem32igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:WINDOWSSystem32hkcmd.exe [2005-10-19 126976]
"SunJavaUpdateSched"=C:Program FilesJavajre6binjusched.exe [2009-09-27 149280]
"dscactivate"=C:Program FilesDell Support Centergs_agentcustomdsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:Program FilesDell Support Centerbinsprtcmd.exe [2009-05-21 206064]
"NvCplDaemon"=C:WINDOWSsystem32NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:WINDOWSsystem32NvMcTray.dll [2008-05-03 86016]
"Microsoft Default Manager"=C:Program FilesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe [2009-02-03 233304]
"GrooveMonitor"=C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2008-10-25 31072]
"QuickTime Task"=C:Program FilesQuickTimeqttask.exe [2010-03-17 421888]
"iTunesHelper"=C:Program FilesiTunesiTunesHelper.exe [2010-03-26 142120]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"DellSupport"=C:Program FilesDellSupportDSAgnt.exe [2007-03-15 460784]
"updateMgr"=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe [2006-03-30 313472]
"EA Core"=C:Program FilesElectronic ArtsEADMCore.exe -silent []
"ctfmon.exe"=C:WINDOWSsystem32ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctugafnc]
C:Documents and SettingsOwnerLocal SettingsApplication Datawdrvkgiphjvdvvgxtssd.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDellSupportCenter]
C:Program FilesDell Support Centerbinsprtcmd.exe [2009-05-21 206064]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor]
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2010-03-26 142120]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregpp]
C:windowspp06.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPromoReg]
C:WINDOWSTemp_ex-08.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeqttask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsysfbtray]
c:windowsfreddy40.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsysldtray]
C:windowsld03.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-07-30 185896]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUniversal Installer]
C:Program FilesComcastUIUniversal Installeruinstaller.exe /fromrun /starthidden []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWalgreens PhotoShow Media Manager]
C:PROGRA~1WALGRE~1WALGRE~1dataXtrasmssysmgr.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:PROGRA~1AdobeACROBA~1.0ReaderREADER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:PROGRA~1KodakKODAKE~1binEASYSH~1.EXE [2008-05-10 282624]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
"ose"=3
"Net Agent"=2
"IDriverT"=3
"DSBrokerService"=3
"bgsvcgen"=2
"McciCMService"=2
"SeaPort"=2

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
Kodak EasyShare software.lnk - C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalklmdb.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkklmdb.sys]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesAresAres.exe"="C:Program FilesAresAres.exe:*:Enabled:Ares"
"C:WINDOWSsystem32LEXPPS.EXE"="C:WINDOWSsystem32LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe"="C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe:*:Enabled:EasyShare"
"C:Program FilesCommon FilesAOLLoaderaolload.exe"="C:Program FilesCommon FilesAOLLoaderaolload.exe:*:Enabled:AOL Loader"
"C:Program FilesAIM7aim.exe"="C:Program FilesAIM7aim.exe:*:Enabled:AIM"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour Service"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-31 18:58:39 ----D---- C:rsit
2010-05-31 14:16:58 ----A---- C:TDSSKiller.2.3.2.0_31.05.2010_14.16.58_log.txt
2010-05-29 11:40:23 ----SHD---- C:Config.Msi
2010-05-29 10:51:29 ----D---- C:Documents and SettingsOwnerApplication DataYahoo!
2010-05-29 10:48:48 ----HDC---- C:WINDOWSie8
2010-05-29 10:40:49 ----D---- C:Program FilesMalwarebytes' Anti-Malware
2010-05-28 14:27:28 ----D---- C:Program FilesSpybot - Search & Destroy
2010-05-28 14:27:28 ----D---- C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2010-05-28 13:39:55 ----D---- C:Program FilesTrend Micro
2010-05-26 03:00:24 ----HDC---- C:WINDOWS$NtUninstallKB981793$
2010-05-12 11:51:28 ----HDC---- C:WINDOWS$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-05-31 18:58:39 ----D---- C:WINDOWSPrefetch
2010-05-31 18:07:29 ----D---- C:WINDOWSsystem32CatRoot2
2010-05-31 14:20:35 ----D---- C:WINDOWStemp
2010-05-31 14:20:29 ----D---- C:WINDOWS
2010-05-31 14:19:35 ----A---- C:WINDOWSsystem32PARTIZAN.TXT
2010-05-31 14:19:20 ----D---- C:WINDOWSsystem32drivers
2010-05-31 14:18:31 ----A---- C:WINDOWSSchedLgU.Txt
2010-05-31 14:14:27 ----D---- C:WINDOWSsystem32
2010-05-29 23:13:09 ----D---- C:Program FilesYahoo!
2010-05-29 23:12:48 ----HDC---- C:WINDOWS$NtUninstallKB917734_WMP10$
2010-05-29 22:21:25 ----D---- C:Documents and SettingsAll UsersApplication DataYahoo!
2010-05-29 12:24:12 ----HD---- C:WINDOWSinf
2010-05-29 11:40:30 ----SHD---- C:WINDOWSInstaller
2010-05-29 11:40:27 ----D---- C:Program Files
2010-05-29 11:40:09 ----D---- C:Documents and SettingsAll UsersApplication DataLavasoft
2010-05-29 11:40:07 ----DC---- C:WINDOWSsystem32DRVSTORE
2010-05-29 11:40:00 ----D---- C:WINDOWSSxsCaPendDel
2010-05-29 11:32:40 ----SD---- C:WINDOWSTasks
2010-05-29 10:56:21 ----D---- C:WINDOWSsystem32en-US
2010-05-29 10:56:20 ----RSHDC---- C:WINDOWSsystem32dllcache
2010-05-29 10:56:20 ----D---- C:WINDOWSMedia
2010-05-29 10:56:20 ----D---- C:WINDOWSHelp
2010-05-29 10:56:20 ----D---- C:Program FilesInternet Explorer
2010-05-28 14:29:49 ----D---- C:WINDOWSWinSxS
2010-05-28 14:15:22 ----D---- C:WINDOWSnetwork diagnostic
2010-05-28 12:27:59 ----ASH---- C:boot.ini
2010-05-28 12:27:59 ----A---- C:WINDOWSwin.ini
2010-05-28 12:27:59 ----A---- C:WINDOWSsystem.ini
2010-05-28 11:55:52 ----HDC---- C:WINDOWS$NtUninstallKB929123$
2010-05-26 19:42:11 ----D---- C:Program FilesElectronic Arts
2010-05-26 19:42:11 ----D---- C:Documents and SettingsAll UsersApplication DataElectronic Arts
2010-05-26 19:41:19 ----D---- C:Program FilesCoupons
2010-05-26 03:00:30 ----A---- C:WINDOWSimsins.BAK
2010-05-12 11:52:22 ----D---- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2010-05-12 11:51:30 ----D---- C:Program FilesOutlook Express
2010-05-12 03:11:43 ----HD---- C:WINDOWS$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:WINDOWSsystem32driverscdrbsdrv.sys [2005-05-11 32256]
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-13 14592]
R1 OMCI;OMCI; C:WINDOWSSYSTEM32DRIVERSOMCI.SYS [2001-08-22 13632]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2003-07-16 12032]
R2 dsunidrv;DellSupport UniDriver; C:WINDOWSSystem32DRIVERSdsunidrv.sys [2007-02-25 5376]
R2 symlcbrd;symlcbrd; ??C:WINDOWSSystem32driverssymlcbrd.sys []
R3 aeaudio;aeaudio; C:WINDOWSsystem32driversaeaudio.sys [2002-04-01 4816]
R3 DSproct;DSproct; ??C:Program FilesDellSupportGTActiontriggersDSproct.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSSYSTEM32DRIVERSGEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:WINDOWSSystem32DRIVERSIntelC51.sys [2003-11-20 1232741]
R3 IntelC52;IntelC52; C:WINDOWSSystem32DRIVERSIntelC52.sys [2003-11-20 646825]
R3 IntelC53;IntelC53; C:WINDOWSSystem32DRIVERSIntelC53.sys [2003-11-20 59717]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:WINDOWSsystem32driversMODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:WINDOWSSystem32DRIVERSmohfilt.sys [2003-11-20 37048]
R3 mouhid;Mouse HID Driver; C:WINDOWSSystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-05-03 6554496]
R3 RT2500;Linksys Wireless-G PCI Adapter Driver; C:WINDOWSSystem32DRIVERSRT2500.sys [2005-10-20 243328]
R3 smwdm;smwdm; C:WINDOWSsystem32driverssmwdm.sys [2003-11-18 591808]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSSystem32DRIVERSusbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSSystem32DRIVERSusbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:WINDOWSSystem32DRIVERSbcm4sbxp.sys [2003-06-30 43136]
S3 bvrp_pci;bvrp_pci; ??C:WINDOWSSystem32driversbvrp_pci.sys []
S3 fwtiakog;fwtiakog; ??C:DOCUME~1OwnerLOCALS~1Tempfwtiakog.sys []
S3 ialm;ialm; C:WINDOWSSystem32DRIVERSialmnt5.sys [2005-10-19 807998]
S3 MREMP50;MREMP50 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMREMP50.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMRESP50.SYS []
S3 Partizan;Partizan; C:WINDOWSsystem32driversPartizan.sys [2008-08-26 30946]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; ??C:WINDOWSsystem32PCTINDIS5.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2009-10-16 41472]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:WINDOWSsystem32DRIVERSzd1211Bu.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [2010-03-19 144672]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2010-02-12 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-09-27 153376]
R2 LexBceS;LexBce Server; C:WINDOWSsystem32LEXBCES.EXE [2004-03-04 311296]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-05-03 159812]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:Program FilesDell Support Centerbinsprtsvc.exe [2008-08-13 201968]
R2 Symantec Core LC;Symantec Core LC; C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe [2007-06-21 1174664]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:Program FilesViewpointCommonViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:Program FilesiPodbiniPodService.exe [2010-03-26 545576]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-11-04 441712]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-13 14336]
S4 DSBrokerService;DSBrokerService; C:Program FilesDellSupportbrkrsvc.exe [2007-03-07 76848]
S4 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S4 McciCMService;McciCMService; C:Program FilesCommon FilesMotiveMcciCMService.exe [2008-02-21 303104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S4 SeaPort;SeaPort; C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe [2009-05-19 240512]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-05-31 18:58:42

======Uninstall list======

-->C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Flash Player 10 ActiveX-->C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11.5-->"C:WINDOWSsystem32AdobeShockwave 11uninstaller.exe"
AIM 7-->C:Program FilesAIM7uninst.exe
AOL Uninstaller (Choose which Products to Remove)-->C:Program FilesCommon FilesAOLuninstaller.exe
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{B5C3B892-0849-476C-9F46-B12F84819D57}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.1.1-->"C:Program FilesAresuninstall.exe"
Bonjour-->MsiExec.exe /X{76BC2442-0002-47FA-9617-43BAD82BEF4C}
Broadcom 440x 10/100 Integrated Controller-->C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Broadcom Driver Installer-->C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Dell Photo Printer 720-->C:WINDOWSSystem32spooldriversw32x863DLBCUN5C.EXE -dDell Photo Printer 720
Dell ResourceCD-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{D78653C3-A8FF-415F-92E6-D774E634FF2D}setup.exe"
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Download Updater (AOL LLC)-->C:Program FilesCommon FilesSoftware Update Utilityuninstall.exe
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:WINDOWSie7updatesKB947864-IE7spuninstspuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:WINDOWS$NtUninstallKB970653-v3$spuninstspuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:WINDOWS$NtUninstallKB976098-v2$spuninstspuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:WINDOWS$NtUninstallKB979306$spuninstspuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:WINDOWS$NtUninstallKB981793$spuninstspuninst.exe"
InstallMgr-->MsiExec.exe /I{98177940-C048-4831-A279-F3888B1E2C7F}
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:WINDOWSSystem32ialmrem.dll,UninstallW2KIGfx PCIVEN_8086&DEV_2562
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iPod for Windows 2005-03-23-->C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2005-09-23-->C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
IrfanView (remove only)-->C:Program FilesIrfanViewiv_uninstall.exe
iTunes-->MsiExec.exe /I{996A2FAA-7514-4628-9D12-A8FC34A0016E}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software-->C:Documents and SettingsAll UsersApplication DataKodakEasyShareSetup$SETUP_1e0002_9ee7d42Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware-->"C:Program FilesMalwarebytes' Anti-Malwareunins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe" "C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM953297M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft Default Manager-->MsiExec.exe /I{B7148D71-0A8F-4501-96B4-4E1CC67F874E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->"C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:WINDOWSINFmsninst.inf,Uninstall
MSN Toolbar-->"C:Program FilesMicrosoftSearch Enhancement PackInstallMgrInstallMgr.exe"
MSN Toolbar-->MsiExec.exe /X{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 6 Enterprise Edition-->C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers-->C:WINDOWSsystem32nvuninst.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PCDADDIN-->MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP-->MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:WINDOWSie7updatesKB942615-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:WINDOWSie7updatesKB944533-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:WINDOWSie7updatesKB950759-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:WINDOWSie7updatesKB960714-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:WINDOWSie7updatesKB961260-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:WINDOWSie7updatesKB963027-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:WINDOWSie7updatesKB969897-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:WINDOWSie7updatesKB972260-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:WINDOWSie7updatesKB974455-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:WINDOWSie7updatesKB976325-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:WINDOWSie7updatesKB978207-IE7spuninstspuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:WINDOWS$NtUninstallKB954155_WM9$spuninstspuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:WINDOWS$NtUninstallKB968816_WM9$spuninstspuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:WINDOWS$NtUninstallKB973540_WM9$spuninstspuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:WINDOWS$NtUninstallKB911565$spuninstspuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:WINDOWS$NtUninstallKB917734_WMP10$spuninstspuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:WINDOWS$NtUninstallKB936782_WMP10$spuninstspuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe"
Security Update for Windows XP (KB923561)-->"C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe"
Security Update for Windows XP (KB938464)-->"C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe"
Security Update for Windows XP (KB941569)-->"C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe"
Security Update for Windows XP (KB946648)-->"C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe"
Security Update for Windows XP (KB950760)-->"C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe"
Security Update for Windows XP (KB950762)-->"C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe"
Security Update for Windows XP (KB950974)-->"C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe"
Security Update for Windows XP (KB951066)-->"C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe"
Security Update for Windows XP (KB951376)-->"C:WINDOWS$NtUninstallKB951376$spuninstspuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe"
Security Update for Windows XP (KB951698)-->"C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe"
Security Update for Windows XP (KB951748)-->"C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe"
Security Update for Windows XP (KB952004)-->"C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe"
Security Update for Windows XP (KB952954)-->"C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe"
Security Update for Windows XP (KB953839)-->"C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe"
Security Update for Windows XP (KB954211)-->"C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe"
Security Update for Windows XP (KB954459)-->"C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe"
Security Update for Windows XP (KB954600)-->"C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe"
Security Update for Windows XP (KB955069)-->"C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe"
Security Update for Windows XP (KB956391)-->"C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe"
Security Update for Windows XP (KB956572)-->"C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe"
Security Update for Windows XP (KB956744)-->"C:WINDOWS$NtUninstallKB956744$spuninstspuninst.exe"
Security Update for Windows XP (KB956802)-->"C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe"
Security Update for Windows XP (KB956803)-->"C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe"
Security Update for Windows XP (KB956841)-->"C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe"
Security Update for Windows XP (KB956844)-->"C:WINDOWS$NtUninstallKB956844$spuninstspuninst.exe"
Security Update for Windows XP (KB957095)-->"C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe"
Security Update for Windows XP (KB957097)-->"C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe"
Security Update for Windows XP (KB958644)-->"C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe"
Security Update for Windows XP (KB958687)-->"C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe"
Security Update for Windows XP (KB958690)-->"C:WINDOWS$NtUninstallKB958690$spuninstspuninst.exe"
Security Update for Windows XP (KB958869)-->"C:WINDOWS$NtUninstallKB958869$spuninstspuninst.exe"
Security Update for Windows XP (KB959426)-->"C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe"
Security Update for Windows XP (KB960225)-->"C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe"
Security Update for Windows XP (KB960715)-->"C:WINDOWS$NtUninstallKB960715$spuninstspuninst.exe"
Security Update for Windows XP (KB960803)-->"C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe"
Security Update for Windows XP (KB960859)-->"C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe"
Security Update for Windows XP (KB961371)-->"C:WINDOWS$NtUninstallKB961371$spuninstspuninst.exe"
Security Update for Windows XP (KB961373)-->"C:WINDOWS$NtUninstallKB961373$spuninstspuninst.exe"
Security Update for Windows XP (KB961501)-->"C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe"
Security Update for Windows XP (KB968537)-->"C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe"
Security Update for Windows XP (KB969059)-->"C:WINDOWS$NtUninstallKB969059$spuninstspuninst.exe"
Security Update for Windows XP (KB969898)-->"C:WINDOWS$NtUninstallKB969898$spuninstspuninst.exe"
Security Update for Windows XP (KB969947)-->"C:WINDOWS$NtUninstallKB969947$spuninstspuninst.exe"
Security Update for Windows XP (KB970238)-->"C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe"
Security Update for Windows XP (KB970430)-->"C:WINDOWS$NtUninstallKB970430$spuninstspuninst.exe"
Security Update for Windows XP (KB971468)-->"C:WINDOWS$NtUninstallKB971468$spuninstspuninst.exe"
Security Update for Windows XP (KB971486)-->"C:WINDOWS$NtUninstallKB971486$spuninstspuninst.exe"
Security Update for Windows XP (KB971557)-->"C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe"
Security Update for Windows XP (KB971633)-->"C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe"
Security Update for Windows XP (KB971657)-->"C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe"
Security Update for Windows XP (KB971961)-->"C:WINDOWS$NtUninstallKB971961$spuninstspuninst.exe"
Security Update for Windows XP (KB972270)-->"C:WINDOWS$NtUninstallKB972270$spuninstspuninst.exe"
Security Update for Windows XP (KB973346)-->"C:WINDOWS$NtUninstallKB973346$spuninstspuninst.exe"
Security Update for Windows XP (KB973354)-->"C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe"
Security Update for Windows XP (KB973507)-->"C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe"
Security Update for Windows XP (KB973525)-->"C:WINDOWS$NtUninstallKB973525$spuninstspuninst.exe"
Security Update for Windows XP (KB973869)-->"C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe"
Security Update for Windows XP (KB973904)-->"C:WINDOWS$NtUninstallKB973904$spuninstspuninst.exe"
Security Update for Windows XP (KB974112)-->"C:WINDOWS$NtUninstallKB974112$spuninstspuninst.exe"
Security Update for Windows XP (KB974318)-->"C:WINDOWS$NtUninstallKB974318$spuninstspuninst.exe"
Security Update for Windows XP (KB974392)-->"C:WINDOWS$NtUninstallKB974392$spuninstspuninst.exe"
Security Update for Windows XP (KB974571)-->"C:WINDOWS$NtUninstallKB974571$spuninstspuninst.exe"
Security Update for Windows XP (KB975025)-->"C:WINDOWS$NtUninstallKB975025$spuninstspuninst.exe"
Security Update for Windows XP (KB975467)-->"C:WINDOWS$NtUninstallKB975467$spuninstspuninst.exe"
Security Update for Windows XP (KB975560)-->"C:WINDOWS$NtUninstallKB975560$spuninstspuninst.exe"
Security Update for Windows XP (KB975561)-->"C:WINDOWS$NtUninstallKB975561$spuninstspuninst.exe"
Security Update for Windows XP (KB975713)-->"C:WINDOWS$NtUninstallKB975713$spuninstspuninst.exe"
Security Update for Windows XP (KB977165)-->"C:WINDOWS$NtUninstallKB977165$spuninstspuninst.exe"
Security Update for Windows XP (KB977816)-->"C:WINDOWS$NtUninstallKB977816$spuninstspuninst.exe"
Security Update for Windows XP (KB977914)-->"C:WINDOWS$NtUninstallKB977914$spuninstspuninst.exe"
Security Update for Windows XP (KB978037)-->"C:WINDOWS$NtUninstallKB978037$spuninstspuninst.exe"
Security Update for Windows XP (KB978251)-->"C:WINDOWS$NtUninstallKB978251$spuninstspuninst.exe"
Security Update for Windows XP (KB978262)-->"C:WINDOWS$NtUninstallKB978262$spuninstspuninst.exe"
Security Update for Windows XP (KB978338)-->"C:WINDOWS$NtUninstallKB978338$spuninstspuninst.exe"
Security Update for Windows XP (KB978542)-->"C:WINDOWS$NtUninstallKB978542$spuninstspuninst.exe"
Security Update for Windows XP (KB978601)-->"C:WINDOWS$NtUninstallKB978601$spuninstspuninst.exe"
Security Update for Windows XP (KB978706)-->"C:WINDOWS$NtUninstallKB978706$spuninstspuninst.exe"
Security Update for Windows XP (KB979309)-->"C:WINDOWS$NtUninstallKB979309$spuninstspuninst.exe"
Security Update for Windows XP (KB979683)-->"C:WINDOWS$NtUninstallKB979683$spuninstspuninst.exe"
Security Update for Windows XP (KB980232)-->"C:WINDOWS$NtUninstallKB980232$spuninstspuninst.exe"
Security Update for Windows XP (KB981349)-->"C:WINDOWS$NtUninstallKB981349$spuninstspuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SoundMAX-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}Setup.exe"
Spybot - Search & Destroy-->"C:Program FilesSpybot - Search & Destroyunins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Superman Returns Screen Saver-->C:WINDOWSSystem32Superman Returns.scr /u
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
The Simsâ„¢ 3 World Adventures-->"C:Program FilesInstallShield Installation Information{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}setup.exe" -runfromtemp -l0x0009 -removeonly
The Simsâ„¢ 3-->"C:Program FilesInstallShield Installation Information{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}setup.exe" -runfromtemp -l0x0009 -removeonly
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (kb981726)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2C69BACE-1151-41C0-8C8D-F6026D510BD4}
Update for Outlook 2007 Junk Email Filter (kb981726)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {2C69BACE-1151-41C0-8C8D-F6026D510BD4}
Update for Windows Internet Explorer 7 (KB976749)-->"C:WINDOWSie7updatesKB976749-IE7spuninstspuninst.exe"
Update for Windows Internet Explorer 7 (KB980182)-->"C:WINDOWSie7updatesKB980182-IE7spuninstspuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe"
Update for Windows XP (KB951978)-->"C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe"
Update for Windows XP (KB955759)-->"C:WINDOWS$NtUninstallKB955759$spuninstspuninst.exe"
Update for Windows XP (KB955839)-->"C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe"
Update for Windows XP (KB967715)-->"C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe"
Update for Windows XP (KB968389)-->"C:WINDOWS$NtUninstallKB968389$spuninstspuninst.exe"
Update for Windows XP (KB971737)-->"C:WINDOWS$NtUninstallKB971737$spuninstspuninst.exe"
Update for Windows XP (KB973687)-->"C:WINDOWS$NtUninstallKB973687$spuninstspuninst.exe"
Update for Windows XP (KB973815)-->"C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe"
Viewpoint Media Player-->C:Program FilesViewpointViewpoint Media PlayermtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:WINDOWSsystem32msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Imaging Component-->"C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe"
Windows Internet Explorer 8-->"C:WINDOWSie8spuninstspuninst.exe"
Windows Media Format 11 runtime-->"C:Program FilesWindows Media Playerwmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
Windows Media Player 11-->"C:Program FilesWindows Media PlayerSetup_wm.exe" /Uninstall
Windows Media Player 11-->"C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe"
Windows XP Service Pack 3-->"C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

=====HijackThis Backups=====

O4 - HKUSS-1-5-18..Run: [userinit] C:WINDOWSsystem32sdra64.exe (User 'SYSTEM') [2010-05-28]
O4 - Global Startup: moffice.lnk = C:WINDOWSsystemsgcxcxxaspf080816.exe [2010-05-29]
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:5555 [2010-05-30]

======Hosts File======

127.0.0.1 localhost

======System event log======

Computer Name: PERSONAL-PUAFAP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 113425
Source Name: Tcpip
Time Written: 20100513134700.000000-240
Event Type: warning
User:

Computer Name: PERSONAL-PUAFAP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 113424
Source Name: Tcpip
Time Written: 20100513061152.000000-240
Event Type: warning
User:

Computer Name: PERSONAL-PUAFAP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 113423
Source Name: Tcpip
Time Written: 20100513022850.000000-240
Event Type: warning
User:

Computer Name: PERSONAL-PUAFAP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 113422
Source Name: Tcpip
Time Written: 20100513003624.000000-240
Event Type: warning
User:

Computer Name: PERSONAL-PUAFAP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 113421
Source Name: Tcpip
Time Written: 20100512232910.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: PERSONAL-PUAFAP
Event Code: 5000
Message: EventType offdiag12, P1 a1d01cbc-a934-4622-b8d0-c00f58a503ee07e42f5c-6bf4-4b73-8ae4-93f9ff036280, P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Record Number: 20576
Source Name: Microsoft Office 12
Time Written: 20090609181037.000000-240
Event Type: error
User:

Computer Name: PERSONAL-PUAFAP
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16827, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 20568
Source Name: Application Hang
Time Written: 20090601155444.000000-240
Event Type: error
User:

Computer Name: PERSONAL-PUAFAP
Event Code: 101
Message:
Record Number: 20559
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090529183707.000000-240
Event Type: error
User: PERSONAL-PUAFAPOwner

Computer Name: PERSONAL-PUAFAP
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16827, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 20519
Source Name: Application Hang
Time Written: 20090528232107.000000-240
Event Type: error
User:

Computer Name: PERSONAL-PUAFAP
Event Code: 1517
Message: Windows saved user PERSONAL-PUAFAPOwner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 20450
Source Name: Userenv
Time Written: 20090527155831.000000-240
Event Type: warning
User: NT AUTHORITYSYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%system32cmd.exe
"Path"=%systemroot%system32;%systemroot%;%systemroot%system32wbem;C:Program FilesATI TechnologiesATI.ACE;C:Program FilesQuickTimeQTSystem;C:Program FilesQuickTimeQTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%TEMP
"TMP"=%SystemRoot%TEMP
"FP_NO_HOST_CHECK"=NO
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:Program FilesJavajre6libextQTJava.zip
"QTJAVA"=C:Program FilesJavajre6libextQTJava.zip

-----------------EOF-----------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-31 18:03:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:DOCUME~1OwnerLOCALS~1Tempfwtiakog.sys


---- System - GMER 1.0.15 ----

SSDT spyk.sys ZwCreateKey [0xF743A0E0]
SSDT spyk.sys ZwEnumerateKey [0xF7457CA2]
SSDT spyk.sys ZwEnumerateValueKey [0xF7458030]
SSDT spyk.sys ZwOpenKey [0xF743A0C0]
SSDT spyk.sys ZwQueryKey [0xF7458108]
SSDT spyk.sys ZwQueryValueKey [0xF7457F88]
SSDT spyk.sys ZwSetValueKey [0xF745819A]

INT 0x62 ? 898A8BF8
INT 0x63 ? 8973EBF8
INT 0x73 ? 8973EBF8
INT 0x82 ? 898A8BF8
INT 0xA4 ? 8973EBF8
INT 0xB4 ? 8973EBF8

---- Devices - GMER 1.0.15 ----

Device FileSystemNtfs Ntfs 898A71F8
Device DriverNetBT DeviceNetBT_Tcpip_{4D24F5AA-E77D-4F40-81B9-23CEDAD2C3BC} 891411F8
Device Driverusbuhci DeviceUSBPDO-0 8973D1F8
Device Driverusbuhci DeviceUSBPDO-1 8973D1F8
Device Driverusbuhci DeviceUSBPDO-2 8973D1F8
Device Driverusbehci DeviceUSBPDO-3 8971A1F8
Device DriverFtdisk DeviceHarddiskVolume1 899171F8
Device DriverFtdisk DeviceHarddiskVolume2 899171F8
Device DriverCdrom DeviceCdRom0 896001F8
Device DriverCdrom DeviceCdRom1 896001F8
Device Driveratapi DeviceIdeIdePort0 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device Driveratapi DeviceIdeIdeDeviceP0T0L0-4 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device Driveratapi DeviceIdeIdePort1 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device Driveratapi DeviceIdeIdeDeviceP0T1L0-c [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device Driveratapi DeviceIdeIdeDeviceP1T0L0-18 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device Driveratapi DeviceIdeIdeDeviceP1T1L0-20 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device DriverNetBT DeviceNetBt_Wins_Export 891411F8
Device DriverNetBT DeviceNetbiosSmb 891411F8
Device Driverusbuhci DeviceUSBFDO-0 8973D1F8
Device Driverusbuhci DeviceUSBFDO-1 8973D1F8
Device FileSystemMRxSmb DeviceLanmanDatagramReceiver 8911F1F8
Device Driverusbuhci DeviceUSBFDO-2 8973D1F8
Device FileSystemMRxSmb DeviceLanmanRedirector 8911F1F8
Device Driverusbehci DeviceUSBFDO-3 8971A1F8
Device DriverFtdisk DeviceFtControl 899171F8
Device FileSystemCdfs Cdfs 895E1500

---- Registry - GMER 1.0.15 ----

Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@h0 1
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x1A 0x8B 0x0A ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x1A 0x8B 0x0A ...
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x1A 0x8B 0x0A ...

---- EOF - GMER 1.0.15 ----

#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:05 AM

Posted 31 May 2010 - 06:09 PM

Hello, Logan6901.
Are you still getting those redirects after attempting to fix your PC? Please post the contents of C:\TDSSKiller.2.3.2.0_31.05.2010_14.16.58_log.txt

Viewpoint Warning!

Your logs show Viewpoint Manager installed, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

Viewpoint to Plunge Into Adware

I suggest you remove the program now. Go to Start > Control Panel > Add or Remove Programs. From within Add or Remove Programs uninstall the following if they exist:
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player



We need to disable TeaTimer
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. ClickMode and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press yes
  5. Click on Tools
  6. Click on Resident
  7. Uncheck the following checkboxes:
    • Resident "SDHelper" (Internet Explorer bad download blocker) active.
    • Resident "TeaTimer" (Protection for over-all system settings) active.
  8. Close/Exit Spybot Search and Destroy


NEXT:

We need to run an MBR scan
  1. Please download MBR.exe and save it to your root directory (usually C:\).
  2. Now click Start > Run and copy/paste the following text in the box that opens. Do not copy the word "code".
    CODE
    C:\mbr.exe -t
  3. Press enter.
  4. An mbr.log should be created in your root directory. Please post its contents in your next reply.

In your next reply, please include the following:
  • mbr.exe log
  • TDSSKiller log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

#6 Logan6901

Logan6901
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 31 May 2010 - 06:21 PM

After what I tried before it seems to have fixed the redirect problem. Here are the logs that you requested.


14:16:58:093 2096 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:16:58:093 2096 ================================================================================
14:16:58:093 2096 SystemInfo:

14:16:58:093 2096 OS Version: 5.1.2600 ServicePack: 3.0
14:16:58:093 2096 Product type: Workstation
14:16:58:093 2096 ComputerName: PERSONAL-PUAFAP
14:16:58:093 2096 UserName: Owner
14:16:58:093 2096 Windows directory: C:\WINDOWS
14:16:58:093 2096 Processor architecture: Intel x86
14:16:58:093 2096 Number of processors: 1
14:16:58:093 2096 Page size: 0x1000
14:16:58:093 2096 Boot type: Normal boot
14:16:58:093 2096 ================================================================================
14:16:58:750 2096 Initialize success
14:16:58:750 2096
14:16:58:750 2096 Scanning Services ...
14:16:59:640 2096 Raw services enum returned 345 services
14:16:59:656 2096
14:16:59:656 2096 Scanning Drivers ...
14:17:01:500 2096 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:17:01:812 2096 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:17:02:156 2096 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
14:17:02:546 2096 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:17:02:843 2096 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:17:04:109 2096 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:17:04:281 2096 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:17:04:781 2096 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:17:04:921 2096 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:17:05:000 2096 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
14:17:05:093 2096 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:17:05:296 2096 bvrp_pci (c915a416f265149471d74e0815c928b2) C:\WINDOWS\System32\drivers\bvrp_pci.sys
14:17:05:406 2096 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:17:05:781 2096 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:17:06:000 2096 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:17:06:093 2096 cdrbsdrv (248349293ca42ee5db61dc1fd85a2f49) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
14:17:06:546 2096 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:17:07:593 2096 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:17:08:015 2096 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:17:08:890 2096 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:17:09:328 2096 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:17:09:578 2096 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:17:10:062 2096 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:17:10:296 2096 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
14:17:10:734 2096 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
14:17:11:031 2096 eeCtrl (2d401f82d4e81aaf89daaa45f04782a2) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:17:11:421 2096 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:17:11:625 2096 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:17:11:859 2096 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:17:12:000 2096 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:17:12:125 2096 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:17:12:218 2096 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:17:12:296 2096 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:17:12:593 2096 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:17:12:781 2096 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:17:12:890 2096 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:17:13:265 2096 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:17:13:718 2096 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:17:14:062 2096 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:17:14:875 2096 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:17:15:687 2096 IntelC51 (8e51bf1696821a72656444e0fd5081a3) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
14:17:16:031 2096 IntelC52 (331ce31882754000ca2afbf7bd480513) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
14:17:16:265 2096 IntelC53 (8001fac548eb0285d0085f4eb53c1e3f) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
14:17:16:578 2096 IntelIde (f616db836284d6d214897f3776b7e2f2) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:17:16:578 2096 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelide.sys. Real md5: f616db836284d6d214897f3776b7e2f2, Fake md5: b5466a9250342a7aa0cd1fba13420678
14:17:16:578 2096 File "C:\WINDOWS\system32\DRIVERS\intelide.sys" infected by TDSS rootkit ... 14:17:21:687 2096 Backup copy found, using it..
14:17:24:046 2096 will be cured on next reboot
14:17:24:328 2096 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:17:24:562 2096 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:17:24:796 2096 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:17:25:156 2096 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:17:25:390 2096 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:17:25:593 2096 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:17:25:734 2096 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:17:25:968 2096 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:17:26:250 2096 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:17:26:453 2096 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:17:26:609 2096 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
14:17:26:843 2096 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:17:27:125 2096 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:17:27:406 2096 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:17:27:500 2096 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:17:27:593 2096 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:17:27:656 2096 mohfilt (bdd406003c0c340cf6c5501165e83dcd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
14:17:27:875 2096 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:17:27:953 2096 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:17:28:062 2096 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:17:28:343 2096 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:17:28:546 2096 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:17:28:734 2096 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:17:28:968 2096 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:17:29:343 2096 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:17:29:750 2096 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:17:30:015 2096 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:17:30:203 2096 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:17:30:406 2096 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:17:30:625 2096 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:17:30:812 2096 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:17:31:125 2096 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:17:31:328 2096 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:17:31:562 2096 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:17:31:765 2096 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:17:32:046 2096 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:17:32:328 2096 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:17:32:531 2096 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:17:32:875 2096 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:17:33:296 2096 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:17:34:718 2096 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:17:37:187 2096 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:17:37:484 2096 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:17:37:750 2096 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
14:17:38:078 2096 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:17:38:343 2096 Partizan (2a3a0696a4d9011165fbd7b9de0112a7) C:\WINDOWS\system32\drivers\Partizan.sys
14:17:38:593 2096 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:17:38:843 2096 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:17:39:093 2096 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:17:39:484 2096 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:17:39:765 2096 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:17:40:984 2096 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:17:41:187 2096 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:17:41:453 2096 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:17:41:718 2096 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:17:41:968 2096 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:17:44:328 2096 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:17:44:859 2096 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:17:45:421 2096 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:17:45:843 2096 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:17:46:453 2096 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:17:47:000 2096 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:17:47:500 2096 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:17:48:015 2096 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:17:48:593 2096 RT2500 (e2988349fe0567cbe4161cc653575a8e) C:\WINDOWS\system32\DRIVERS\RT2500.sys
14:17:49:171 2096 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:17:49:609 2096 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:17:50:109 2096 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:17:50:312 2096 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:17:51:296 2096 smwdm (99a9e1ef62f955c82a5001ac94b4b77b) C:\WINDOWS\system32\drivers\smwdm.sys
14:17:52:578 2096 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:17:53:281 2096 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
14:17:53:281 2096 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
14:17:53:750 2096 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:17:54:468 2096 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
14:17:55:000 2096 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:17:55:312 2096 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:17:56:343 2096 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys
14:17:57:562 2096 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:17:58:031 2096 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:17:58:734 2096 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:17:59:218 2096 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:17:59:687 2096 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:18:00:484 2096 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:18:01:640 2096 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:18:02:453 2096 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:18:03:203 2096 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:18:03:828 2096 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:18:04:468 2096 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:18:05:015 2096 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:18:05:609 2096 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:18:06:312 2096 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:18:06:890 2096 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:18:07:531 2096 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:18:08:546 2096 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:18:09:156 2096 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:18:09:546 2096 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:18:10:187 2096 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:18:10:875 2096 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:18:11:453 2096 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:18:12:015 2096 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:18:12:468 2096 Reboot required for cure complete..
14:18:13:906 2096 Cure on reboot scheduled successfully
14:18:13:906 2096
14:18:13:906 2096 Completed
14:18:13:906 2096
14:18:13:906 2096 Results:
14:18:13:906 2096 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:18:13:906 2096 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:18:13:906 2096
14:18:13:921 2096 KLMD(ARK) unloaded successfully



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spyk.sys hal.dll >>UNKNOWN [0x898C8938]<<
kernel: MBR read successfully
user & kernel MBR OK



#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:05 AM

Posted 31 May 2010 - 06:24 PM

Hello, Logan6901.
Looks like we got a few other things still there.

We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper

In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

#8 Logan6901

Logan6901
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 31 May 2010 - 08:17 PM



ComboFix 10-05-31.02 - Owner 05/31/2010 21:03:24.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1202 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\system32\inf
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref

.
((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))
.

2010-05-31 23:19 . 2010-05-31 23:18 77312 ----a-w- C:\mbr.exe
2010-05-31 23:14 . 2010-05-31 23:14 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-05-31 23:14 . 2010-05-31 23:14 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-05-31 23:14 . 2010-05-31 23:14 132480 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-05-31 23:14 . 2010-05-31 23:14 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-05-31 23:13 . 2010-05-31 23:13 -------- d-----w- c:\program files\Common Files\Acronis
2010-05-31 23:13 . 2010-05-31 23:13 -------- d-----w- c:\program files\Acronis
2010-05-31 22:58 . 2010-05-31 22:58 -------- d-----w- C:\rsit
2010-05-29 15:19 . 2010-05-29 15:19 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-29 15:06 . 2010-05-29 15:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-29 15:02 . 2010-05-29 15:02 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2010-05-29 15:00 . 2010-05-29 15:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2010-05-29 15:00 . 2010-05-29 15:00 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2010-05-29 14:57 . 2010-05-29 14:57 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2010-05-29 14:51 . 2010-05-29 14:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-05-29 14:48 . 2010-05-29 14:50 -------- dc-h--w- c:\windows\ie8
2010-05-29 14:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-29 14:40 . 2010-05-29 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 14:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-29 03:35 . 2010-05-29 03:35 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-29 03:35 . 2010-05-29 03:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-28 18:38 . 2010-05-28 18:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-28 18:27 . 2010-05-28 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-28 18:27 . 2010-05-28 19:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-28 17:39 . 2010-05-28 17:39 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 23:16 . 2005-10-11 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-31 18:19 . 2005-10-10 20:27 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-05-30 03:13 . 2006-06-15 21:01 -------- d-----w- c:\program files\Yahoo!
2010-05-30 02:21 . 2006-10-01 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-29 15:40 . 2007-06-22 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-26 23:42 . 2009-06-02 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-05-26 23:42 . 2009-06-02 17:01 -------- d-----w- c:\program files\Electronic Arts
2010-05-26 23:41 . 2010-04-17 21:29 -------- d-----w- c:\program files\Coupons
2010-05-12 15:52 . 2008-02-17 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-08 13:42 . 2008-02-18 14:19 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-07 20:36 . 2010-04-07 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-07 20:36 . 2010-04-07 20:32 -------- d-----w- c:\program files\iTunes
2010-04-07 20:33 . 2005-10-28 04:04 -------- d-----w- c:\program files\iPod
2010-04-07 20:32 . 2009-04-10 02:21 -------- d-----w- c:\program files\Common Files\Apple
2010-04-07 20:28 . 2010-02-24 04:28 -------- d-----w- c:\program files\AIM Toolbar
2010-04-07 14:56 . 2010-04-07 14:54 -------- d-----w- c:\program files\QuickTime
2010-04-07 14:50 . 2010-04-07 14:50 -------- d-----w- c:\program files\Bonjour
2010-04-07 14:38 . 2010-04-07 14:38 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2008-08-26 05:16 . 2008-08-26 05:16 2 --shatr- c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-10-19 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-27 149280]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-10 1326080]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-10 904840]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-10 136472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-07-30 15:17 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"Net Agent"=2 (0x2)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"bgsvcgen"=2 (0x2)
"McciCMService"=2 (0x2)
"SeaPort"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/17/2008 1:03 PM 716272]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [8/26/2008 1:17 AM 30946]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - TDRPMAN
*NewlyCreated* - TIFSFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://aolsvc.aol.com/onlinegames/free-trial-wedding-dash-2/WeddingDash2Web.1.0.0.11.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/trypharaoh/zylomgamesplayer.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
Notify-AtiExtEvent - (no file)
SafeBoot-klmdb.sys
SafeBoot-aawservice
SafeBoot-Lavasoft Ad-Aware Service
MSConfigStartUp-ctugafnc - c:\documents and settings\Owner\Local Settings\Application Data\wdrvkgiph\jvdvvgxtssd.exe
MSConfigStartUp-pp - c:\windows\pp06.exe
MSConfigStartUp-PromoReg - c:\windows\Temp\_ex-08.exe
MSConfigStartUp-sysfbtray - c:\windows\freddy40.exe
MSConfigStartUp-sysldtray - c:\windows\ld03.exe
MSConfigStartUp-Universal Installer - c:\program files\ComcastUI\Universal Installer\uinstaller.exe
MSConfigStartUp-Walgreens PhotoShow Media Manager - c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
AddRemove-AOL Uninstaller - c:\program files\Common Files\AOL\uninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 21:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:5b,c0,39,da,1d,03,8e,00,3f,e7,32,1c,46,b8,3a,13,f9,18,6b,66,f6,
9a,a3,bb,40,5a,40,9b,bf,5b,e3,70,31,ab,c2,8e,64,72,42,f2,25,ff,e0,aa,2f,c8,\
"rkeysecu"=hex:02,0f,3d,62,d3,15,00,d8,7a,45,41,e6,1a,46,d6,9e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-05-31 21:13:26
ComboFix-quarantined-files.txt 2010-06-01 01:13
ComboFix2.txt 2008-08-26 16:33

Pre-Run: 1,611,190,272 bytes free
Post-Run: 1,559,818,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

- - End Of File - - E407CAABB8BA3BFAAB0593F9F4BC4064

#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:05 AM

Posted 31 May 2010 - 09:24 PM

Hello, Logan6901.
That's much better smile.gif

We need to update your version of Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 20 (JDK or JRE)".
  3. Click the Download JRE button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please make sure you turn on the Java Automatic Update Feature

Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.

NEXT:

We need to run an ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the ESET Online Scanner button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the Eset Smart Installer icon on your desktop.
  4. Check the "YES, I accept the Terms of Use"
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check Scan archives
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push "List of found threats"
  11. Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the "< button.
  13. Push Finish

In your next reply, please include the following:
  • Eset Scan Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

#10 Logan6901

Logan6901
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 01 June 2010 - 05:26 PM

here is the log. sorry it took so long I set it to scan last night and apparently I lost power. So I had to run the scan again.

C:\QooBox\Quarantine\C\WINDOWS\system32\tmp0_631290500918.bk.vir a variant of Win32/Adware.Coolezweb application
C:\WINDOWS\system32\drivers\setup\hosts\hostsmon.exe probably a variant of Win32/Small trojan

#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:05 AM

Posted 02 June 2010 - 02:24 AM

Hello, Logan6901.
No problem at all smile.gif

Please navigate through and delete the following file:
C:\WINDOWS\system32\drivers\setup\hosts\hostsmon.exe

NEXT:

We need to uninstall Combofix
  1. Click on your Start Menu, then Run....
  2. Now type combofix /uninstall in the runbox and click OK. Notice the space between the "x" and "/".

NEXT:

We need to enable TeaTimer
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. ClickMode and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press yes
  5. Click on Tools
  6. Click on Resident
  7. Check the following checkboxes:
    • Resident "SDHelper" (Internet Explorer bad download blocker) active.
    • Resident "TeaTimer" (Protection for over-all system settings) active.
  8. Close/Exit Spybot Search and Destroy



Your Log looks Clean please take the time to read below to secure your machine and take the necessary steps to keep it clean smile.gif

There are many ways to reduce the chance of getting infected in the future. Below, I have listed a few:
  1. Practice Safe Internet
    • Be weary about attachments in emails. Avoid opening .exe, .com, .bat, or .pif files.
    • Watch out for Foistware. More info can be found on Foistware, And how to avoid it.
    • Do not fall for Rogue/Suspect Anti-Spyware Products & Web Sites
    • Do not go to adult sites.
    • When using an Instant Messaging program be cautious about clicking on links people send to you.
    • Stay away from Warez and Crack sites. In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Use McAfee Siteadvisor to look up info on a site if you are not sure whether it is legitimate
    • Do not install any software without first reading the End User License Agreement, otherwise known as the EULA.
  2. Make Internet Explorer more secure
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt

        When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Make Firefox more secure
    Firefox is a relatively safe browser compared to Internet Explorer. However, if you'd still like to enhance security, consider some of these extensions:
    • NoScript: Add-on which automatically blocks Javascript and Java from running on sites.
    • Firekeeper: Add-on which aims to protect your from malicious websites which may exploit browser and code security flaws.
    • KeyScrambler: Add-on that protects your passwords from being detected by keyloggers.
  4. Keep Windows updated
    Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install.
  5. Install and update the following programs frequently
    1. An outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here
    2. An antivirus software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
    3. An antispyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    4. SpywareBlaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    5. MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  6. Keep your other software updated too
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

Some more links you might find of interest:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:05 AM

Posted 03 June 2010 - 11:02 PM

Since this problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please send me a PM with the address of this thread. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·