View Full Version : Virtumonde?
michiele
2009-04-22, 21:17
I have had this trogan in the past. Computer has been acting strangely the last few days (ads coming up on internet explorer before the real page I am trying to get to). Anyhow, spybot said I have virtumonde, but it didn't seem able to fix it. Here is my HJthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:44 PM, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\fxredir.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450d-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON_UD_START] "C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.harcourtschool.com/glossary/math2/define/gr4/elapsed_time4.html"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://maps.rupri.org
O15 - Trusted Zone: http://www.saintfrancis.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mpix.com/Customer/Uploading/activex/ImageUploader4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://192.168.1.150/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/Customer/Uploading/activex/ImageUploader3.cab
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://reasors.lifepics.com/net/Uploader/LPUploader57.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EMP_UDSA - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c95c6cdb9aba86) (gupdate1c95c6cdb9aba86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
--
End of file - 11743 bytes
Thank you for any help.
Hi michiele
Please post next spybot report :)
michiele
2009-04-23, 15:43
After running, spybot, I don't see the virtumonde line anymore... Hmmmm.
While running spybot scan, windows had an error message:
Generic Host Process for Win 32 services has encountered a problem and needs to close.
Error signature
szAppName : szAppVer : 0.0.0.0 szModName : unknown
szModVer : 0.0.0.0 offset : 00000000
The following files will be included in this error report:
C:\DOCUME~1\MICHIE~1\LOCALS~1\Temp\WER26b0.dir00\svchost.exe.mdmp
C:\DOCUME~1\MICHIE~1\LOCALS~1\Temp\WER26b0.dir00\appcompat.txt
The spybot scan finished though...
The spybot report is so long. I wasn't sure if I could fit it here. I made a page on my website for it: http://miraclesoflife.com/spybotlog423.htm
Anything else you need to see?
Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)
Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..
michiele
2009-04-23, 17:57
I ran gmer.exe as you said. Here is the resulting log:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-23 09:44:45
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT BA576A86 ZwCreateKey
SSDT BA576A7C ZwCreateThread
SSDT BA576A8B ZwDeleteKey
SSDT BA576A95 ZwDeleteValueKey
SSDT BA576A9A ZwLoadKey
SSDT BA576A68 ZwOpenProcess
SSDT BA576A6D ZwOpenThread
SSDT BA576AA4 ZwReplaceKey
SSDT BA576A9F ZwRestoreKey
SSDT BA576A90 ZwSetValueKey
SSDT BA576A77 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 11A 804E4954 2 Bytes [86, 6A]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\iTunes\iTunesHelper.exe[564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100136F4
.text C:\Program Files\iTunes\iTunesHelper.exe[564] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 1001363C
.text C:\Program Files\iTunes\iTunesHelper.exe[564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10012F04
.text C:\Program Files\iTunes\iTunesHelper.exe[564] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100126B0
.text C:\Program Files\iTunes\iTunesHelper.exe[564] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012630
.text C:\Program Files\iTunes\iTunesHelper.exe[564] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10013604
.text C:\WINDOWS\system32\wuauclt.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\system32\wuauclt.exe[592] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\system32\wuauclt.exe[592] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\system32\wuauclt.exe[592] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\system32\wuauclt.exe[592] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\system32\wuauclt.exe[592] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\Program Files\Java\jre6\bin\jqs.exe[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\Program Files\Java\jre6\bin\jqs.exe[604] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\Program Files\Java\jre6\bin\jqs.exe[604] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\Program Files\Java\jre6\bin\jqs.exe[604] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\Program Files\Java\jre6\bin\jqs.exe[604] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\Program Files\Java\jre6\bin\jqs.exe[604] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 108436F4
.text C:\WINDOWS\system32\nvsvc32.exe[704] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1084363C
.text C:\WINDOWS\system32\nvsvc32.exe[704] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10842F04
.text C:\WINDOWS\system32\nvsvc32.exe[704] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 108426B0
.text C:\WINDOWS\system32\nvsvc32.exe[704] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10842630
.text C:\WINDOWS\system32\nvsvc32.exe[704] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10843604
.text C:\WINDOWS\system32\winlogon.exe[852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\system32\winlogon.exe[852] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\system32\winlogon.exe[852] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\system32\winlogon.exe[852] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\system32\winlogon.exe[852] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\system32\winlogon.exe[852] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\system32\lsass.exe[916] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\system32\lsass.exe[916] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\system32\lsass.exe[916] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\system32\lsass.exe[916] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\system32\lsass.exe[916] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\system32\svchost.exe[1136] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\system32\svchost.exe[1136] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\system32\svchost.exe[1136] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\system32\svchost.exe[1136] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\system32\svchost.exe[1136] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\system32\svchost.exe[1212] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\system32\svchost.exe[1212] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\system32\svchost.exe[1212] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\system32\svchost.exe[1212] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\system32\svchost.exe[1212] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\System32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\System32\svchost.exe[1304] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\System32\svchost.exe[1304] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\System32\svchost.exe[1304] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\System32\svchost.exe[1304] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\System32\svchost.exe[1304] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\System32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\System32\svchost.exe[1448] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\System32\svchost.exe[1448] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\System32\svchost.exe[1448] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\System32\svchost.exe[1448] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\System32\svchost.exe[1448] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\System32\Tablet.exe[1500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\System32\Tablet.exe[1500] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\System32\Tablet.exe[1500] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\System32\Tablet.exe[1500] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\System32\Tablet.exe[1500] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\System32\Tablet.exe[1500] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\System32\svchost.exe[1504] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\System32\svchost.exe[1504] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\System32\svchost.exe[1504] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\System32\svchost.exe[1504] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\System32\svchost.exe[1504] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\system32\spoolsv.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\system32\spoolsv.exe[1652] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\system32\spoolsv.exe[1652] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\system32\spoolsv.exe[1652] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\system32\spoolsv.exe[1652] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\system32\spoolsv.exe[1652] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100136F4
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1760] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 1001363C
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1760] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10012F04
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1760] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100126B0
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1760] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012630
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1760] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10013604
.text C:\WINDOWS\System32\svchost.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\System32\svchost.exe[1844] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\System32\svchost.exe[1844] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\System32\svchost.exe[1844] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\System32\svchost.exe[1844] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\System32\svchost.exe[1844] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\system32\ctfmon.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\system32\ctfmon.exe[1968] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\system32\ctfmon.exe[1968] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\system32\ctfmon.exe[1968] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\system32\ctfmon.exe[1968] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\system32\ctfmon.exe[1968] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100336F4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2128] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 1003363C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2128] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10032F04
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2128] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100326B0
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2128] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10032630
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2128] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10033604
.text C:\WINDOWS\System32\alg.exe[2612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\System32\alg.exe[2612] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\System32\alg.exe[2612] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\System32\alg.exe[2612] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\System32\alg.exe[2612] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\System32\alg.exe[2612] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\System32\DSentry.exe[2920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\System32\DSentry.exe[2920] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\System32\DSentry.exe[2920] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\System32\DSentry.exe[2920] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\System32\DSentry.exe[2920] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\System32\DSentry.exe[2920] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2988] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2988] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2988] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2988] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe[2988] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\System32\svchost.exe[3160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\System32\svchost.exe[3160] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\System32\svchost.exe[3160] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\System32\svchost.exe[3160] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\System32\svchost.exe[3160] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\System32\svchost.exe[3160] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
.text C:\WINDOWS\system32\RUNDLL32.EXE[3252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100036F4
.text C:\WINDOWS\system32\RUNDLL32.EXE[3252] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1000363C
.text C:\WINDOWS\system32\RUNDLL32.EXE[3252] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002F04
.text C:\WINDOWS\system32\RUNDLL32.EXE[3252] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026B0
.text C:\WINDOWS\system32\RUNDLL32.EXE[3252] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002630
.text C:\WINDOWS\system32\RUNDLL32.EXE[3252] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003604
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
michiele
2009-04-23, 18:08
RSIT results
Log.txt (info.txt in next post)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Michiele Vargas at 2009-04-23 10:05:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (10%) free of 76 GB
Total RAM: 2047 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:33 AM, on 4/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\fxredir.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Documents and Settings\Michiele Vargas\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Michiele Vargas.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450d-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON_UD_START] "C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.harcourtschool.com/glossary/math2/define/gr4/elapsed_time4.html"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://maps.rupri.org
O15 - Trusted Zone: http://www.saintfrancis.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mpix.com/Customer/Uploading/activex/ImageUploader4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://192.168.1.150/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/Customer/Uploading/activex/ImageUploader3.cab
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://reasors.lifepics.com/net/Uploader/LPUploader57.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EMP_UDSA - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c95c6cdb9aba86) (gupdate1c95c6cdb9aba86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
--
End of file - 11850 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D48B3949-9780-43BB-BF13-E39D7330B9E1}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}]
eBay Toolbar Helper - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2009-01-16 525552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-08 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-08 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{92085AD4-F48A-450d-BD93-B28CC7DF67CE} - eBay Toolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2009-01-16 525552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-08 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-08-14 28672]
"fxredir"=C:\WINDOWS\System32\fxredir.exe [2001-08-21 65536]
"monitr32"=C:\Program Files\Canon\MultiPASS4\monitr32.exe [2001-08-21 311296]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-10-29 8466432]
"eBayToolbar"=C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe [2009-01-16 632048]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-29 81920]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll []
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"EPSON_UD_START"=C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe [2008-05-22 329632]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 -reboot 1 []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-08 39408]
"Creative MediaSource Go"=C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe [2002-11-25 126976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
TabUserW.exe.lnk - C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\SYSTEM32\mmc.exe"="C:\WINDOWS\SYSTEM32\mmc.exe:*:Enabled:Microsoft Management Console"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90e8a804-29e0-11dd-aadb-000d56073fd0}]
shell\AutoRun\command - F:\ClearPlayEasyUpdates.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98dded8c-29cf-11de-ac54-000d56073fd0}]
shell\AutoRun\command - F:\EMP_UDSe.exe /autorun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b54b9834-d924-11da-9c01-000d56073fd0}]
shell\AutoRun\command - F:\OpenWeb.exe
======List of files/folders created in the last 1 months======
2009-04-23 10:05:27 ----D---- C:\rsit
2009-04-22 12:55:50 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-04-22 12:53:00 ----SHD---- C:\Config.Msi
2009-04-22 12:50:35 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-04-22 12:50:34 ----D---- C:\Program Files\NOS
2009-04-22 12:41:59 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-22 12:41:59 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-22 12:41:59 ----A---- C:\WINDOWS\system32\java.exe
2009-04-22 08:59:33 ----D---- C:\Program Files\Avira
2009-04-22 08:59:33 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-04-21 10:12:47 ----D---- C:\WINDOWS\ERDNT
2009-04-21 10:12:13 ----D---- C:\Program Files\ERUNT
2009-04-20 09:33:08 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-16 05:47:07 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-15 18:06:51 ----D---- C:\Program Files\EPSON Projector
2009-04-11 10:25:00 ----D---- C:\Documents and Settings\All Users\Application Data\Amazon
2009-04-11 10:24:50 ----D---- C:\Program Files\Amazon
2009-04-06 14:25:04 ----D---- C:\Documents and Settings\Michiele Vargas\Application Data\FileZilla
2009-04-06 14:23:56 ----D---- C:\Program Files\FileZilla FTP Client
2009-04-06 11:49:22 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-04-06 11:49:15 ----D---- C:\Program Files\WinZip
======List of files/folders modified in the last 1 months======
2009-04-23 09:56:14 ----SD---- C:\WINDOWS\Tasks
2009-04-23 09:54:52 ----D---- C:\WINDOWS\Temp
2009-04-23 09:51:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-23 09:51:55 ----D---- C:\WINDOWS
2009-04-23 09:51:47 ----D---- C:\WINDOWS\SYSTEM32
2009-04-23 07:23:02 ----A---- C:\WINDOWS\hpbafd.ini
2009-04-23 06:20:05 ----D---- C:\WINDOWS\system32\DRIVERS
2009-04-23 06:17:11 ----HD---- C:\WINDOWS\INF
2009-04-23 06:11:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-22 19:18:48 ----D---- C:\WINDOWS\Prefetch
2009-04-22 19:18:39 ----D---- C:\WINDOWS\Registration
2009-04-22 14:48:23 ----D---- C:\Program Files\Qimage
2009-04-22 14:45:34 ----A---- C:\WINDOWS\iltwain.ini
2009-04-22 12:56:07 ----SHD---- C:\WINDOWS\Installer
2009-04-22 12:56:06 ----D---- C:\Program Files\Adobe
2009-04-22 12:55:53 ----D---- C:\Documents and Settings\Michiele Vargas\Application Data\Adobe
2009-04-22 12:55:53 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-22 12:55:50 ----D---- C:\Program Files\Common Files
2009-04-22 12:54:54 ----D---- C:\Program Files\Common Files\Adobe
2009-04-22 12:50:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-22 12:50:34 ----RD---- C:\Program Files
2009-04-22 12:46:20 ----A---- C:\WINDOWS\Ulead32.ini
2009-04-22 12:41:57 ----D---- C:\Program Files\Java
2009-04-22 08:58:10 ----D---- C:\WINDOWS\WinSxS
2009-04-22 08:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-21 10:14:06 ----D---- C:\Program Files\Trend Micro
2009-04-20 12:56:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-20 12:55:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-17 05:54:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 05:50:14 ----D---- C:\WINDOWS\AppPatch
2009-04-17 05:50:14 ----AD---- C:\WINDOWS\system32\WBEM
2009-04-16 20:00:59 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-04-16 20:00:51 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 20:00:26 ----D---- C:\WINDOWS\system32\en-US
2009-04-16 20:00:25 ----D---- C:\Program Files\Internet Explorer
2009-04-16 19:57:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-14 10:41:46 ----D---- C:\Documents and Settings\Michiele Vargas\Application Data\Move Networks
2009-04-11 10:24:19 ----D---- C:\WINDOWS\Downloaded Installations
2009-04-07 13:12:35 ----D---- C:\Program Files\FastStone Image Viewer
2009-04-06 14:43:46 ----D---- C:\temp
2009-04-06 08:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-02 12:33:44 ----RSD---- C:\WINDOWS\Fonts
2009-03-29 11:54:20 ----D---- C:\WINDOWS\BBSTORE
2009-03-29 11:53:41 ----D---- C:\Program Files\The Learning Company
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-03-09 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-03-09 2560]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2007-10-14 143834]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2007-10-14 206464]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
R2 cis1284;cis1284; \??\C:\WINDOWS\System32\drivers\cis1284.sys []
R2 NetAlrt;NetAlrt; \??\C:\WINDOWS\System32\drivers\NetAlrt.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R2 PlatAlrt;PlatAlrt; \??\C:\WINDOWS\System32\drivers\PlatAlrt.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-03-26 498688]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2007-10-14 25898]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2002-11-12 99840]
R3 eppvad_simple;EPSON Projector UD Audio Device; C:\WINDOWS\system32\drivers\EMP_UDAU.sys [2008-05-14 17664]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-03-26 823616]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-10-29 6824448]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-03-26 189504]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-05-23 13780]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2003-02-20 126976]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2003-02-20 495616]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2003-02-20 655360]
S3 cvspydr2;ColorVision Spyder 2; C:\WINDOWS\System32\DRIVERS\cvspydr2.sys [2002-04-02 33024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 ewdmaudn;ewdmaudn; \??\C:\DOCUME~1\MICHIE~1\LOCALS~1\Temp\ewdmaudn.sys []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2007-10-14 30630]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ADVService;Amazon Unbox Video Service; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [2007-07-11 25640]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2002-08-07 221184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 EMP_UDSA;EMP_UDSA; C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2008-05-28 94208]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MpService;MpService; C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE [2001-08-21 49152]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-29 155716]
R2 TabletService;TabletService; C:\WINDOWS\System32\Tablet.exe [2003-12-04 634880]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
R3 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 gupdate1c95c6cdb9aba86;Google Update Service (gupdate1c95c6cdb9aba86); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-02 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-07-30 1118208]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
S4 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
-----------------EOF-----------------
michiele
2009-04-23, 18:09
info.txt from RSIT
info.txt logfile of random's system information tool 1.06 2009-04-23 10:05:36
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Reader Japanese Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5A76-5A64-7E8A45000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Amara - Flash Slide Show Builder-->"C:\Program Files\Amara - Flash Slide Show Builder\uninstall.exe"
Amazon Unbox Video-->C:\Program Files\InstallShield Installation Information\{54A4839E-87F8-4BD1-9682-A349E9943F0A}\setup.exe -runfromtemp -l0x0409
AncestryView 2.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D533DC05-E776-4ABC-82E1-D8D733D2E6B3}
AncestryView Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0DC5E13-2F21-4EFD-B77B-4F43F9046571}\Setup.exe" -uninst
AncestryView-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MyFamily.Com\AncestryView\Uninst.isu"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Better Homes and Gardens Home Designer Suite 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93FFFB60-DE59-4550-955D-5F12B23ADA1F}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BookSmart™ 1.9.9 1.9.9-->C:\Program Files\BookSmart\uninstall.exe
Canon FV M10, OPTURA20 WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6A30F2AE-03B2-47EB-9754-BCF2EC56B7AF}
Canon MultiPASS Suite 4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A508AAA-3B69-4326-B89E-A6166FA05D3C}\setup.exe" -Uninstall
Carmen Sandiego Math Detective-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Carmen Math Detective\DeIsL1.isu"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
ClearPlay Easy Updates-->MsiExec.exe /I{8CCD293C-0563-4EB0-BFAF-F279B61A6F32}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Applications-->C:\WINDOWS\Corel\Uninstal.exe
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
Creative Memories Memory Manager 2-->MsiExec.exe /I{0F1A3568-7419-4115-A207-512B9F688267}
Creative Memories StoryBook Creator Plus-->MsiExec.exe /I{A3C7B70F-E60A-4429-B0EF-D5289EF89C5B}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DVDit! SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24D251-448E-11D4-A499-0050DA6E827C}\SETUP.EXE" -L0x9
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
eBay Toolbar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}\setup.exe" -l0x9
EPSON USB Display-->C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDUi.exe
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Family Tree Maker 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}\setup.exe" -l0x9
FastStone Image Viewer 3.6-->C:\Program Files\FastStone Image Viewer\uninst.exe
FileZilla Client 3.2.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Focus Magic 3.02-->"C:\Program Files\Focus Magic\unins000.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.53\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
I Love Math!-->C:\WINDOWS\Uninst.exe -r"DK Multimedia\I Love Math!\1.0.4.0" -n"I Love Math!" -fC:\PROGRA~1\DKMULT~1\ILOVEM~1\DeIsL1.isu -cC:\PROGRA~1\DKMULT~1\ILOVEM~1\uninst.dll
Intel RSX 3D-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\system32\DeIsL1.isu
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Intel(R) PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
Intel® Pro Alerting Agent, Version 3.2.0-->MsiExec.exe /I{66B4F24C-BE5D-423A-B56B-4013481F6801}
Intel® PRO Network Adapters WMI Provider (2.0)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C701994-43D2-4B7B-A548-C6E6C224D9A9}\setup.exe"
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod Updater 2004-11-15-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Jalbum 8.1-->C:\Program Files\Jalbum8.1\Uninstall.exe
JAlbum-->"C:\Program Files\JAlbum\Uninstall_JAlbum\Uninstall JAlbum.exe"
Java 2 Runtime Environment, SE v1.4.2_01-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MasterCook Deluxe 9-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{99B366B0-76B6-4DBA-95A3-A730015A7D01}
Math Munchers Deluxe-->C:\WINDOWS\uninst.exe -f"C:\Program Files\The Learning Company\Math Munchers Deluxe\DeIsL1.isu"
Memory Manager Shared Components Update-->MsiExec.exe /I{855544EF-FF9E-4BB0-9CCF-B9D930FE6FFD}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web 2 MUI (English)-->MsiExec.exe /X{90120000-0045-0409-0000-0000000FF1CE}
Microsoft Expression Web 2-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall XWEB /dll XSETUP.DLL
Microsoft Expression Web 2-->MsiExec.exe /X{90120000-0045-0000-0000-0000000FF1CE}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{91170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu-->MsiExec.exe /X{15EFEBF6-E414-33EB-8710-A04AD1302BF8}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Photo Calendars and Cards-->MsiExec.exe /I{B9DA017D-D74F-411E-92D4-6BA13CAEB5DA}
MyPublisher BookMaker-->C:\WINDOWS\system32\MypubUninstaller.exe
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Noise Ninja 1.1-->"C:\Program Files\PictureCode\Noise Ninja\unins000.exe"
Noise Ninja 2 (Standalone Version)-->"C:\Program Files\PictureCode\NoiseNinja2\unins000.exe"
Notebook Interactive Viewer-->MsiExec.exe /X{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Outdoor Objects Catalog-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetup -ether"C:\Program Files\InstallShield Installation Information\{264C2B41-D2B0-4508-854E-016ED64C7F73}" -l0x9
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoStreamer 2-->"C:\Documents and Settings\All Users\Application Data\{3ABF525B-E983-4C94-A5A3-0BD38AD30839}\PhotoStreamer2Setup.exe" REMOVE=TRUE MODIFY=FALSE
Phrogram v2.2-->MsiExec.exe /I{7F068655-4423-442B-912C-CBBEB8619D4B}
Picaboo-->MsiExec.exe /I{DE743C9A-3D04-4A55-A9FF-596C363E8FA4}
PicturesToExe 5.1-->C:\Program Files\WnSoft PicturesToExe\5.1\uninst.exe
PicturesToExe-->C:\Program Files\PicturesToExe\uninstal.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qimage-->C:\PROGRA~1\Qimage\UNWISE.EXE C:\PROGRA~1\Qimage\INSTALL.LOG
QuickBooks Pro Edition 2003-->C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Quicken 2003 Basic-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{88D0E768-CD6A-42A9-97F9-2B12CF740019} anything
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Reader Rabbit Math Ages 6-9-->C:\Program Files\The Learning Company\Reader Rabbit Math Ages 6-9\uninstal.exe
Reader Rabbit presents Math Journey for Grades 1-3-->C:\WINDOWS\IsUninst.exe -fC:\Tlcwin\Imj\Uninst\DeIsL1.isu
RLPrintPlugin-->MsiExec.exe /I{3E55A2EC-00A6-4B4E-80BF-B5FEF79A5411}
RocketReader Kids Version 3.00-->"C:\Program Files\RocketReader KidsV3\Uninstall.exe" "C:\Program Files\RocketReader KidsV3\install.log"
Sammy's Science House (Remove only)-->C:\WINDOWS\edmkuni2.exe "C:\Program Files\Edmark\Sammy's Science House "
Second Nature - Pathways In Paradise by Alan Giana-->C:\SLIDESHW\unslide\giana\UNSLIDE.EXE C:\SLIDESHW\unslide\giana <:> C:\SLIDESHW
Second Nature - Stranger in the Woods by Carl R Sams II-->C:\SLIDESHW\unslide\sams\UNSLIDE.EXE C:\SLIDESHW\unslide\sams <:> C:\SLIDESHW
Second Nature - Winter Beauty-->C:\PROGRA~1\SECOND~1\unslide\winter03\UNWISE.EXE C:\PROGRA~1\SECOND~1\unslide\winter03\INSTALL.LOG
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Space Junk 1.0-->"C:\temp\phrogram\Space Junk\unins000.exe"
SpongeBob SquarePants Typing-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\SpongeBob SquarePants Typing\Uninstall.xml"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Web Controls-->MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
Ulead Photo Explorer 7.0 Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E38E1721-7FE7-11D4-A898-0000E83DCDA6}\setup.exe"
Update for Microsoft Expression Web 2 (KB957827)-->msiexec /package {90120000-0045-0000-0000-0000000FF1CE} /uninstall {DCA28998-1FE8-4CEA-818D-027D8B15F119}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USA Explorer-->C:\WINDOWS\UNINST.EXE -r"DK Interactive Learning\USA Explorer\1.0.01" -n"USA Explorer" -fC:\PROGRA~1\DKINTE~1\USAEXP~1\DeIsL2.isu -cC:\PROGRA~1\DKINTE~1\USAEXP~1\uninst.dll -oNT
Wacom Tablet Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Wacom\Uninst.isu" -c"C:\WINDOWS\System32\TabUnst.dll"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Winkflash Photo Manager-->MsiExec.exe /I{9322DD07-3AF5-4742-B2A7-1DD4933E6EB9}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
WinZip Self-Extractor-->"C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
WordMaker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6EE94374-BC90-4ED4-82F4-4BA79BA3C4E6}\SETUP.EXE" -l0x9
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: MIRACLESOFLIFE
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\KIDSCOMP on the network \Device\NetBT_Tcpip_{CC95B1A2-C41F-4281-9616-158547CCE94F}.
The data is the error code.
Record Number: 61022
Source Name: BROWSER
Time Written: 20090327065701.000000-360
Event Type: warning
User:
Computer Name: MIRACLESOFLIFE
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 000D56073FD0. The IP address being used is 169.254.230.51.
Record Number: 61014
Source Name: Dhcp
Time Written: 20090327061715.000000-360
Event Type: warning
User:
Computer Name: MIRACLESOFLIFE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000D56073FD0. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 61012
Source Name: Dhcp
Time Written: 20090327061713.000000-360
Event Type: warning
User:
Computer Name: MIRACLESOFLIFE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000D56073FD0. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 61010
Source Name: Dhcp
Time Written: 20090327061628.000000-360
Event Type: warning
User:
Computer Name: MIRACLESOFLIFE
Event Code: 7000
Message: The Symantec Core LC service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 60979
Source Name: Service Control Manager
Time Written: 20090327061024.000000-360
Event Type: error
User:
=====Application event log=====
Computer Name: MIRACLESOFLIFE
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 26141
Source Name: Application Hang
Time Written: 20080929150645.000000-360
Event Type: error
User:
Computer Name: MIRACLESOFLIFE
Event Code: 1310
Message: Event code: 3007
Event message: A compilation error has occurred.
Event time: 9/29/2008 1:09:18 PM
Event time (UTC): 9/29/2008 7:09:18 PM
Event ID: a2897d67db1b46739f3d73c8e2eba3e9
Event sequence: 6
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: b1921e6d-1-128671889541250000
Trust level: Full
Application Virtual Path: /project72
Application Path: C:\Documents and Settings\Michiele Vargas\My Documents\My Web Sites\project72\
Machine name: MIRACLESOFLIFE
Process information:
Process ID: 544
Process name: Expression.DevServer.exe
Account name: MIRACLESOFLIFE\Michiele Vargas
Exception information:
Exception type: HttpCompileException
Exception message: C:\Documents and Settings\Michiele Vargas\My Documents\My Web Sites\project72\insert_lpeodform.aspx(2): error BC30024: Statement is not valid inside a method.
Request information:
Request URL: http://localhost:5130/project72/insert_lpeodform.aspx
Request path: /project72/insert_lpeodform.aspx
User host address: 127.0.0.1
User: MIRACLESOFLIFE\Michiele Vargas
Is authenticated: True
Authentication Type: NTLM
Thread account name: MIRACLESOFLIFE\Michiele Vargas
Thread information:
Thread ID: 4
Thread account name: MIRACLESOFLIFE\Michiele Vargas
Is impersonating: False
Stack trace: at System.Web.Compilation.BuildManager.CompileWebFile(VirtualPath virtualPath)
at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile)
at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile)
at System.Web.Compilation.BuildManager.GetVirtualPathObjectFactory(VirtualPath virtualPath, HttpContext context, Boolean allowCrossApp, Boolean noAssert)
at System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp, Boolean noAssert)
at System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath)
at System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath)
at System.Web.HttpApplication.MapHttpHandler(HttpContext context, String requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig)
at System.Web.HttpApplication.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Custom event details:
Record Number: 26140
Source Name: ASP.NET 2.0.50727.0
Time Written: 20080929130918.000000-360
Event Type: warning
User:
Computer Name: MIRACLESOFLIFE
Event Code: 1309
Message: Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 9/29/2008 11:45:10 AM
Event time (UTC): 9/29/2008 5:45:10 PM
Event ID: 2fbfaae8971d4d2b97cc4fafb4a17ed6
Event sequence: 8
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: b1921e6d-1-128671838933593750
Trust level: Full
Application Virtual Path: /project72
Application Path: C:\Documents and Settings\Michiele Vargas\My Documents\My Web Sites\project72\
Machine name: MIRACLESOFLIFE
Process information:
Process ID: 3428
Process name: Expression.DevServer.exe
Account name: MIRACLESOFLIFE\Michiele Vargas
Exception information:
Exception type: OleDbException
Exception message: Could not find file 'C:\Documents and Settings\Michiele Vargas\My Documents\My Web Sites\project72\fpdb\drivermanager.mdb'.
Request information:
Request URL: http://localhost:14601/project72/lpeodform.aspx
Request path: /project72/lpeodform.aspx
User host address: 127.0.0.1
User: MIRACLESOFLIFE\Michiele Vargas
Is authenticated: True
Authentication Type: NTLM
Thread account name: MIRACLESOFLIFE\Michiele Vargas
Thread information:
Thread ID: 4
Thread account name: MIRACLESOFLIFE\Michiele Vargas
Is impersonating: False
Stack trace: at System.Data.OleDb.OleDbConnectionInternal..ctor(OleDbConnectionString constr, OleDbConnection connection)
at System.Data.OleDb.OleDbConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup)
at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
at System.Data.OleDb.OleDbConnection.Open()
at System.Data.Common.DbDataAdapter.QuietOpen(IDbConnection connection, ConnectionState& originalState)
at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior)
at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior)
at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, String srcTable)
at System.Web.UI.WebControls.SqlDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments)
at System.Web.UI.WebControls.AccessDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments)
at System.Web.UI.WebControls.ListControl.OnDataBinding(EventArgs e)
at System.Web.UI.WebControls.ListControl.PerformSelect()
at System.Web.UI.WebControls.BaseDataBoundControl.DataBind()
at System.Web.UI.WebControls.BaseDataBoundControl.EnsureDataBound()
at System.Web.UI.WebControls.BaseDataBoundControl.OnPreRender(EventArgs e)
at System.Web.UI.WebControls.ListControl.OnPreRender(EventArgs e)
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Custom event details:
Record Number: 26139
Source Name: ASP.NET 2.0.50727.0
Time Written: 20080929114511.000000-360
Event Type: warning
User:
Computer Name: MIRACLESOFLIFE
Event Code: 5000
Message: EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Record Number: 26117
Source Name: MPSampleSubmission
Time Written: 20080924062010.000000-360
Event Type: error
User:
Computer Name: MIRACLESOFLIFE
Event Code: 1000
Message: Faulting application itunes.exe, version 7.3.2.6, faulting module quicktime.qts, version 7.3.1.70, fault address 0x0006f1e3.
Record Number: 26106
Source Name: Application Error
Time Written: 20080922164417.000000-360
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=4
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Nothing unusual there.
Do you get those ads on every website?
michiele
2009-04-23, 19:00
Thank you for your help. I can't seem to recreate the "ads" right now. What would happen is I would do a google search and then click on one of the results. Sometimes another website would show instead of the one I clicked on. Then, I would x out of that and then the original website would show up... Weird. It didn't happen all the time, just sometimes. And it seemed related to what I was searching on. For example, I searched for "what size dog crate". I clicked on one of the results and it showed this page: http://www.allcrate.com/. Then I "x"ed out of there and the page I was suppose to come to showed up. But, like I said, I can't get it to do it right now...
Any suggestions on what to do, or look for if I can recreate it today?
Then we continue with this:
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
michiele
2009-04-24, 03:55
I ran the scan. It didn't find anything... It took like 5 hours:) I must be just losing my mind... Oh well. Maybe I just need to set higher security on the internet. Here is the scan results:
Thursday, April 23, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, April 23, 2009 19:23:33
Records in database: 2073015
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases no
Scan area My Computer
A:\
C:\
D:\
E:\
G:\
H:\
Scan statistics
Files scanned 317637
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 04:37:51
No malware has been detected. The scan area is clean.
The selected area was scanned.
That is good :)
Still problems?
michiele
2009-04-24, 15:29
I haven't seen any problems since yesterday morning. So strange... Well, I do so appreciate your help. At least now I know my computer is clean.:)
Good :)
See below for my tips.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
You can fix these, they are leftovers:
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
Next we remove all used tools.
Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)
Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.