Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE searches hijacked, deleted Hiloti, Dropper, Download, Rightmedia viruses but they keep coming back & GMER.exe won't run


  • This topic is locked This topic is locked
30 replies to this topic

#1 Jefcamp

Jefcamp

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 July 2010 - 06:26 PM

DDS.txt log


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Jeff at 15:59:24.50 on Mon 07/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.236 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\taskmgr.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\DOWNLO~1\WinZip70\winzip32.exe
C:\Documents and Settings\Jeff\Desktop\adds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
EB: {32683183-48A0-441B-A342-7C2A440A9478} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [DAEMON Tools] "f:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Verizon Media Manager] f:\program files\verizon\verizon media manager\release\Verizon Media Manager.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [nForce Tray Options] sstray.exe /r
mRun: [HPDJ Taskbar Utility] c:\winnt\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\g001-1.0.25.0\gnotify.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Spiceworks] c:\program files\spiceworks\bin\spicetray_silent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] c:\winnt\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [SWHelper] "c:\winnt\system32\macromed\shockwave 8\PostUpdate.exe" 1014021
StartupFolder: c:\docume~1\jeff\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\jeff\desktop\Crestron Fixes for Jay.doc
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\elsbla~1.lnk - c:\program files\earthlink\spamblocker\ELSBLaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175497872984
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://www.dsnsoft.com/tsmail/msrdp.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37828.887037037
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ecastevents.webex.com/client/T26L/event/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: drivers.desc - c:\winnt\system32\armparse.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: DCGCAFEE - {752A1DBE-52B5-7F6A-4F6E-7228521A1893} - c:\winnt\system32\Cmmahjjm.dll
SSODL: mtkle - {4C39D505-B884-46F3-94B9-2B39DFC67ADD} - c:\winnt\system32\paiw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeff\applic~1\mozilla\firefox\profiles\jq1y3jix.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayAccessService.dll
FF - component: c:\program files\mozilla firefox\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2010-6-24 64288]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\winnt\system32\drivers\SI3112r.sys [2003-5-9 89749]
R0 SymDS;Symantec Data Store;c:\winnt\system32\drivers\n360\0402000.00c\symds.sys [2010-7-11 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\winnt\system32\drivers\n360\0402000.00c\symefa.sys [2010-7-11 173104]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S0 ndisrd;ndisrd; [x]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100619.001\BHDrvx86.sys [2010-6-19 691248]
S1 ccHP;Symantec Hash Provider;c:\winnt\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-7-11 501888]
S1 SymIRON;Symantec Iron Driver;c:\winnt\system32\drivers\n360\0402000.00c\ironx86.sys [2010-7-11 116784]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-2 136176]
S2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-7-11 126392]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-3-18 1174152]
S3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\winnt\system32\drivers\e10kx2k.sys [2003-7-27 1745168]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-11 102448]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-2-12 30192]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100709.001\IDSXpx86.sys [2010-7-11 331640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\winnt\system32\drivers\mbamswissarmy.sys [2009-4-16 38224]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100712.003\NAVENG.SYS [2010-7-12 85552]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100712.003\NAVEX15.SYS [2010-7-12 1347504]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2003-7-26 49776]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]

=============== Created Last 30 ================

2010-07-12 21:27:24 0 d-----w- C:\AAAsp
2010-07-12 17:18:29 0 d-----w- c:\winnt\pss
2010-07-11 23:37:40 805 ----a-w- c:\winnt\system32\drivers\SYMEVENT.INF
2010-07-11 23:37:40 7443 ----a-w- c:\winnt\system32\drivers\SYMEVENT.CAT
2010-07-11 23:37:40 60808 ----a-w- c:\winnt\system32\S32EVNT1.DLL
2010-07-11 23:37:40 124976 ----a-w- c:\winnt\system32\drivers\SYMEVENT.SYS
2010-07-11 23:36:30 0 d-----w- c:\winnt\system32\drivers\N360
2010-07-11 23:36:20 0 d-----w- c:\program files\Norton 360
2010-07-11 23:36:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-07-11 23:34:34 0 d-----w- c:\program files\NortonInstaller
2010-07-11 23:34:34 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-06-25 19:57:00 2784 ----a-w- c:\winnt\system32\tmp.reg
2010-06-25 19:56:25 79360 ----a-w- c:\winnt\system32\swxcacls.exe
2010-06-25 19:56:25 75776 ----a-w- c:\winnt\system32\WS2Fix.exe
2010-06-25 19:56:25 53248 ----a-w- c:\winnt\system32\Process.exe
2010-06-25 19:56:25 51200 ----a-w- c:\winnt\system32\dumphive.exe
2010-06-25 19:56:25 289144 ----a-w- c:\winnt\system32\VCCLSID.exe
2010-06-25 19:56:25 288417 ----a-w- c:\winnt\system32\SrchSTS.exe
2010-06-25 19:56:25 135168 ----a-w- c:\winnt\system32\swreg.exe
2010-06-24 22:20:34 15880 ----a-w- c:\winnt\system32\lsdelete.exe
2010-06-24 20:34:50 64288 ----a-w- c:\winnt\system32\drivers\Lbd.sys
2010-06-24 20:34:44 95024 ----a-w- c:\winnt\system32\drivers\SBREDrv.sys
2010-06-24 20:27:11 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-21 01:57:26 1324 ----a-w- c:\winnt\system32\d3d9caps.dat
2010-06-13 18:59:10 743424 -c----w- c:\winnt\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-07-12 22:46:37 36408 ----a-w- c:\winnt\system32\GlyphInfo.bin
2010-07-12 22:46:37 118084 ----a-w- c:\winnt\system32\FontInfo.bin
2010-05-21 21:14:28 221568 ------w- c:\winnt\system32\MpSigStub.exe
2010-05-06 10:41:53 916480 ----a-w- c:\winnt\system32\wininet.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\winnt\system32\win32k.sys
2010-04-23 17:56:11 30708 ---ha-w- c:\winnt\system32\mlfcache.dat
2010-04-20 05:51:20 285696 ----a-w- c:\winnt\system32\atmfd.dll
2003-07-27 02:20:48 271 --sh--w- c:\program files\desktop.ini
2003-07-27 02:20:48 21952 ---h--w- c:\program files\folder.htt

============= FINISH: 16:00:54.21 ===============

07-13-10 Windows Blue Screen of Death with Error Signature BCCode: 50. Also, "Tidserv Request 2" intrusion alerts from Norton. A message kept coming up on reboot "System Config Ulitity" "You have used the Sys Config Util to make change to the way Windows starts..." I have screenshots of all messages and viruses that I am attaching now.

Attached Files


Edited by Jefcamp, 13 July 2010 - 03:35 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:56 PM

Posted 17 July 2010 - 01:15 AM

Hello, Jefcamp.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:56 PM

Posted 19 July 2010 - 11:24 PM

Hello Jefcamp
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:56 PM

Posted 21 July 2010 - 11:05 PM

Due to lack of feedback, this topic has been closed. If you need this topic reopened, please send me a PM with the address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:56 PM

Posted 23 July 2010 - 01:31 PM

Topic reopened as per user's request.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 Jefcamp

Jefcamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 23 July 2010 - 05:17 PM

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jeff at 2010-07-23 15:05:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (14%) free of 35 GB
Total RAM: 511 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:06:14 PM, on 7/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINNT\system32\sstray.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spiceworks\bin\spicetray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\Documents and Settings\Jeff\Desktop\RSIT.exe
C:\Program Files\trend micro\Jeff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "f:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Verizon Media Manager] F:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2052111302-2000478354-725345543-500\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Shortcut to Crestron Fixes for Jay.lnk = C:\Documents and Settings\Jeff\Desktop\Crestron Fixes for Jay.doc
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175497872984
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.dsnsoft.com/tsmail/msrdp.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ecastevents.webex.com/client/T26L/event/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: drivers.desc - C:\WINNT\system32\armparse.dll (file missing)
O21 - SSODL: DCGCAFEE - {752A1DBE-52B5-7F6A-4F6E-7228521A1893} - C:\WINNT\system32\Cmmahjjm.dll (file missing)
O21 - SSODL: mtkle - {4C39D505-B884-46F3-94B9-2B39DFC67ADD} - C:\WINNT\system32\paiw32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12296 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Ad-Aware Update (Weekly).job
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
C:\WINNT\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-02 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll [2010-05-12 394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\4.2.0.12\IPSBHO.DLL [2009-11-16 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll [2010-05-12 394608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"nForce Tray Options"=sstray.exe /r []
"HPDJ Taskbar Utility"=C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-12-10 196608]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe [2005-07-15 479232]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-06-10 217088]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-22 30192]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-29 149280]
"Spiceworks"=C:\Program Files\Spiceworks\bin\spicetray_silent.exe [2009-10-14 66912]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2008-04-13 15360]
"DAEMON Tools"=f:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"Verizon Media Manager"=F:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe [2010-04-26 434176]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ELSBLaunch.lnk - C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\Jeff\Start Menu\Programs\Startup
Shortcut to Crestron Fixes for Jay.lnk - C:\Documents and Settings\Jeff\Desktop\Crestron Fixes for Jay.doc

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drivers.desc]
C:\WINNT\system32\armparse.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
C:\WINNT\system32\wzcdlg.dll [2008-04-13 383488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
DCGCAFEE - {752A1DBE-52B5-7F6A-4F6E-7228521A1893} - C:\WINNT\system32\Cmmahjjm.dll []
mtkle - {4C39D505-B884-46F3-94B9-2B39DFC67ADD} - C:\WINNT\system32\paiw32.dll []
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NBF]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nbf.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sglfb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCAD"=0
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"SpecifyDefaultButtons"=0
"Btn_Search"=0
"NoBandCustomize"=0
"NoActiveDesktop"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe"="C:\Program Files\GlobalSCAPE\CuteFTP 8 Home\ftpte.exe:*:Enabled:FTP Transfer Engine"
"C:\Crestron\Simpl\cmdnld.dll"="C:\Crestron\Simpl\cmdnld.dll:*:Enabled:cmdnld"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINNT\LMI17.tmp\lmi_rescue.exe"="C:\WINNT\LMI17.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Program Files\Spiceworks\bin\spiceworks.exe"="C:\Program Files\Spiceworks\bin\spiceworks.exe:*:Enabled:spiceworks"
"C:\Program Files\Spiceworks\bin\spiceworks-finder.exe"="C:\Program Files\Spiceworks\bin\spiceworks-finder.exe:*:Enabled:spiceworks-finder"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINNT\LMI20.tmp\lmi_rescue.exe"="C:\WINNT\LMI20.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"F:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe"="F:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe:*:Enabled:Verizon Media Manager"
"F:\Program Files\PPACalculator\FB\bin\PokerServer-fb.exe"="F:\Program Files\PPACalculator\FB\bin\PokerServer-fb.exe:*:Enabled:Firebird SQL Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-07-23 15:02:28 ----A---- C:\WINNT\system32\drivers\kbdhid.sys
2010-07-23 15:02:04 ----A---- C:\WINNT\system32\drivers\usbccgp.sys
2010-07-23 14:56:17 ----D---- C:\Program Files\trend micro
2010-07-23 14:56:10 ----D---- C:\rsit
2010-07-20 09:29:55 ----SHD---- C:\found.002
2010-07-16 08:37:03 ----D---- C:\Program Files\Common Files\Skype
2010-07-13 20:27:16 ----D---- C:\WINNT\Prefetch
2010-07-13 15:50:30 ----HDC---- C:\WINNT\$NtUninstallKB980232$
2010-07-13 15:50:12 ----HDC---- C:\WINNT\$NtUninstallKB980218$
2010-07-13 15:45:53 ----HDC---- C:\WINNT\$NtUninstallKB979683$
2010-07-13 15:45:09 ----HDC---- C:\WINNT\$NtUninstallKB979559$
2010-07-13 15:44:45 ----HDC---- C:\WINNT\$NtUninstallKB979482$
2010-07-13 15:44:16 ----HDC---- C:\WINNT\$NtUninstallKB979309$
2010-07-13 15:43:43 ----HDC---- C:\WINNT\$NtUninstallKB978706$
2010-07-13 15:42:59 ----HDC---- C:\WINNT\$NtUninstallKB978601$
2010-07-13 15:40:59 ----HDC---- C:\WINNT\$NtUninstallKB978542$
2010-07-13 15:40:03 ----HDC---- C:\WINNT\$NtUninstallKB978338$
2010-07-13 15:39:43 ----HDC---- C:\WINNT\$NtUninstallKB978251$
2010-07-13 15:39:31 ----HDC---- C:\WINNT\$NtUninstallKB978037$
2010-07-13 15:39:04 ----HDC---- C:\WINNT\$NtUninstallKB977914$
2010-07-13 15:38:21 ----HDC---- C:\WINNT\$NtUninstallKB977165-v2$
2010-07-13 15:37:59 ----HDC---- C:\WINNT\$NtUninstallKB975713$
2010-07-13 15:37:45 ----HDC---- C:\WINNT\$NtUninstallKB975562$
2010-07-13 15:37:32 ----HDC---- C:\WINNT\$NtUninstallKB975561$
2010-07-13 15:37:09 ----HDC---- C:\WINNT\$NtUninstallKB975560$
2010-07-13 15:36:51 ----HDC---- C:\WINNT\$NtUninstallKB975467$
2010-07-13 15:36:37 ----HDC---- C:\WINNT\$NtUninstallKB975025$
2010-07-13 15:36:24 ----HDC---- C:\WINNT\$NtUninstallKB974571$
2010-07-13 15:36:05 ----HDC---- C:\WINNT\$NtUninstallKB974392$
2010-07-13 15:35:41 ----HDC---- C:\WINNT\$NtUninstallKB974318$
2010-07-13 15:35:06 ----HDC---- C:\WINNT\$NtUninstallKB974112$
2010-07-13 15:34:27 ----HDC---- C:\WINNT\$NtUninstallKB973869$
2010-07-13 15:33:56 ----HDC---- C:\WINNT\$NtUninstallKB973815$
2010-07-13 15:33:36 ----HDC---- C:\WINNT\$NtUninstallKB973687$
2010-07-13 15:33:22 ----HDC---- C:\WINNT\$NtUninstallKB973507$
2010-07-13 15:33:03 ----HDC---- C:\WINNT\$NtUninstallKB973354$
2010-07-13 15:32:51 ----HDC---- C:\WINNT\$NtUninstallKB972270$
2010-07-13 15:32:27 ----HDC---- C:\WINNT\$NtUninstallKB971737$
2010-07-13 15:31:59 ----HDC---- C:\WINNT\$NtUninstallKB971657$
2010-07-13 15:31:44 ----HDC---- C:\WINNT\$NtUninstallKB971633$
2010-07-13 15:31:31 ----HDC---- C:\WINNT\$NtUninstallKB971557$
2010-07-13 15:29:20 ----HDC---- C:\WINNT\$NtUninstallKB971486$
2010-07-13 15:28:27 ----HDC---- C:\WINNT\$NtUninstallKB971468$
2010-07-13 15:27:45 ----HDC---- C:\WINNT\$NtUninstallKB970430$
2010-07-13 15:27:33 ----HDC---- C:\WINNT\$NtUninstallKB970238$
2010-07-13 15:26:58 ----HDC---- C:\WINNT\$NtUninstallKB969947$
2010-07-13 15:26:31 ----HDC---- C:\WINNT\$NtUninstallKB969059$
2010-07-13 15:24:33 ----HDC---- C:\WINNT\$NtUninstallKB968537$
2010-07-13 15:21:40 ----HDC---- C:\WINNT\$NtUninstallKB968389$
2010-07-13 15:20:47 ----HDC---- C:\WINNT\$NtUninstallKB967715$
2010-07-13 15:20:29 ----HDC---- C:\WINNT\$NtUninstallKB961503$
2010-07-13 15:20:18 ----HDC---- C:\WINNT\$NtUninstallKB961501$
2010-07-13 15:19:56 ----HDC---- C:\WINNT\$NtUninstallKB961373$
2010-07-13 15:19:45 ----HDC---- C:\WINNT\$NtUninstallKB961371$
2010-07-13 15:19:02 ----HDC---- C:\WINNT\$NtUninstallKB961118$
2010-07-13 15:18:44 ----HDC---- C:\WINNT\$NtUninstallKB960859$
2010-07-13 15:18:32 ----HDC---- C:\WINNT\$NtUninstallKB960803$
2010-07-13 15:18:08 ----HDC---- C:\WINNT\$NtUninstallKB960225$
2010-07-13 15:17:54 ----HDC---- C:\WINNT\$NtUninstallKB959426$
2010-07-13 15:16:55 ----HDC---- C:\WINNT\$NtUninstallKB958690$
2010-07-13 15:16:40 ----HDC---- C:\WINNT\$NtUninstallKB958687$
2010-07-13 15:16:26 ----HDC---- C:\WINNT\$NtUninstallKB958644$
2010-07-13 15:15:59 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2010-07-13 15:15:44 ----HDC---- C:\WINNT\$NtUninstallKB957095$
2010-07-13 15:15:32 ----HDC---- C:\WINNT\$NtUninstallKB956844$
2010-07-13 15:15:22 ----HDC---- C:\WINNT\$NtUninstallKB956841$
2010-07-13 15:14:57 ----HDC---- C:\WINNT\$NtUninstallKB956803$
2010-07-13 15:14:39 ----HDC---- C:\WINNT\$NtUninstallKB956802$
2010-07-13 15:13:55 ----HDC---- C:\WINNT\$NtUninstallKB956572$
2010-07-13 15:13:09 ----HDC---- C:\WINNT\$NtUninstallKB955759$
2010-07-13 15:12:44 ----HDC---- C:\WINNT\$NtUninstallKB973687_1$
2010-07-13 15:12:12 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2010-07-13 15:10:49 ----HDC---- C:\WINNT\$NtUninstallKB974112_1$
2010-07-13 15:09:07 ----HDC---- C:\WINNT\$NtUninstallKB954600$
2010-07-13 15:06:40 ----HDC---- C:\WINNT\$NtUninstallKB954211$
2010-07-13 15:04:11 ----HDC---- C:\WINNT\$NtUninstallKB952954$
2010-07-13 15:03:39 ----HDC---- C:\WINNT\$NtUninstallKB952287$
2010-07-13 15:02:24 ----HDC---- C:\WINNT\$NtUninstallKB952004$
2010-07-13 15:01:28 ----HDC---- C:\WINNT\$NtUninstallKB951748$
2010-07-13 15:00:08 ----HDC---- C:\WINNT\$NtUninstallKB951698$
2010-07-13 14:59:02 ----HDC---- C:\WINNT\$NtUninstallKB951376-v2$
2010-07-13 14:57:33 ----HDC---- C:\WINNT\$NtUninstallKB951376$
2010-07-13 14:56:30 ----HDC---- C:\WINNT\$NtUninstallKB951066$
2010-07-13 14:56:08 ----HDC---- C:\WINNT\$NtUninstallKB950974$
2010-07-13 14:55:36 ----HDC---- C:\WINNT\$NtUninstallKB950762$
2010-07-13 14:55:12 ----HDC---- C:\WINNT\$NtUninstallKB938464$
2010-07-13 14:54:12 ----HDC---- C:\WINNT\$NtUninstallKB923561$
2010-07-13 14:37:35 ----D---- C:\Program Files\Messenger
2010-07-13 14:33:45 ----D---- C:\WINNT\system32\scripting
2010-07-13 14:33:36 ----D---- C:\WINNT\l2schemas
2010-07-13 14:33:32 ----D---- C:\WINNT\system32\en
2010-07-13 14:33:32 ----D---- C:\Program Files\msn
2010-07-13 14:20:49 ----D---- C:\WINNT\network diagnostic
2010-07-13 14:10:53 ----HDC---- C:\WINNT\$NtServicePackUninstall$
2010-07-13 09:07:58 ----ASH---- C:\hiberfil.sys
2010-07-12 10:18:29 ----D---- C:\WINNT\pss
2010-07-11 16:37:40 ----A---- C:\WINNT\system32\S32EVNT1.DLL
2010-07-11 16:37:40 ----A---- C:\WINNT\system32\drivers\SYMEVENT.SYS
2010-07-11 16:36:30 ----D---- C:\WINNT\system32\drivers\N360
2010-07-11 16:36:20 ----D---- C:\Program Files\Windows Sidebar
2010-07-11 16:36:20 ----D---- C:\Program Files\Norton 360
2010-07-11 16:36:19 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-07-11 16:34:34 ----D---- C:\Program Files\NortonInstaller
2010-07-11 16:34:34 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-06-25 12:57:00 ----A---- C:\WINNT\system32\tmp.txt
2010-06-25 12:56:25 ----A---- C:\WINNT\system32\WS2Fix.exe
2010-06-25 12:56:25 ----A---- C:\WINNT\system32\VCCLSID.exe
2010-06-25 12:56:25 ----A---- C:\WINNT\system32\swxcacls.exe
2010-06-25 12:56:25 ----A---- C:\WINNT\system32\swsc.exe
2010-06-25 12:56:25 ----A---- C:\WINNT\system32\swreg.exe
2010-06-25 12:56:25 ----A---- C:\WINNT\system32\SrchSTS.exe
2010-06-25 12:56:25 ----A---- C:\WINNT\system32\Process.exe
2010-06-25 12:56:25 ----A---- C:\WINNT\system32\dumphive.exe
2010-06-24 13:34:44 ----A---- C:\WINNT\system32\drivers\SBREDrv.sys
2010-06-24 13:26:22 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-06-14 23:20:57 ----HDC---- C:\WINNT\$NtUninstallKB980218_0$
2010-06-14 23:20:48 ----HDC---- C:\WINNT\$NtUninstallKB979559_0$
2010-06-14 23:20:43 ----HDC---- C:\WINNT\$NtUninstallKB979482_0$
2010-06-14 23:20:35 ----HDC---- C:\WINNT\$NtUninstallKB975562_0$
2010-06-13 23:46:04 ----HDC---- C:\WINNT\$NtUninstallKB980195$
2010-06-13 23:38:01 ----HDC---- C:\WINNT\$NtUninstallKB978695_WM9$
2010-05-25 23:05:46 ----HDC---- C:\WINNT\$NtUninstallKB981793$
2010-05-12 23:18:04 ----HDC---- C:\WINNT\$NtUninstallKB978542_0$
2010-04-26 16:41:08 ----D---- C:\Program Files\iPod
2010-04-26 16:40:08 ----D---- C:\Program Files\iTunes
2010-04-26 16:40:08 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-26 16:34:08 ----D---- C:\Program Files\QuickTime
2010-04-26 16:28:39 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 3 months======

2010-07-23 15:02:33 ----RSHDC---- C:\WINNT\system32\dllcache
2010-07-23 15:02:28 ----D---- C:\WINNT\system32\drivers
2010-07-23 15:02:04 ----HD---- C:\WINNT\inf
2010-07-23 15:01:41 ----D---- C:\WINNT\system32\CatRoot2
2010-07-23 14:56:17 ----RD---- C:\Program Files
2010-07-23 14:56:13 ----D---- C:\WINNT\temp
2010-07-23 11:38:14 ----D---- C:\Documents and Settings\Jeff\Application Data\Skype
2010-07-23 10:46:54 ----D---- C:\Documents and Settings\Jeff\Application Data\skypePM
2010-07-23 10:46:25 ----SD---- C:\WINNT\Tasks
2010-07-23 10:45:28 ----SHD---- C:\System Volume Information
2010-07-23 10:43:26 ----D---- C:\WINNT\system32\NtmsData
2010-07-23 10:35:24 ----D---- C:\WINNT\security
2010-07-23 10:35:10 ----A---- C:\WINNT\SchedLgU.Txt
2010-07-22 13:29:40 ----D---- C:\WINNT\repair
2010-07-22 13:29:08 ----D---- C:\WINNT\Registration
2010-07-16 08:39:10 ----SHD---- C:\WINNT\Installer
2010-07-16 08:37:36 ----RD---- C:\Program Files\Skype
2010-07-16 08:37:03 ----D---- C:\Program Files\Common Files
2010-07-16 08:36:50 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-07-14 08:31:24 ----D---- C:\WINNT
2010-07-13 20:42:01 ----D---- C:\WINNT\system32
2010-07-13 20:32:33 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2010-07-13 20:28:45 ----A---- C:\WINNT\OEWABLog.txt
2010-07-13 20:27:23 ----A---- C:\WINNT\setuplog.txt
2010-07-13 20:26:46 ----D---- C:\WINNT\AppPatch
2010-07-13 20:26:45 ----RSD---- C:\WINNT\Fonts
2010-07-13 20:26:45 ----D---- C:\WINNT\system32\wbem
2010-07-13 20:26:45 ----D---- C:\WINNT\system32\Setup
2010-07-13 20:26:45 ----D---- C:\Program Files\Outlook Express
2010-07-13 20:26:45 ----D---- C:\Program Files\Common Files\System
2010-07-13 15:51:38 ----D---- C:\WINNT\system32\CatRoot
2010-07-13 15:37:36 ----D---- C:\Program Files\Movie Maker
2010-07-13 14:37:53 ----D---- C:\WINNT\WinSxS
2010-07-13 14:35:55 ----D---- C:\WINNT\system32\inetsrv
2010-07-13 14:35:54 ----D---- C:\WINNT\ime
2010-07-13 14:35:54 ----D---- C:\WINNT\Help
2010-07-13 14:34:20 ----D---- C:\WINNT\system32\en-US
2010-07-13 14:34:19 ----D---- C:\WINNT\system32\usmt
2010-07-13 14:33:28 ----D---- C:\WINNT\system32\BITS
2010-07-13 14:33:28 ----D---- C:\WINNT\PeerNet
2010-07-13 14:26:01 ----D---- C:\WINNT\system32\Restore
2010-07-13 14:26:01 ----D---- C:\WINNT\system32\npp
2010-07-13 14:26:00 ----D---- C:\WINNT\mui
2010-07-13 14:25:59 ----D---- C:\WINNT\msagent
2010-07-13 14:25:56 ----D---- C:\WINNT\srchasst
2010-07-13 14:25:52 ----D---- C:\Program Files\NetMeeting
2010-07-13 14:25:48 ----D---- C:\WINNT\system32\Com
2010-07-13 14:25:44 ----D---- C:\Program Files\Windows Media Player
2010-07-13 14:25:42 ----D---- C:\Program Files\Windows NT
2010-07-13 14:24:35 ----D---- C:\WINNT\system32\oobe
2010-07-13 14:24:31 ----D---- C:\WINNT\system
2010-07-13 14:18:54 ----RD---- C:\WINNT\Web
2010-07-13 14:16:01 ----D---- C:\WINNT\system32\ReinstallBackups
2010-07-13 14:10:33 ----D---- C:\WINNT\ehome
2010-07-13 12:04:50 ----D---- C:\WINNT\Minidump
2010-07-13 09:52:11 ----D---- C:\Program Files\Lavasoft
2010-07-13 09:52:04 ----DC---- C:\WINNT\system32\DRVSTORE
2010-07-13 09:49:51 ----D---- C:\Documents and Settings\Jeff\Application Data\Lavasoft
2010-07-13 09:49:48 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-13 09:35:23 ----SH---- C:\boot.ini
2010-07-13 09:35:23 ----A---- C:\WINNT\win.ini
2010-07-13 09:35:23 ----A---- C:\WINNT\system.ini
2010-07-12 20:08:18 ----A---- C:\WINNT\ntbtlog.txt
2010-07-12 15:52:03 ----SHD---- C:\WINNT\CSC
2010-07-11 16:37:40 ----D---- C:\Program Files\Symantec
2010-07-11 16:37:40 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-11 16:25:21 ----HDC---- C:\WINNT\$NtUpdateRollupPackUninstall$
2010-07-11 16:25:21 ----D---- C:\WINNT\OemDir
2010-06-23 09:46:03 ----HDC---- C:\WINNT\ie8
2010-06-22 22:44:37 ----D---- C:\Documents and Settings\Jeff\Application Data\Oxacep
2010-06-22 15:45:15 ----D---- C:\Documents and Settings\Jeff\Application Data\Liosru
2010-06-21 20:43:42 ----D---- C:\Program Files\Common Files\Softwin
2010-06-21 16:06:51 ----HDC---- C:\WINNT\$NtUninstallKB890859$
2010-06-21 08:59:22 ----HDC---- C:\WINNT\$NtUninstallKB978706_0$
2010-06-20 23:35:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-14 08:15:28 ----D---- C:\WINNT\Microsoft.NET
2010-06-14 08:15:25 ----RSD---- C:\WINNT\assembly
2010-06-13 23:45:37 ----HD---- C:\WINNT\$hf_mig$
2010-06-13 23:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-06-13 23:43:03 ----A---- C:\WINNT\vbaddin.ini
2010-06-13 23:42:03 ----D---- C:\Program Files\Internet Explorer
2010-05-28 12:37:34 ----A---- C:\WINNT\system32\MRT.exe
2010-05-24 11:20:26 ----SD---- C:\Documents and Settings\Jeff\Application Data\Microsoft
2010-05-21 14:14:28 ----N---- C:\WINNT\system32\MpSigStub.exe
2010-05-13 08:15:54 ----D---- C:\Program Files\Google
2010-05-06 03:41:53 ----A---- C:\WINNT\system32\wininet.dll
2010-05-06 03:41:52 ----A---- C:\WINNT\system32\urlmon.dll
2010-05-06 03:41:52 ----A---- C:\WINNT\system32\occache.dll
2010-05-06 03:41:52 ----A---- C:\WINNT\system32\mstime.dll
2010-05-06 03:41:52 ----A---- C:\WINNT\system32\mshtml.dll
2010-05-06 03:41:51 ----A---- C:\WINNT\system32\msfeedsbs.dll
2010-05-06 03:41:51 ----A---- C:\WINNT\system32\msfeeds.dll
2010-05-06 03:41:51 ----A---- C:\WINNT\system32\jsproxy.dll
2010-05-06 03:41:50 ----A---- C:\WINNT\system32\iertutil.dll
2010-05-06 03:41:50 ----A---- C:\WINNT\system32\iepeers.dll
2010-05-06 03:41:49 ----A---- C:\WINNT\system32\ieframe.dll
2010-05-06 03:41:48 ----A---- C:\WINNT\system32\iedkcs32.dll
2010-05-05 06:30:57 ----A---- C:\WINNT\system32\ie4uinit.exe
2010-04-29 14:15:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-26 16:41:02 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINNT\System32\DRIVERS\nv_agp.sys [2002-09-05 13568]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINNT\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINNT\System32\Drivers\PxHelp20.sys [2006-09-27 36560]
R0 sbp2port;SBP-2 Transport/Protocol Bus Driver; C:\WINNT\system32\DRIVERS\sbp2port.sys [2008-04-13 43904]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller; C:\WINNT\system32\drivers\si3112r.sys [2003-05-09 89749]
R0 sptd;sptd; C:\WINNT\System32\Drivers\sptd.sys [2008-07-14 682232]
R0 SymDS;Symantec Data Store; C:\WINNT\system32\drivers\N360\0402000.00C\SYMDS.SYS [2009-10-14 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\WINNT\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-21 173104]
R1 AmdK7;AMD K7 Processor Driver; C:\WINNT\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:\WINNT\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-25 501888]
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINNT\system32\drivers\N360\0402000.00C\SRTSPX.SYS [2010-04-21 43696]
R1 SymIRON;Symantec Iron Driver; C:\WINNT\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-28 116784]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINNT\System32\Drivers\N360\0402000.00C\SYMTDI.SYS [2010-05-05 361904]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 PfModNT;PfModNT; \??\C:\WINNT\system32\PfModNT.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINNT\system32\drivers\symlcbrd.sys []
R2 TBPanel;TBPanel; C:\WINNT\system32\drivers\TBPanel.sys [2002-07-26 5306]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 EL90Xbc;3Com 3C90X-BC Family PCI EtherLink Adapter; C:\WINNT\System32\DRIVERS\el90Xbc5.SYS [2002-08-13 74338]
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM); C:\WINNT\system32\drivers\e10kx2k.sys [2001-07-13 1745168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINNT\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINNT\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100721.003\IDSxpx86.sys []
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100723.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100723.002\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINNT\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 ossrv;Creative OS Services Driver; C:\WINNT\System32\drivers\ctoss2k.sys [2001-07-13 187040]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINNT\system32\DRIVERS\point32.sys [2005-06-10 21760]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINNT\System32\Drivers\N360\0402000.00C\SRTSP.SYS [2010-04-21 325680]
R3 SymEvent;SymEvent; \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S0 ndisrd;ndisrd; C:\WINNT\system32\drivers\ndisrd.sys []
S1 tga;tga; C:\WINNT\system32\drivers\tga.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINNT\system32\DRIVERS\wceusbsh.sys [2008-04-13 31744]
S3 aylggjqy;aylggjqy; C:\WINNT\system32\drivers\aylggjqy.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MPE;BDA MPE Filter; C:\WINNT\System32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINNT\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NuidFltr;NUID filter driver; C:\WINNT\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINNT\system32\drivers\nvax.sys [2002-12-16 13056]
S3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINNT\System32\DRIVERS\NVENET.sys [2002-09-22 80896]
S3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINNT\system32\drivers\nvapu.sys [2002-12-16 241664]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINNT\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbhub20;USB 2.0 Root Hub Support; C:\WINNT\System32\DRIVERS\usbhub20.sys [2003-06-19 49776]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINNT\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 aic116x;aic116x; C:\WINNT\system32\drivers\aic116x.sys []
S4 ami0nt;ami0nt; C:\WINNT\system32\drivers\ami0nt.sys []
S4 BusLogic;BusLogic; C:\WINNT\system32\drivers\BusLogic.sys []
S4 cpqarry2;cpqarry2; C:\WINNT\system32\drivers\cpqarry2.sys []
S4 cpqfcalm;cpqfcalm; C:\WINNT\system32\drivers\cpqfcalm.sys []
S4 cpqfws2e;cpqfws2e; C:\WINNT\system32\drivers\cpqfws2e.sys []
S4 deckzpsx;deckzpsx; C:\WINNT\system32\drivers\deckzpsx.sys []
S4 EFS;EFS; C:\WINNT\system32\drivers\EFS.sys []
S4 Fd16_700;Fd16_700; C:\WINNT\system32\drivers\Fd16_700.sys []
S4 fireport;fireport; C:\WINNT\system32\drivers\fireport.sys []
S4 flashpnt;flashpnt; C:\WINNT\system32\drivers\flashpnt.sys []
S4 ipsraidn;ipsraidn; C:\WINNT\system32\drivers\ipsraidn.sys []
S4 lp6nds35;lp6nds35; C:\WINNT\system32\drivers\lp6nds35.sys []
S4 Ncrc710;Ncrc710; C:\WINNT\system32\drivers\Ncrc710.sys []
S4 Parallel;Parallel class driver; C:\WINNT\System32\DRIVERS\parallel.sys []
S4 ql2100;ql2100; C:\WINNT\system32\drivers\ql2100.sys []
S4 ultra66;ultra66; C:\WINNT\system32\drivers\ultra66.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-29 153376]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe [2010-02-25 126392]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-03-18 1174152]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINNT\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S2 Fax;Fax; C:\WINNT\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-02 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-22 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-02 137200]
S3 idsvc;Windows CardSpace; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UtilMan;Utility Manager; C:\WINNT\System32\UtilMan.exe [2008-04-13 50176]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2010-07-23 14:56:45

======Uninstall list======

PPA Calculator version 2.0.0.229-->"F:\Program Files\PPACalculator\unins000.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
2001 TurboTax Deluxe-->d:\program files\Tax01\TaxUnst.EXE "d:\program files\Tax01\Uninstall.log" -NoGui
ACT! 2000-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Symantec\ACT\Uninst5.isu" -c"C:\Program Files\Symantec\ACT\UNINSTAL.DLL"
Ad-Aware Email Scanner for Outlook-->MsiExec.exe /I{338F08AB-C262-42C7-B000-34DE1A475273}
Adobe Acrobat 5.0-->C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Age of Mythology-->"F:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{B5C3B892-0849-476C-9F46-B12F84819D57}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AutoCAD 2002-->MsiExec.exe /I{5783F2D7-0101-0409-0000-0060B0CE6BBA}
Baldur's Gate-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Black Isle\Baldur's Gate\Uninst.isu"
Bonjour-->MsiExec.exe /X{76BC2442-0002-47FA-9617-43BAD82BEF4C}
Cable Database v3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FF8B87-182D-45E1-A172-BF7D0D77DD75}\setup.exe" -l0x9 Anything
Canon Camera TWAIN Driver 6.5-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9147499-A4AE-4EE8-9F71-19611C6F6CA0} /l1033 /x
Canon Digital Camera USB TWAIN Driver-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\DC USB TWAIN\Uninst.isu" -c"C:\Program Files\Canon\DC USB TWAIN\SetupTwn.dll"
Canon PhotoRecord-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities PhotoStitch 3.1-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities RAW Image Converter-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"
Canon Utilities RemoteCapture 2.2-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\RemoteCapture\Uninst.isu"
Canon Utilities ZoomBrowser EX-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
Citrix ICA Client-->C:\WINNT\ISUNINST.EXE -fD:\PROGRA~1\Citrix\ICACLI~1\Uninst.isu -cD:\PROGRA~1\Citrix\ICACLI~1\uninstpn.dll
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crestron Application Builder Templates-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363FA5A7-DFD9-4D52-A5E1-15FA9B8E2DB3}\setup.exe" -l0x9 Crestron
Crestron Application Builder v1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3998BE20-A2BE-45FC-8210-F9CB6C7ABC69}\Setup.exe" -l0x9 Anything
Crestron Database v19-->C:\Program Files\InstallShield Installation Information\{ADDFADDA-37C5-11D5-8647-005004243571}\setup.exe -runfromtemp -l0x0009 -removeonly
Crestron Database-->"C:\Program Files\InstallShield Installation Information\{443CBE24-0679-4027-9C36-66F129E009C5}\setup.exe" -runfromtemp -l0x0009 -removeonly
Crestron Device Database-->"C:\Program Files\InstallShield Installation Information\{6686F38D-1A32-4A8C-94D7-A2AA9C5F3C9B}\setup.exe" -runfromtemp -l0x0009 -removeonly
Crestron Digital Media Tools v3.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDD189C7-8590-4372-A494-08592E360B46}\setup.exe" -l0x9 Crestron
Crestron Engraver v2.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF1E043B-27DA-42F4-ABCD-AD0DFE7AE5EA}\setup.exe" -l0x9 Crestron
Crestron iLux Designer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12239D15-AD6B-458E-A0FB-2841F68F590E}\setup.exe" -l0x9 Crestron
Crestron RoomView v6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DF8BB19-CAF3-4828-939D-87DF84A9EEFF}\setup.exe" -l0x9 Crestron
Crestron Toolbox v1.13-->"C:\Program Files\InstallShield Installation Information\{CFEDA22F-435D-4891-913A-75B80D8159B8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINNT\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CuteFTP 8 Home-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
D3 Pro Templates-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{613B7B57-EE06-4280-AE17-1DABA03A6C28}\setup.exe" -l0x9 Crestron
D3 Pro v2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B6CA334-FA33-431B-9200-D337866A7CF7}\setup.exe" -l0x9 Crestron
DEAL for Windows v4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7005C601-B415-4D77-B2ED-FF40E3DACDED}\setup.exe" -l0x9 Crestron
DivX 5.0.2 Bundle-->C:\WINNT\unvise32.exe D:\Program Files\DivX\uninstal.log
Dungeon Siege-->"C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove
DVD Profiler Version 2.4.0-->"C:\Program Files\InterVocative Software\DVD Profiler\unins000.exe"
EarthLink spamBlocker Add-On-->MsiExec.exe /I{45EF1D41-FAC7-4204-A0B1-D9F05E0C7DB6}
EXPERTool-->RunDll32 Setupapi.dll,InstallHinfSection TB.Remove 4 TBNT4.inf
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.99\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Gmail Notifier-->C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\UninstallGmail.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINNT\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINNT\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINNT\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINNT\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINNT\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINNT\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINNT\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINNT\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINNT\$NtUninstallKB981793$\spuninst\spuninst.exe"
hp deskjet 990c series (Remove only)-->C:\Program Files\hp deskjet 990c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=990c -huninstall
hp deskjet 990c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 990c series
iTunes-->MsiExec.exe /I{996A2FAA-7514-4628-9D12-A8FC34A0016E}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Kinko's File Prep Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39245BB8-10C3-4348-BE83-D23138080341}\Setup.exe" -Uninstall
LEADTOOLS ePrint IV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE49E2E6-BE11-47AF-A9C7-F7389156C2B4}\setup.exe"
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINNT\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINNT\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {519D9F45-CBF4-4E57-B419-11F196CCA8AE}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Money Investment Toolbox-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MT-1000 Components-->MsiExec.exe /X{6E1557F9-8C38-4843-8170-B0131AE8B10B}
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NLOP-->F:\Program Files\NLOP\uninstall.exe
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\2454B0AB\4.2.0.12\InstStub.exe /X
NVIDIA nForce Utilities-->C:\WINNT\System32\rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINNT\INF\nvautlml.inf
NVIDIA Windows 2000/XP nForce Drivers-->rundll32.exe C:\WINNT\System32\NVNFINST.DLL,NvUninstallCrush
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Punch! Professional Home Design-->C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio 2007 (KB982127)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {AA3200A8-BD90-4763-B7D0-27DFBFB8DD71}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINNT\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINNT\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINNT\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINNT\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINNT\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINNT\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINNT\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINNT\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINNT\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINNT\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINNT\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINNT\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINNT\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINNT\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINNT\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINNT\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINNT\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINNT\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINNT\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINNT\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINNT\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINNT\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINNT\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINNT\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINNT\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINNT\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINNT\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINNT\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINNT\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINNT\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINNT\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINNT\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINNT\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINNT\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINNT\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINNT\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINNT\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINNT\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINNT\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINNT\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINNT\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINNT\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINNT\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINNT\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINNT\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINNT\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINNT\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINNT\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINNT\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINNT\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINNT\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINNT\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINNT\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINNT\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINNT\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINNT\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINNT\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINNT\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINNT\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINNT\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINNT\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINNT\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINNT\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINNT\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINNT\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINNT\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINNT\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINNT\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINNT\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINNT\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINNT\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINNT\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINNT\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINNT\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINNT\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINNT\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINNT\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINNT\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINNT\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINNT\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINNT\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINNT\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINNT\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINNT\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINNT\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINNT\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINNT\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
SIMPL Windows Library v318-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A903C9-35DE-4770-9264-5F831E0A3A2E}\setup.exe" -l0x9 Crestron
SIMPL Windows v2.04-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6054F6A1-9E54-4DE9-8FDA-2FD974D0B404}\Setup.exe" -l0x9 Anything
SIMPL Windows v2.08-->C:\Program Files\InstallShield Installation Information\{D6D8EDBA-82CC-4AF8-AEAF-BA156D2FD5AC}\setup.exe -runfromtemp -l0x0009 -removeonly
SIMPL Windows v2.11-->"C:\Program Files\InstallShield Installation Information\{9B42A6A6-035B-43FC-A7AC-C99F1D084384}\setup.exe" -runfromtemp -l0x0009 -removeonly
SIMPL+ Cross Compiler-->C:\Program Files\InstallShield Installation Information\{FB97A745-D1E6-435D-B942-264E94F89938}\setup.exe -runfromtemp -l0x0009 -removeonly
SIMPL+ Cross Compiler-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D46018D-8670-4859-BD88-C64377D16D83}\Setup.exe" anything
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spiceworks-->C:\Program Files\Spiceworks\uninst.exe
Spybot - Search & Destroy 1.5.2.20-->"C:\WINNT\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Starcraft-->C:\WINNT\SCunin.exe C:\WINNT\SCunin.dat
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
SystemBuilder Templates-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A5B8D7D-18FD-4B19-8586-0AC0F5FFDD32}\setup.exe" -l0x9 Crestron
SystemBuilder v3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16F5D-E8C7-432B-8878-9541094E802B}\setup.exe" -l0x9 Crestron
TightVNC 1.2.9-->"C:\Program Files\TightVNC\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINNT\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINNT\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINNT\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINNT\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINNT\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINNT\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINNT\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINNT\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINNT\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINNT\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINNT\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINNT\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINNT\$NtUninstallKB973815$\spuninst\spuninst.exe"
Verizon Media Manager-->MsiExec.exe /I{B1C9CB59-0F00-4D29-AE17-ACDD9FCBC123}
Viewport v3.99.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55C28EF3-2EA3-46AB-B1E7-54B96C5A6921}\setup.exe" -l0x9 Crestron
VisionTools Pro-e v3.9-->C:\Program Files\InstallShield Installation Information\{AA3983BF-9B72-484E-972A-E47BBAFA9CCA}\setup.exe -runfromtemp -l0x0009 -removeonly
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINNT\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Volo View Express-->C:\WINNT\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
Vtpro-e Themes v1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3490202-63D2-4811-A402-F2CEF9750087}\Setup.exe" -l0x9 Anything
WebEx-->C:\WINNT\DOWNLO~1\atcliun.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINNT\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINNT\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->C:\Documents and Settings\Jeff\My Documents\Downloaded Programs\WinZip70\WINZIP32.EXE /uninstall

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton 360
FW: Norton 360

======System event log======

Computer Name: JEFFSGAMINGCOMP
Event Code: 10000
Message: Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
The error:
"%3"
Happened while starting this command:
"C:\Program Files\Messenger\msmsgs.exe" -Embedding

Record Number: 29986
Source Name: DCOM
Time Written: 20100622092114.000000-420
Event Type: error
User: JEFFSGAMINGCOMP\Jeff

Computer Name: JEFFSGAMINGCOMP
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {5C1DAE82-CD6D-4B89-9131-462D01766339}

User: JEFFSGAMINGCOMP\Jeff

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: iemain:HKCU@S-1-5-21-2052111302-2000478354-725345543-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page

Alert Type: Unclassified software

Detection Type:

Record Number: 29984
Source Name: WinDefend
Time Written: 20100622091936.000000-420
Event Type: warning
User:

Computer Name: JEFFSGAMINGCOMP
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {C2F7B1A1-C54D-43EE-8EEE-9C115D14F14A}

User: JEFFSGAMINGCOMP\Jeff

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: iemain:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page

Alert Type: Unclassified software

Detection Type:

Record Number: 29981
Source Name: WinDefend
Time Written: 20100622091439.000000-420
Event Type: warning
User:

Computer Name: JEFFSGAMINGCOMP
Event Code: 7023
Message: The Computer Browser service terminated with the following error:
This operation returned because the timeout period expired.


Record Number: 29979
Source Name: Service Control Manager
Time Written: 20100622091431.000000-420
Event Type: error
User:

Computer Name: JEFFSGAMINGCOMP
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {273D9724-033F-44F8-B0F0-F6DD32A4CA95}

User: JEFFSGAMINGCOMP\Jeff

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: iemain:HKCU@S-1-5-21-2052111302-2000478354-725345543-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page

Alert Type: Unclassified software

Detection Type:

Record Number: 29977
Source Name: WinDefend
Time Written: 20100622091430.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: JEFFSGAMINGCOMP
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 69500
Source Name: Microsoft Fax
Time Written: 20100604082836.000000-420
Event Type: warning
User:

Computer Name: JEFFSGAMINGCOMP
Event Code: 1517
Message: Windows saved user JEFFSGAMINGCOMP\Jeff registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 69492
Source Name: Userenv
Time Written: 20100603204614.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JEFFSGAMINGCOMP
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 69475
Source Name: Microsoft Fax
Time Written: 20100603074553.000000-420
Event Type: warning
User:

Computer Name: JEFFSGAMINGCOMP
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 69474
Source Name: Microsoft Fax
Time Written: 20100603074553.000000-420
Event Type: warning
User:

Computer Name: JEFFSGAMINGCOMP
Event Code: 1517
Message: Windows saved user JEFFSGAMINGCOMP\Jeff registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 69466
Source Name: Userenv
Time Written: 20100602232144.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#7 Jefcamp

Jefcamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 23 July 2010 - 05:22 PM

GMER.exe opens and begins running before I can check or uncheck anything. It crashes and closes each time I run it.

The "new" thing my computer is doing, is selecting many desktop items when I try to open one, like the shift key is held down? Other times, I will left click and the item I am trying to open won't open, but it's "properties" tab will open instead, as if I right clicked and went down to properties... Another thing, my Control / Alt / Delete won't work, my internal beep happens when I try to press Control.

Thanks again for the help!

#8 Jefcamp

Jefcamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 23 July 2010 - 05:40 PM

Hi,
I can't type on my keyboard at all now, not even in safe mode...

I rebooted and typing is back now.

Edited by Jefcamp, 23 July 2010 - 06:16 PM.


#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:56 PM

Posted 23 July 2010 - 06:19 PM

Hello, Jefcamp.

Backdoor warning!

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advise you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In most cases, a reformat and clean install of the Operating System is the best solution for your (and probably other's) safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Where to draw the line? When to recommend a format and reinstall?


Again, if you would like me to attempt to clean it, I will be happy to do so. But if you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful. Should you have any questions, please feel free to ask.

Please let me know what you decide to do. If you decide to continue with the fix, please proceed with the steps below.




We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 Jefcamp

Jefcamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 24 July 2010 - 01:35 AM

ComboFix 10-07-23.02 - Jeff 07/23/2010 23:10:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.167 [GMT -7:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jeff\g2mdlhlpx.exe
c:\documents and settings\Jeff\Local Settings\Application Data\Windows Server
c:\documents and settings\Jeff\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Jeff\Local Settings\Application Data\Windows Server\uses32.dat
c:\winnt\BackUp
c:\winnt\BackUp\T\51021000.DAT
c:\winnt\BackUp\TB040227.DAT
c:\winnt\Downloaded Program Files\Temp
c:\winnt\patch.exe
c:\winnt\system32\107099453.exe
c:\winnt\system32\13739828.exe
c:\winnt\system32\13813390.exe
c:\winnt\system32\14626281.exe
c:\winnt\system32\1540906.exe
c:\winnt\system32\18704421.exe
c:\winnt\system32\18712312.exe
c:\winnt\system32\199265.exe
c:\winnt\system32\202250.exe
c:\winnt\system32\2195312.exe
c:\winnt\system32\2200234.exe
c:\winnt\system32\23364593.exe
c:\winnt\system32\23399484.exe
c:\winnt\system32\23405296.exe
c:\winnt\system32\23667296.exe
c:\winnt\system32\25584656.exe
c:\winnt\system32\25593562.exe
c:\winnt\system32\275640.exe
c:\winnt\system32\276171.exe
c:\winnt\system32\28116906.exe
c:\winnt\system32\29520953.exe
c:\winnt\system32\29526312.exe
c:\winnt\system32\30281515.exe
c:\winnt\system32\30285531.exe
c:\winnt\system32\36624203.exe
c:\winnt\system32\36631281.exe
c:\winnt\system32\40980906.exe
c:\winnt\system32\40990312.exe
c:\winnt\system32\41992296.exe
c:\winnt\system32\43512375.exe
c:\winnt\system32\43515531.exe
c:\winnt\system32\51817937.exe
c:\winnt\system32\51825531.exe
c:\winnt\system32\52106203.exe
c:\winnt\system32\52109437.exe
c:\winnt\system32\52151890.exe
c:\winnt\system32\52159750.exe
c:\winnt\system32\8719250.exe
c:\winnt\system32\dumphive.exe
c:\winnt\system32\Process.exe
c:\winnt\system32\s.bat
c:\winnt\system32\SrchSTS.exe
c:\winnt\system32\sstray.exe
c:\winnt\system32\tmp.reg
c:\winnt\system32\VCCLSID.exe
c:\winnt\system32\WS2Fix.exe
c:\winnt\Web\default.htt
F:\install.exe

Infected copy of c:\winnt\system32\drivers\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISEXENG
-------\Legacy_NDISRD
-------\Service_IAS
-------\Service_ndisrd


((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-23 22:02 . 2008-04-13 18:39 14592 -c--a-w- c:\winnt\system32\dllcache\kbdhid.sys
2010-07-23 22:02 . 2008-04-13 18:39 14592 ----a-w- c:\winnt\system32\drivers\kbdhid.sys
2010-07-23 22:02 . 2008-04-13 18:45 32128 -c--a-w- c:\winnt\system32\dllcache\usbccgp.sys
2010-07-23 22:02 . 2008-04-13 18:45 32128 ----a-w- c:\winnt\system32\drivers\usbccgp.sys
2010-07-23 21:56 . 2010-07-23 22:10 -------- d-----w- c:\program files\trend micro
2010-07-23 21:56 . 2010-07-23 21:56 -------- d-----w- C:\rsit
2010-07-20 16:29 . 2010-07-20 16:29 -------- d-----w- C:\found.002
2010-07-16 15:37 . 2010-07-16 15:37 -------- d-----w- c:\program files\Common Files\Skype
2010-07-13 21:33 . 2010-07-13 21:33 -------- d-----w- c:\winnt\system32\scripting
2010-07-13 21:33 . 2010-07-13 21:33 -------- d-----w- c:\winnt\l2schemas
2010-07-13 21:33 . 2010-07-13 21:33 -------- d-----w- c:\winnt\system32\en
2010-07-12 01:01 . 2010-05-06 04:01 361904 ----a-w- c:\winnt\system32\drivers\symtdi.sys
2010-07-12 01:01 . 2010-04-29 05:03 116784 ----a-w- c:\winnt\system32\drivers\ironx86.sys
2010-07-12 01:01 . 2010-04-22 03:02 173104 ----a-w- c:\winnt\system32\drivers\symefa.sys
2010-07-12 01:01 . 2010-04-22 02:29 43696 ----a-w- c:\winnt\system32\drivers\srtspx.sys
2010-07-12 01:01 . 2009-10-15 03:50 328752 ----a-r- c:\winnt\system32\drivers\symds.sys
2010-07-12 01:01 . 2010-02-26 00:22 501888 ----a-w- c:\winnt\system32\drivers\cchpx86.sys
2010-07-11 23:37 . 2010-07-11 23:37 60808 ----a-w- c:\winnt\system32\S32EVNT1.DLL
2010-07-11 23:37 . 2010-07-11 23:37 124976 ----a-w- c:\winnt\system32\drivers\SYMEVENT.SYS
2010-07-11 23:36 . 2010-07-12 16:56 -------- d-----w- c:\winnt\system32\drivers\N360
2010-07-11 23:36 . 2010-07-11 23:36 -------- d-----w- c:\program files\Norton 360
2010-07-11 23:36 . 2010-07-11 23:36 -------- d-----w- c:\program files\Windows Sidebar
2010-07-11 23:36 . 2010-07-11 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-11 23:34 . 2010-07-11 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-11 23:34 . 2010-07-11 23:34 -------- d-----w- c:\program files\NortonInstaller
2010-07-09 22:13 . 2010-07-09 22:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-06-27 21:10 . 2010-06-27 21:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-06-24 20:34 . 2010-06-24 20:34 95024 ----a-w- c:\winnt\system32\drivers\SBREDrv.sys
2010-06-24 20:26 . 2010-07-13 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 06:28 . 2008-06-04 16:27 -------- d-----w- c:\documents and settings\Jeff\Application Data\Skype
2010-07-24 06:27 . 2008-06-04 16:37 -------- d-----w- c:\documents and settings\Jeff\Application Data\skypePM
2010-07-24 06:22 . 2009-04-22 03:18 36660 ----a-w- c:\winnt\system32\GlyphInfo.bin
2010-07-24 06:22 . 2009-04-22 03:18 119236 ----a-w- c:\winnt\system32\FontInfo.bin
2010-07-16 15:37 . 2009-04-09 06:14 -------- d-----r- c:\program files\Skype
2010-07-16 15:36 . 2008-06-04 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-14 03:30 . 2006-06-01 16:09 33344 ----a-w- c:\documents and settings\Jeff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-13 21:46 . 2007-04-01 21:54 86315 ----a-w- c:\winnt\pchealth\helpctr\OfflineCache\index.dat
2010-07-13 16:52 . 2004-04-22 15:42 -------- d-----w- c:\program files\Lavasoft
2010-07-13 16:49 . 2004-12-22 01:12 -------- d-----w- c:\documents and settings\Jeff\Application Data\Lavasoft
2010-07-12 22:27 . 2010-06-21 01:57 1324 ----a-w- c:\winnt\system32\d3d9caps.dat
2010-07-11 23:37 . 2010-07-11 23:37 805 ----a-w- c:\winnt\system32\drivers\SYMEVENT.INF
2010-07-11 23:37 . 2010-07-11 23:37 7443 ----a-w- c:\winnt\system32\drivers\SYMEVENT.CAT
2010-07-11 23:37 . 2004-01-28 17:45 -------- d-----w- c:\program files\Symantec
2010-07-11 23:37 . 2004-01-28 17:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-23 05:44 . 2003-09-03 18:09 -------- d-----w- c:\documents and settings\Jeff\Application Data\Oxacep
2010-06-22 22:45 . 2005-06-25 22:22 -------- d-----w- c:\documents and settings\Jeff\Application Data\Liosru
2010-06-22 03:43 . 2006-12-14 18:28 -------- d-----w- c:\program files\Common Files\Softwin
2010-06-21 06:35 . 2009-04-16 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-21 04:36 . 2010-06-21 04:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-06-14 06:43 . 2009-05-21 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-21 21:14 . 2009-10-04 06:07 221568 ------w- c:\winnt\system32\MpSigStub.exe
2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\winnt\system32\wininet.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\winnt\system32\win32k.sys
2010-04-29 22:39 . 2009-04-16 17:38 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-04-16 17:38 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2003-07-27 02:20 . 2003-07-27 02:20 21952 ---h--w- c:\program files\folder.htt
2010-07-23 01:14 . 2007-02-12 19:44 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-08-23 20:20 . 2004-12-28 22:34 66408 ------w- c:\program files\mozilla firefox\components\jar50.dll
2007-08-23 20:20 . 2004-12-28 22:34 54112 ------w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-08-23 20:20 . 2000-08-17 21:49 34688 ------w- c:\program files\mozilla firefox\components\myspell.dll
2007-08-23 20:20 . 2000-08-17 21:49 46456 ------w- c:\program files\mozilla firefox\components\spellchk.dll
2007-08-23 20:20 . 2004-12-28 22:34 171880 ------w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools"="f:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Verizon Media Manager"="f:\program files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" [2010-04-26 434176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-14 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2008-04-14 143360]
"HPDJ Taskbar Utility"="c:\winnt\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-23 30192]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-29 149280]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [2009-10-14 66912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2006-02-28 44544]
"SWHelper"="c:\winnt\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-06-25 53248]

c:\documents and settings\Jeff\Start Menu\Programs\Startup\
Shortcut to Crestron Fixes for Jay.lnk - c:\documents and settings\Jeff\Desktop\Crestron Fixes for Jay.doc [2007-9-27 19968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
ELSBLaunch.lnk - c:\program files\EarthLink\spamBlocker\ELSBLaunch.exe [2004-10-5 40960]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Home\\ftpte.exe"=
"c:\\Crestron\\Simpl\\cmdnld.dll"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks-finder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
"f:\\Program Files\\PPACalculator\\FB\\bin\\PokerServer-fb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\winnt\system32\drivers\SI3112r.sys [5/9/2003 3:55 PM 89749]
R0 SymDS;Symantec Data Store;c:\winnt\system32\drivers\N360\0402000.00C\symds.sys [7/11/2010 6:01 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\winnt\system32\drivers\N360\0402000.00C\symefa.sys [7/11/2010 6:01 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/13/2010 9:20 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\winnt\system32\drivers\N360\0402000.00C\cchpx86.sys [7/11/2010 6:01 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\winnt\system32\drivers\N360\0402000.00C\ironx86.sys [7/11/2010 6:01 PM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccsvchst.exe [7/11/2010 6:01 PM 126392]
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\winnt\system32\drivers\e10kx2k.sys [7/27/2003 10:12 AM 1745168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [7/20/2010 4:50 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100723.001\IDSXpx86.sys [7/23/2010 10:50 PM 331640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/2/2010 11:08 AM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/12/2007 12:44 PM 30192]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/26/2003 9:32 PM 49776]
S4 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [7/14/2008 7:43 PM 682232]
.
Contents of the 'Scheduled Tasks' folder

2010-07-19 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-07-24 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 18:07]

2010-07-24 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 18:07]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\jq1y3jix.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-nForce Tray Options - sstray.exe
SSODL-DCGCAFEE-{752A1DBE-52B5-7F6A-4F6E-7228521A1893} - c:\winnt\system32\Cmmahjjm.dll
SSODL-mtkle-{4C39D505-B884-46F3-94B9-2B39DFC67ADD} - c:\winnt\system32\paiw32.dll
Notify-drivers - c:\winnt\system32\armparse.dll
SafeBoot-sglfb.sys
SafeBoot-tga.sys
AddRemove-2001 TurboTax Deluxe - d:\program files\Tax01\TaxUnst.EXE
AddRemove-Citrix ICA Client - d:\progra~1\Citrix\ICACLI~1\Uninst.isu
AddRemove-Creative News - c:\program files\Creative\News\CTNews.isu
AddRemove-WinZip - c:\documents and settings\Jeff\My Documents\Downloaded Programs\WinZip70\WINZIP32.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 23:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3304)
c:\winnt\system32\WININET.dll
c:\program files\EarthLink\spamBlocker\ELSBOEHook.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\winnt\system32\MsPMSPSv.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Spiceworks\bin\spicetray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-07-23 23:39:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-24 06:39

Pre-Run: 5,580,443,648 bytes free
Post-Run: 5,604,225,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D24830B2E7DF3E284BC098E6010A4283


#11 Jefcamp

Jefcamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 24 July 2010 - 01:36 AM

Two programs are set to start up with a reboot, Word and Verizon Media Manager. Both of them started while the Combofix screen said not to run programs until the scan is complete. Just wanted you to know in case it mattered?
Thanks

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:56 PM

Posted 24 July 2010 - 02:19 AM

Hello, Jefcamp.
No, it's fine, don't worry about it. The reason combofix asks not to run any programs is in case you run, for example, an antivirus program, which may conflict with combofix.

How's your computer doing now? Are you still experiencing the problems you mentioned earlier? Any other problems you're having?
We need to run a Combofix script
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    CODE
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
  4. Save this as CFScript.txt, in the same location as ComboFix.exe
  5. Now, drag and drop CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 Jefcamp

Jefcamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 26 July 2010 - 01:12 AM

I posted the Combofix.txt as an attachment, if you want the text alone, let me know.
Thanks

ComboFix 10-07-24.04 - Jeff 07/25/2010 18:31:22.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.105 [GMT -7:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-06-26 to 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-23 22:02 . 2008-04-13 18:39 14592 -c--a-w- c:\winnt\system32\dllcache\kbdhid.sys
2010-07-23 22:02 . 2008-04-13 18:39 14592 ----a-w- c:\winnt\system32\drivers\kbdhid.sys
2010-07-23 22:02 . 2008-04-13 18:45 32128 -c--a-w- c:\winnt\system32\dllcache\usbccgp.sys
2010-07-23 22:02 . 2008-04-13 18:45 32128 ----a-w- c:\winnt\system32\drivers\usbccgp.sys
2010-07-23 21:56 . 2010-07-23 22:10 -------- d-----w- c:\program files\trend micro
2010-07-23 21:56 . 2010-07-23 21:56 -------- d-----w- C:\rsit
2010-07-20 16:29 . 2010-07-20 16:29 -------- d-----w- C:\found.002
2010-07-16 15:37 . 2010-07-16 15:37 -------- d-----w- c:\program files\Common Files\Skype
2010-07-13 21:33 . 2010-07-13 21:33 -------- d-----w- c:\winnt\system32\scripting
2010-07-13 21:33 . 2010-07-13 21:33 -------- d-----w- c:\winnt\l2schemas
2010-07-13 21:33 . 2010-07-13 21:33 -------- d-----w- c:\winnt\system32\en
2010-07-12 01:01 . 2010-05-06 04:01 361904 ----a-w- c:\winnt\system32\drivers\symtdi.sys
2010-07-12 01:01 . 2010-04-29 05:03 116784 ----a-w- c:\winnt\system32\drivers\ironx86.sys
2010-07-12 01:01 . 2010-04-22 03:02 173104 ----a-w- c:\winnt\system32\drivers\symefa.sys
2010-07-12 01:01 . 2010-04-22 02:29 43696 ----a-w- c:\winnt\system32\drivers\srtspx.sys
2010-07-12 01:01 . 2009-10-15 03:50 328752 ----a-r- c:\winnt\system32\drivers\symds.sys
2010-07-12 01:01 . 2010-02-26 00:22 501888 ----a-w- c:\winnt\system32\drivers\cchpx86.sys
2010-07-11 23:37 . 2010-07-11 23:37 60808 ----a-w- c:\winnt\system32\S32EVNT1.DLL
2010-07-11 23:37 . 2010-07-11 23:37 124976 ----a-w- c:\winnt\system32\drivers\SYMEVENT.SYS
2010-07-11 23:36 . 2010-07-12 16:56 -------- d-----w- c:\winnt\system32\drivers\N360
2010-07-11 23:36 . 2010-07-11 23:36 -------- d-----w- c:\program files\Norton 360
2010-07-11 23:36 . 2010-07-11 23:36 -------- d-----w- c:\program files\Windows Sidebar
2010-07-11 23:36 . 2010-07-11 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-11 23:34 . 2010-07-11 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-11 23:34 . 2010-07-11 23:34 -------- d-----w- c:\program files\NortonInstaller
2010-07-09 22:13 . 2010-07-09 22:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-06-27 21:10 . 2010-06-27 21:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 01:42 . 2008-06-04 16:27 -------- d-----w- c:\documents and settings\Jeff\Application Data\Skype
2010-07-26 01:26 . 2008-06-04 16:37 -------- d-----w- c:\documents and settings\Jeff\Application Data\skypePM
2010-07-26 01:24 . 2009-04-22 03:18 36660 ----a-w- c:\winnt\system32\GlyphInfo.bin
2010-07-26 01:24 . 2009-04-22 03:18 119236 ----a-w- c:\winnt\system32\FontInfo.bin
2010-07-16 15:37 . 2009-04-09 06:14 -------- d-----r- c:\program files\Skype
2010-07-16 15:36 . 2008-06-04 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-14 03:30 . 2006-06-01 16:09 33344 ----a-w- c:\documents and settings\Jeff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-13 21:46 . 2007-04-01 21:54 86315 ----a-w- c:\winnt\pchealth\helpctr\OfflineCache\index.dat
2010-07-13 16:52 . 2004-04-22 15:42 -------- d-----w- c:\program files\Lavasoft
2010-07-13 16:52 . 2010-06-24 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-13 16:49 . 2004-12-22 01:12 -------- d-----w- c:\documents and settings\Jeff\Application Data\Lavasoft
2010-07-12 22:27 . 2010-06-21 01:57 1324 ----a-w- c:\winnt\system32\d3d9caps.dat
2010-07-11 23:37 . 2010-07-11 23:37 805 ----a-w- c:\winnt\system32\drivers\SYMEVENT.INF
2010-07-11 23:37 . 2010-07-11 23:37 7443 ----a-w- c:\winnt\system32\drivers\SYMEVENT.CAT
2010-07-11 23:37 . 2004-01-28 17:45 -------- d-----w- c:\program files\Symantec
2010-07-11 23:37 . 2004-01-28 17:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-24 20:34 . 2010-06-24 20:34 95024 ----a-w- c:\winnt\system32\drivers\SBREDrv.sys
2010-06-23 05:44 . 2003-09-03 18:09 -------- d-----w- c:\documents and settings\Jeff\Application Data\Oxacep
2010-06-22 22:45 . 2005-06-25 22:22 -------- d-----w- c:\documents and settings\Jeff\Application Data\Liosru
2010-06-22 03:43 . 2006-12-14 18:28 -------- d-----w- c:\program files\Common Files\Softwin
2010-06-21 06:35 . 2009-04-16 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-21 04:36 . 2010-06-21 04:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-06-14 06:43 . 2009-05-21 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-25 04:00 . 2010-05-25 04:00 503808 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5e5bab34-n\msvcp71.dll
2010-05-25 04:00 . 2010-05-25 04:00 499712 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5e5bab34-n\jmc.dll
2010-05-25 04:00 . 2010-05-25 04:00 348160 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5e5bab34-n\msvcr71.dll
2010-05-21 21:14 . 2009-10-04 06:07 221568 ------w- c:\winnt\system32\MpSigStub.exe
2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\winnt\system32\wininet.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\winnt\system32\win32k.sys
2010-04-29 22:39 . 2009-04-16 17:38 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-04-16 17:38 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2003-07-27 02:20 . 2003-07-27 02:20 21952 ---h--w- c:\program files\folder.htt
2010-07-23 01:14 . 2007-02-12 19:44 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-08-23 20:20 . 2004-12-28 22:34 66408 ------w- c:\program files\mozilla firefox\components\jar50.dll
2007-08-23 20:20 . 2004-12-28 22:34 54112 ------w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-08-23 20:20 . 2000-08-17 21:49 34688 ------w- c:\program files\mozilla firefox\components\myspell.dll
2007-08-23 20:20 . 2000-08-17 21:49 46456 ------w- c:\program files\mozilla firefox\components\spellchk.dll
2007-08-23 20:20 . 2004-12-28 22:34 171880 ------w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools"="f:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Verizon Media Manager"="f:\program files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" [2010-04-26 434176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-14 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2008-04-14 143360]
"HPDJ Taskbar Utility"="c:\winnt\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-23 30192]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-29 149280]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [2009-10-14 66912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2006-02-28 44544]
"SWHelper"="c:\winnt\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-06-25 53248]

c:\documents and settings\Jeff\Start Menu\Programs\Startup\
Shortcut to Crestron Fixes for Jay.lnk - c:\documents and settings\Jeff\Desktop\Crestron Fixes for Jay.doc [2007-9-27 19968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
ELSBLaunch.lnk - c:\program files\EarthLink\spamBlocker\ELSBLaunch.exe [2004-10-5 40960]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Home\\ftpte.exe"=
"c:\\Crestron\\Simpl\\cmdnld.dll"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks-finder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
"f:\\Program Files\\PPACalculator\\FB\\bin\\PokerServer-fb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\winnt\system32\drivers\SI3112r.sys [5/9/2003 3:55 PM 89749]
R0 SymDS;Symantec Data Store;c:\winnt\system32\drivers\N360\0402000.00C\symds.sys [7/11/2010 6:01 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\winnt\system32\drivers\N360\0402000.00C\symefa.sys [7/11/2010 6:01 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/13/2010 9:20 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\winnt\system32\drivers\N360\0402000.00C\cchpx86.sys [7/11/2010 6:01 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\winnt\system32\drivers\N360\0402000.00C\ironx86.sys [7/11/2010 6:01 PM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccsvchst.exe [7/11/2010 6:01 PM 126392]
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\winnt\system32\drivers\e10kx2k.sys [7/27/2003 10:12 AM 1745168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [7/20/2010 4:50 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100723.001\IDSXpx86.sys [7/23/2010 10:50 PM 331640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/2/2010 11:08 AM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/12/2007 12:44 PM 30192]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/26/2003 9:32 PM 49776]
S4 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [7/14/2008 7:43 PM 682232]
.
Contents of the 'Scheduled Tasks' folder

2010-07-19 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-07-26 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 18:07]

2010-07-26 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 18:07]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\jq1y3jix.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 18:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3588)
c:\winnt\system32\WININET.dll
c:\program files\EarthLink\spamBlocker\ELSBOEHook.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-25 18:50:24
ComboFix-quarantined-files.txt 2010-07-26 01:50
ComboFix2.txt 2010-07-24 06:39

Pre-Run: 5,570,977,792 bytes free
Post-Run: 5,568,487,424 bytes free

- - End Of File - - 70752BAF76EF8561594D4C53E4793C16

Attached Files


Edited by aommaster, 26 July 2010 - 03:02 AM.


#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:56 PM

Posted 26 July 2010 - 03:04 AM

Hello, Jefcamp.
No worries, I copied and pasted your log into your reply (it makes it easier for me to read). There's no need to attach the logs. Just directly pasting them is fine smile.gif

How's your computer doing? Are you experiencing any other problems? If not, please proceed with below.
We need to update your version of Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 21 (JDK or JRE)".
  3. Click the Download JRE button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please make sure you turn on the Java Automatic Update Feature

Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.

NEXT:

We need to run an ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the ESET Online Scanner button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the Eset Smart Installer icon on your desktop.
  4. Check the "YES, I accept the Terms of Use"
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check Scan archives
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push "List of found threats"
  11. Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the "< button.
  13. Push Finish

In your next reply, please include the following:
  • Eset Scan Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 Jefcamp

Jefcamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 27 July 2010 - 01:34 AM

Hi AOM,
I've updated the Java and I'm working on the ESET scan now. After the combofix, Tidserv popped up a couple times, but that seems to be gone now too. I have to say that my computer is much snappier already. I'll try to post it yet tonight.
Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users