View Full Version : Ads - AdDesintation, Please Help (Resolved)
So yeah...I got addestination, Spybot keeps "fixing" it. Malware Anti-Bytes + AdAware SE (( really old )) fix it too.. I am pretty sure its an easy fix, but I don't know how.
Here's my log. Please help!
--------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28, on 2009-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\program files\mozilla firefox\firefox.exe
C:\HJT\HJT.exe
H:\Windows\SysFiles\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: precisead - {5de6867e-a466-c8f0-b794-a53fa1163f31} - C:\WINDOWS\system32\nsl28.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: precisead search enhancer - {A18EB657-234D-EDEB-C183-794D4AE5E598} - C:\WINDOWS\system32\hsblyandplowgevap.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: precisead browser enhancer - {D3185F83-1C0F-F0DC-3531-660C89ED2805} - C:\WINDOWS\system32\xquubyhtpi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: bignetdaddy - {e7418111-dde6-772c-efca-f1a91cd947ba} - C:\WINDOWS\system32\nsrA7.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [qayqekvptdm] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\xquubyhtpi.dll"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\SysFiles\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZN
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168641034593
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 5647 bytes
I do not mean to be obnoxious, or bump, but the ads stopped after I ran HJT. They only pop up when I am on Firefox, and they redirect me to shopping links. They also put the sponsored links to the left, and do whatever.
Sorry I wasn't clear on that before.
Using Rootanalyzer, and searching online I see that I have SKYNET ( a rootkit? ).
I would like help removing please =P
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
Please Download GMER to your desktop
Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
It said my response was too long, so I broke it up.
log:
log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-06-28 22:36:26
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 22 GB (30%) free of 73 GB
Total RAM: 510 MB (8% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:03 PM, on 6/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\mozilla firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
H:\Windows\SysFiles\HJT\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: precisead - {5de6867e-a466-c8f0-b794-a53fa1163f31} - C:\WINDOWS\system32\nsl28.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: precisead browser enhancer - {D3185F83-1C0F-F0DC-3531-660C89ED2805} - C:\WINDOWS\system32\xquubyhtpi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [qayqekvptdm] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\xquubyhtpi.dll"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\SysFiles\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZN
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168641034593
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 5201 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
SpywareBlock Class - C:\Program Files\SpyCatcher\SCActiveBlock.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5de6867e-a466-c8f0-b794-a53fa1163f31}]
precisead - C:\WINDOWS\system32\nsl28.dll [2009-06-25 1269248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-22 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3185F83-1C0F-F0DC-3531-660C89ED2805}]
precisead browser enhancer - C:\WINDOWS\system32\xquubyhtpi.dll [2009-05-05 480256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-22 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-22 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"qayqekvptdm"=C:\WINDOWS\System32\regsvr32.exe [2004-08-04 11776]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=G:\SysFiles\Spybot - Search & Destroy\TeaTimer.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\13353754]
C:\Documents and Settings\All Users\Application Data\13353754\13353754.exe [2009-06-24 355877]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\93363746]
C:\Documents and Settings\All Users\Application Data\93363746\93363746.exe [2009-06-24 37413]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2008-12-31 2489280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cftmon]
C:\WINDOWS\system32\jfvh.exe [2004-08-04 350720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleaner]
C:\Program Files\RAM Riser\Cleaner.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoffeeTycoon_Setup.exe]
C:\DOCUME~1\Owner\Desktop\COFFEE~1.EXE /r []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 3400 Series\ezprint.exe [2007-06-25 82608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlyMonitor]
C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe [2008-05-13 664904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LemonadeTycoon2Setup.exe]
C:\DOCUME~1\Owner\Desktop\LEMONA~1.EXE /r []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
C:\Program Files\Lexmark 3400 Series\lxcymon.exe [2007-06-25 291504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qayqekvptdm]
C:\WINDOWS\System32\regsvr32.exe [2004-08-04 11776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SchoolTycoonSetup.exe]
C:\DOCUME~1\Owner\Desktop\SCHOOL~1.EXE /r []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\Program Files\Free Desktop Clock\DesktopClock.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Steam\Steam.exe [2009-05-29 1217784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-22 136600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService]
C:\WINDOWS\system32\WService.EXE [2002-09-07 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
C:\Program Files\Ideazon\ZEngine\Zboard.exe [2008-11-12 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-04-16 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^runit_32.lnk]
C:\PROGRA~1\runit\runit_32.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3
"WMPNetworkSvc"=3
"WLSetupSvc"=3
"usnjsvc"=3
"PnkBstrA"=2
"LightScribeService"=2
"Bonjour Service"=2
"AresChatServer"=3
"Apple Mobile Device"=2
"rpcapd"=3
"ose"=3
"MDM"=2
"IDriverT"=3
"CLTNetCnService"=2
"StyleXPService"=2
"NMIndexingService"=3
"JavaQuickStarterService"=2
"getPlus(R) Helper"=3
"WinTabService"=2
"gusvc"=2
"lxcy_device"=2
"PinnacleUpdateSvc"=2
"NetSvc"=3
"WUSB54GCSVC"=2
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOW
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoActiveDesktop"=00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\AOL\1168186712\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1168186712\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1168186712\ee\AOLOpenRide.exe"="C:\Program Files\Common Files\AOL\1168186712\ee\AOLOpenRide.exe:*:Disabled:AOL OpenRide"
"C:\Program Files\Common Files\AOL\1168186712\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1168186712\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Disabled:AOL TopSpeed"
"C:\Program Files\SymplisIT\DriverMagic\DriverMagic.exe"="C:\Program Files\SymplisIT\DriverMagic\DriverMagic.exe:*:Disabled:DriverMagic Utilities"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Disabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Documents and Settings\Owner\Desktop\oa070\openarena-0.7.0\openarena.exe"="C:\Documents and Settings\Owner\Desktop\oa070\openarena-0.7.0\openarena.exe:*:Enabled:openarena"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Owner\Desktop\oa076\openarena-0.7.6\openarena.exe"="C:\Documents and Settings\Owner\Desktop\oa076\openarena-0.7.6\openarena.exe:*:Enabled:openarena"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe"="C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Renegade\Game.exe"="C:\Program Files\Renegade\Game.exe:*:Enabled:Renegade"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\lxcycoms.exe"="C:\WINDOWS\system32\lxcycoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\CCFile\ccfile.exe"="C:\Program Files\CCFile\ccfile.exe:*:Enabled:CCFile"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe"="C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe:*:Enabled:FLYMonitor.exe"
"C:\Program Files\LeapFrog\FlyWorld\bin\FLYWorld.exe"="C:\Program Files\LeapFrog\FlyWorld\bin\FLYWorld.exe:*:Enabled:FLYWorld.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ac9f98-0375-11de-8ae1-001d7e9d56c2}]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{952d6634-441a-11de-a3d3-001d7e9d56c2}]
shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8ae3500-2898-11de-88b0-001d7e9d56c2}]
shell\AutoRun\command - H:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2009-06-28 22:36:26 ----D---- C:\rsit
2009-06-27 15:25:21 ----A---- C:\WINDOWS\system32\CF11707.exe
2009-06-27 15:07:32 ----D---- C:\Program Files\Safer Networking
2009-06-26 10:50:32 ----A---- C:\WINDOWS\system32\fbaf0240-074b-776c-3074-9c352c24595f.exe
2009-06-25 15:52:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-25 09:12:00 ----A---- C:\WINDOWS\system32\nsl28.dll
2009-06-24 16:40:26 ----D---- C:\Documents and Settings\All Users\Application Data\93363746
2009-06-24 16:40:26 ----D---- C:\Documents and Settings\All Users\Application Data\13353754
2009-06-23 19:42:20 ----D---- C:\Program Files\Peggle
2009-06-23 19:18:03 ----A---- C:\WINDOWS\system32\vbymjozskdicaanun.exe
2009-06-23 19:17:08 ----AH---- C:\Documents and Settings\Owner\Application Data\RBShell555.dll
2009-06-23 19:17:08 ----AH---- C:\Documents and Settings\Owner\Application Data\RBRegEx550.dll
2009-06-23 19:16:14 ----A---- C:\WINDOWS\dhcr87834.exe
2009-06-23 19:16:10 ----A---- C:\WINDOWS\qijsh6724.exe
2009-06-23 19:16:08 ----A---- C:\WINDOWS\lids88065.exe
2009-06-23 19:16:00 ----A---- C:\WINDOWS\wrimm50128.exe
2009-06-23 19:15:59 ----A---- C:\WINDOWS\system32\winset.ini
2009-06-23 19:15:57 ----A---- C:\WINDOWS\febk7167.exe
2009-06-23 19:15:56 ----A---- C:\WINDOWS\kvad88233.exe
2009-06-23 19:15:55 ----A---- C:\WINDOWS\vguwe7074.exe
2009-06-23 19:15:52 ----A---- C:\WINDOWS\gvbb1767.exe
2009-06-23 19:15:43 ----A---- C:\WINDOWS\ikrvh20508.exe
2009-06-23 19:15:42 ----A---- C:\WINDOWS\henl37870.exe
2009-06-23 19:15:37 ----A---- C:\WINDOWS\ssrtm4133.exe
2009-06-23 19:15:25 ----A---- C:\WINDOWS\tfpdf3461.exe
2009-06-18 19:33:29 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2009-06-12 03:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-12 03:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-12 03:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-12 03:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-12 03:33:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-11 16:29:56 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
2009-06-11 16:17:32 ----D---- C:\Program Files\JRE
2009-06-11 16:17:08 ----D---- C:\Program Files\OpenOffice.org 3
2009-06-09 19:55:07 ----D---- C:\Program Files\MagicDVDRipper
2009-06-09 19:45:14 ----D---- C:\Program Files\Convert Genius
2009-06-09 19:41:48 ----D---- C:\Program Files\iPod
2009-06-09 19:41:23 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-09 19:38:06 ----D---- C:\Program Files\QuickTime
2009-06-04 16:52:06 ----D---- C:\Program Files\Convert VOB to AVI
2009-06-04 16:49:31 ----D---- C:\ConverterOutput
2009-06-04 16:48:28 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-06-04 16:48:28 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-06-04 16:48:28 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-06-04 16:48:23 ----D---- C:\Program Files\Cucusoft
2009-06-04 16:45:52 ----D---- C:\Program Files\Common Files\Common Share
2009-06-04 16:45:52 ----A---- C:\WINDOWS\system32\devil.dll
2009-06-04 16:45:52 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-06-04 16:45:49 ----D---- C:\Program Files\OJOsoft
2009-06-04 15:31:47 ----D---- C:\Program Files\DebugMode
2009-06-01 22:40:41 ----D---- C:\DVD
======List of files/folders modified in the last 1 months======
2009-06-28 22:26:45 ----D---- C:\WINDOWS\system32
2009-06-28 21:49:59 ----D---- C:\Documents and Settings\Owner\Application Data\.purple
2009-06-28 21:18:03 ----D---- C:\Program Files\Mozilla Firefox
2009-06-28 20:26:37 ----D---- C:\WINDOWS\Temp
2009-06-28 18:08:54 ----D---- C:\WINDOWS\Prefetch
2009-06-28 12:41:17 ----D---- C:\Program Files\Warcraft III
2009-06-28 12:20:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-28 12:19:33 ----D---- C:\WINDOWS\system32\ias
2009-06-27 21:34:09 ----SHD---- C:\WINDOWS\Installer
2009-06-27 21:34:09 ----HD---- C:\Config.Msi
2009-06-27 15:42:56 ----D---- C:\Program Files\Google
2009-06-27 15:42:55 ----SD---- C:\WINDOWS\Tasks
2009-06-27 15:41:36 ----RD---- C:\Program Files
2009-06-27 15:28:58 ----AD---- C:\WINDOWS
2009-06-27 15:26:55 ----D---- C:\Qoobox
2009-06-27 15:08:42 ----RSH---- C:\boot.ini
2009-06-27 13:27:32 ----D---- C:\HJT
2009-06-25 23:10:24 ----A---- C:\WINDOWS\win.ini
2009-06-25 23:10:24 ----A---- C:\WINDOWS\system.ini
2009-06-25 18:11:37 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2009-06-25 15:52:47 ----D---- C:\WINDOWS\system32\drivers
2009-06-24 15:51:29 ----A---- C:\WINDOWS\wininit.ini
2009-06-23 19:42:20 ----D---- C:\Program Files\BFG
2009-06-23 19:23:11 ----A---- C:\WINDOWS\DUMP8abb.tmp
2009-06-13 20:18:06 ----D---- C:\Program Files\lx_cats
2009-06-12 04:32:08 ----D---- C:\WINDOWS\pss
2009-06-12 04:29:31 ----HD---- C:\WINDOWS\inf
2009-06-12 03:39:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-12 03:39:26 ----A---- C:\WINDOWS\imsins.BAK
2009-06-12 03:39:17 ----D---- C:\Program Files\Internet Explorer
2009-06-12 03:38:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 16:19:40 ----RSD---- C:\WINDOWS\assembly
2009-06-11 16:17:56 ----RSD---- C:\WINDOWS\Fonts
2009-06-11 16:16:08 ----D---- C:\Program Files\OpenOffice.org 2.4
2009-06-11 16:03:38 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2009-06-09 19:42:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-09 19:42:28 ----D---- C:\Program Files\iTunes
2009-06-09 19:41:18 ----D---- C:\Program Files\Common Files\Apple
2009-06-09 19:33:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-05 11:42:38 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-06-04 16:48:10 ----D---- C:\Program Files\Common Files\Download Manager
2009-06-04 16:45:52 ----RD---- C:\Program Files\Common Files
2009-06-03 20:53:19 ----D---- C:\Documents and Settings\Owner\Application Data\DVD Flick
2009-06-03 15:47:45 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-06-02 22:24:42 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2009-06-02 22:24:41 ----AC---- C:\WINDOWS\ModemLog_Communications cable between two computers.txt
2009-06-01 12:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-12-31 24872]
R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-09-25 181120]
R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2008-08-28 51072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-30 21419]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512]
R2 kqemu;kqemu driver; \??\C:\WINDOWS\system32\drivers\kqemu.sys []
R3 Alpham1;Ideazon Merc USB Human Interface Device; C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
R3 Alpham2;Ideazon Merc MM USB Human Interface Device; C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-12-30 103360]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2005-05-06 1339776]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2006-03-01 618880]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2005-05-06 47360]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2005-05-06 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 adexzxqs;adexzxqs; C:\WINDOWS\system32\drivers\adexzxqs.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-11-23 4025088]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 avcgbdr;Adaptec GameBridge AVC-14X0/15X0; C:\WINDOWS\system32\drivers\avcgbdr.sys [2005-09-26 125568]
S3 avcgbfl;Adaptec GameBridge AVC-14X0/15X0 Loader; C:\WINDOWS\System32\Drivers\avcgbfl.sys [2005-10-26 19712]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FlyUsb;FLY Fusion; C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2008-05-13 18560]
S3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\System32\Drivers\fsRamDsk.sys [2004-09-22 37409]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 ovt519;EyeToy; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-06-04 513152]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2005-12-22 108003]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-13 15370]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys []
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-05 11090]
S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S4 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-22 152984]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
S4 lxcy_device;lxcy_device; C:\WINDOWS\system32\lxcycoms.exe [2007-06-20 537264]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S4 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S4 PinnacleUpdateSvc;PinnacleUpdate Service; C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe [2008-09-02 262144]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-16 66872]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S4 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2003-09-30 40960]
S4 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
-----------------EOF-----------------
info :
info.txt logfile of random's system information tool 1.06 2009-06-28 22:37:12
======Uninstall list======
-->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
American McGee's Alice(tm)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77B5AD60-8F14-11D4-9BC9-0050041A1090}\Setup.exe"
AMVapp 2.1-->C:\Program Files\AMVapp-uninst.exe
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
AudioEdit Deluxe-->"C:\Documents and Settings\All Users\Application Data\{05214387-BF52-4A03-93AE-FDBBFD1980ED}\setup_aed.exe" REMOVE=TRUE MODIFY=FALSE
AVI Joiner version 1.22-->"C:\Program Files\AVIJOINER\unins000.exe"
Blaze Media Pro-->"C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Blaze Media Pro-->C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}\setup_blazemp.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCFile 3.31-->"C:\Program Files\CCFile\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Clive Barker's Undying(tm)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}\setup.exe" -l0x9 Uninstall
Compact Wireless-G USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Convert Genius v3.0-->"C:\Program Files\Convert Genius\unins000.exe"
Convert VOB to AVI 1.7-->"C:\Program Files\Convert VOB to AVI\unins000.exe"
Curse Client-->C:\Program Files\Curse\uninstall.exe
DebugMode Wax 2.0-->"C:\Program Files\DebugMode\Wax 2.0\uninst.exe"
Defraggler (remove only)-->"G:\SysFiles\Defraggler\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
D-Link VGA Webcam-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
DoISO-->MsiExec.exe /I{79EFF529-C306-41DC-81D9-17F181DF287A}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Flick 1.3.0.6-->"C:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD to VCD AVI DivX Converter v3.2 (build 069)-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Ext2 IFS 1.11a for Windows XP-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 130 Ext2Ifs_for_NT501.inf
File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E478B83CCEA2}
FLY World-->C:\WINDOWS\system32\msiexec.exe /i {5D946D0D-9437-4E15-AC1F-F9BCF0B32561}
Fraps-->"C:\Program Files\Fraps\uninstall.exe"
Free FLV Converter V 6.23.0-->"C:\Program Files\Free FLV Converter\unins000.exe"
Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
GIMP 2.6.3-->"F:\GimpPortable\GIMP-2.0\setup\unins000.exe"
GIMPshop .1 beta-->C:\Program Files\GIMPshop\uninst.exe
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
Grand Theft Auto-->C:\WINDOWS\IsUninst.exe -f"c:\program files\gta\Uninst.isu"
GTK+ Runtime 2.12.8 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2-->"H:\Windows\SysFiles\HJT\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything
Insaniquarium Deluxe 1.0-->C:\WINDOWS\iun6002.exe "G:\INsaniquarium\irunin.ini"
Inside the SAT 2004 Deluxe-->C:\Program Files\The Learning Company\Inside the SAT 2004 Deluxe\uninstall.exe
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
iTunes Alarm Clock 2.0-->"C:\Program Files\Alarm Clock\unins000.exe"
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Lexmark 3400 Series-->C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"G:\SysFiles\Malwarebytes' Anti-Malware\unins000.exe"
Matrix-ks-->"C:\Program Files\KellySoftware\Matrix-ks\Uninstall.exe" "C:\Program Files\KellySoftware\Matrix-ks\install.log"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\program files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0.8)-->G:\SysFiles\Firefox\uninstall\helper.exe
mpegable DS decoder-->C:\WINDOWS\AKDeInstall.exe "/C:\Program Files\mpegable\"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Essentials-->MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641033}
NetObjects Fusion Essentials-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NetObjects\NetObjects Fusion Essentials\Uninst.isu" -c"C:\Program Files\NetObjects\NetObjects Fusion Essentials\uninst.dll"
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OJOsoft Total Video Converter-->"C:\Program Files\OJOsoft\OJOsoft Total Video Converter\unins000.exe"
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Peggle (remove only)-->C:\Program Files\Peggle\Uninstall.exe
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Pingus-->C:\Program Files\Pingus\Uninstall.exe
Pinnacle Game Profiler-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\Setup.exe" -l0x9
PopCap Browser Plugin-->C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
Powerbullet Presenter-->"C:\Program Files\Powerbullet\unins000.exe"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QEMU Accelerator Module 1.3.0pre11-->F:\Kqemu\uninst.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Run It-->"C:\Program Files\runit\runitu_32.exe"
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
SeaMonkey (1.1.14)-->C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.14 (en)"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SolveigMM AVI Trimmer-->"C:\Program Files\Solveig Multimedia\SolveigMM AVI Trimmer\Uninstall.exe" "C:\Program Files\Solveig Multimedia\SolveigMM AVI Trimmer\install.log" -u
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"G:\SysFiles\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sumatra PDF reader-->"C:\Program Files\SumatraPDF\uninstall.exe"
TouchCopy-->MsiExec.exe /I{10B8A210-957C-4657-963F-78BE031A1E13}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB914882)-->"C:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Video Edit Magic 4.4-->"C:\Program Files\Deskshare\Video Edit Magic 4.4\unins000.exe"
Videora iPod Converter 4.04-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Virtual Villagers (remove only)-->G:\Elliott\Virtual Villagers\Uninstall.exe
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)-->C:\PROGRA~1\DIFX\5BE688ACC8BC158E\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\flyusb_ECE9FCB25A55FF8E782476B8116A3635CD5AD324\flyusb.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xilisoft iPod Rip-->C:\Program Files\Xilisoft\iPod Rip\Uninstall.exe
YASA MP4 Video Converter v3.2 (build 0051)-->C:\PROGRA~1\YASAMP~1\UNWISE.EXE C:\PROGRA~1\YASAMP~1\INSTALL.LOG
Z Engine-->MsiExec.exe /X{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======System event log======
Computer Name: MASTER
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.
Record Number: 185179
Source Name: Disk
Time Written: 20090515153120.000000-240
Event Type: warning
User:
Computer Name: MASTER
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.
Record Number: 185178
Source Name: Disk
Time Written: 20090515153120.000000-240
Event Type: warning
User:
Computer Name: MASTER
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.
Record Number: 185177
Source Name: Disk
Time Written: 20090515153120.000000-240
Event Type: warning
User:
Computer Name: MASTER
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.
Record Number: 185176
Source Name: Disk
Time Written: 20090515153120.000000-240
Event Type: warning
User:
Computer Name: MASTER
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.
Record Number: 185175
Source Name: Disk
Time Written: 20090515153119.000000-240
Event Type: warning
User:
=====Application event log=====
Computer Name: MASTER
Event Code: 1517
Message: Windows saved user MASTER\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 128
Source Name: Userenv
Time Written: 20090219075140.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: MASTER
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3306, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 127
Source Name: Application Hang
Time Written: 20090218224732.000000-300
Event Type: error
User:
Computer Name: MASTER
Event Code: 1517
Message: Windows saved user MASTER\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 121
Source Name: Userenv
Time Written: 20090218163220.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: MASTER
Event Code: 1002
Message: Hanging application SDUpdate.exe, version 1.6.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 94
Source Name: Application Hang
Time Written: 20090216173308.000000-300
Event Type: error
User:
Computer Name: MASTER
Event Code: 1517
Message: Windows saved user MASTER\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 79
Source Name: Userenv
Time Written: 20090215153700.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
gmer:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-29 05:46:17
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
INT 0x62 ? 837DABF8
INT 0x63 ? 83673BF8
INT 0x82 ? 837DABF8
INT 0x83 ? 83673BF8
INT 0x83 ? 83673BF8
INT 0xB4 ? 83673BF8
Code 832E2A78 ZwEnumerateKey
Code 832B93D8 ZwFlushInstructionCache
Code 832B41D6 IofCallDriver
Code 833172B6 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 832B41DB
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 833172BB
PAGE ntoskrnl.exe!ZwEnumerateKey 805783A4 5 Bytes JMP 832E2A7C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1C 5 Bytes JMP 832B93DC
? spaf.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F826262C 5 Bytes JMP 836731D8
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\iPod\bin\iPodService.exe[172] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0072000A
.text C:\Program Files\Internet Explorer\iexplore.exe[636] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 09AF6CA0 C:\WINDOWS\system32\xquubyhtpi.dll
.text C:\WINDOWS\system32\winlogon.exe[724] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0067000A
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0076000A
.text C:\WINDOWS\System32\regsvr32.exe[1384] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 008D000A
.text C:\WINDOWS\System32\svchost.exe[1556] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0076000A
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 837DC2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8609C4C] spaf.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8609CA0] spaf.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F85D9040] spaf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F85D913C] spaf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F85D90BE] spaf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F85D97FC] spaf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F85D96D2] spaf.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 836732D8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 837691F8
Device \FileSystem\Fastfat \FatCdrom 8325F500
Device \Driver\usbuhci \Device\USBPDO-0 8363C1F8
Device \Driver\usbuhci \Device\USBPDO-1 8363C1F8
Device \Driver\usbuhci \Device\USBPDO-2 8363C1F8
Device \Driver\usbehci \Device\USBPDO-3 8361A1F8
Device \Driver\PCI_PNP0458 \Device\00000061 spaf.sys
Device \Driver\PCI_PNP0458 \Device\00000061 spaf.sys
Device \Driver\Ftdisk \Device\HarddiskVolume3 8376B1F8
Device \Driver\atapi \Device\Ide\IdePort0 837DA1F8
Device \Driver\atapi \Device\Ide\IdePort1 837DA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 837DA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 837DA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 837DA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 837DA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8376B1F8
Device \Driver\USBSTOR \Device\00000080 83269500
Device \Driver\Ftdisk \Device\HarddiskVolume5 8376B1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8327F1F8
Device \Driver\NetBT \Device\NetbiosSmb 8327F1F8
Device \Driver\sptd \Device\104465458 spaf.sys
Device \Driver\usbuhci \Device\USBFDO-0 8363C1F8
Device \Driver\usbuhci \Device\USBFDO-1 8363C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8326E1F8
Device \Driver\usbuhci \Device\USBFDO-2 8363C1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8326E1F8
Device \Driver\usbehci \Device\USBFDO-3 8361A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E7F1DF7F-E8B9-47BE-A932-D4967F82D1D6} 8327F1F8
Device \Driver\Ftdisk \Device\FtControl 8376B1F8
Device \Driver\USBSTOR \Device\0000007e 83269500
Device \Driver\adexzxqs \Device\Scsi\adexzxqs1Port2Path0Target0Lun0 835AA500
Device \Driver\adexzxqs \Device\Scsi\adexzxqs1 835AA500
Device \FileSystem\Fastfat \Fat 8325F500
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs FFB2A1F8
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\Program Files\iPod\bin\iPodService.exe [172] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [196] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [636] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [724] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [768] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [780] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1032] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [1104] 0x003E0000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1152] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1188] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1316] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\System32\regsvr32.exe [1384] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1432] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1556] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1716] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1844] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1852] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1984] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (*** hidden *** ) @ C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe [2144] 0x10000000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!
Service C:\WINDOWS\system32\cisvc.exe? (*** hidden *** ) [MANUAL] CiSvc <-- ROOTKIT !!!
Service C:\WINDOWS\system32\clipsrv.exe? (*** hidden *** ) [DISABLED] ClipSrv <-- ROOTKIT !!!
Service C:\WINDOWS\system32\imapi.exe? (*** hidden *** ) [MANUAL] ImapiService <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] PolicyAgent <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] ProtectedStorage <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\SKYNETnkdmqptn.sys (*** hidden *** ) [SYSTEM] SKYNETltewsqoe <-- ROOTKIT !!!
Service C:\WINDOWS\system32\spoolsv.exe? (*** hidden *** ) [AUTO] Spooler <-- ROOTKIT !!!
Service C:\WINDOWS\System32\ups.exe? (*** hidden *** ) [MANUAL] UPS <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe@imagepath \systemroot\system32\drivers\SKYNETnkdmqptn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\main@aid 10038
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETnkdmqptn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\modules@SKYNETcmd.dll \systemroot\system32\SKYNETiorjolwo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\modules@SKYNETlog.dat \systemroot\system32\SKYNETfwmmkklr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\modules@SKYNETwsp.dll \systemroot\system32\SKYNETxdupxfqp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETltewsqoe\modules@SKYNET.dat \systemroot\system32\SKYNETxcmhgapj.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4E 0xFC 0x57 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x65 0x72 0x16 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0x6C 0x99 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4E 0xFC 0x57 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x65 0x72 0x16 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0x6C 0x99 0x5F ...
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe@imagepath \systemroot\system32\drivers\SKYNETnkdmqptn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\main
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\main@aid 10038
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\main\delete
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\main\tasks
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\modules
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETnkdmqptn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\modules@SKYNETcmd.dll \systemroot\system32\SKYNETiorjolwo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\modules@SKYNETlog.dat \systemroot\system32\SKYNETfwmmkklr.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\modules@SKYNETwsp.dll \systemroot\system32\SKYNETxdupxfqp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETltewsqoe\modules@SKYNET.dat \systemroot\system32\SKYNETxcmhgapj.dat
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4E 0xFC 0x57 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x65 0x72 0x16 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0x6C 0x99 0x5F ...
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2OMKFV61\vh[3].htm 273 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2OMKFV61\CA76KF3H.htm 1719 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2OMKFV61\imp[14].com%2Fservlet%2Fajrotator%2F23%2F0%2Fvh%3Fz%3Dast%26ch%3D1866%26dim%3D7&r=0 1470 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2OMKFV61\st[42] 4382 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2OMKFV61\st[45] 4379 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2OMKFV61\st[46] 4382 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2OMKFV61\st[47] 4403 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2OMKFV61\st[48] 4399 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2OMKFV61\st[49] 4381 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2OMKFV61\st[50] 4390 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3TMH9UJU\imp[28].com%2Fservlet%2Fajrotator%2F23%2F0%2Fvh%3Fz%3Dast%26ch%3D1867%26dim%3D3&r=0 1475 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3TMH9UJU\imp[13].com%2Fservlet%2Fajrotator%2F23%2F0%2Fvh%3Fz%3Dast%26ch%3D1839%26dim%3D4&r=0 357 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3TMH9UJU\CAC96RMN.htm 1416 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3TMH9UJU\CAEJOHQ7.htm 1717 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3TMH9UJU\CAQLKLE7.htm 883 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OAT3A79I\vh[10].htm 0 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OAT3A79I\imp[21].com%2Fservlet%2Fajrotator%2F23%2F0%2Fvh%3Fz%3Dast%26ch%3D1867%26dim%3D3&r=0 770 bytes
File C:\WINDOWS\system32\drivers\SKYNETnkdmqptn.sys 69632 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\SKYNETfwmmkklr.dat 49861 bytes
File C:\WINDOWS\system32\SKYNETiorjolwo.dll 44032 bytes executable
File C:\WINDOWS\system32\SKYNETxcmhgapj.dat 93 bytes
File C:\WINDOWS\system32\SKYNETxdupxfqp.dll 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETfeieivirdc.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETixgopeqjrl.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjhtubcgtcs.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETkypxdfwoqo.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETlrnqdecbqp.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETltisrrvdxk.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETmkpjkmmafk.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETnqwmcoftov.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETpyxuiddvra.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETqmentmbpfr.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETrnfxlepvmy.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETrxpullilbs.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETsitkvnptys.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETsnlmqeyepv.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETspwxsvoqsn.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtkosvwivtv.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETvhktvoigab.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETxynexnisec.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETywiddncnct.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETyxxtcrveec.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETbgqilvkocm.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETbputochufg.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETbrrrlhpyui.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETcpwtexobqg.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdwbyvqfmoi.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETejixrancki.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETengtbymdwq.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETeooxwqftox.tmp 20992 bytes executable
---- EOF - GMER 1.0.15 ----
Step 1
Disable Teatimer
We need to disable Teatimer as it may interfere with the cleaning.
Please do not re-enable it until I give instructions.
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Click Link >>> HERE <<< Link (http://www.neoshine.co.uk/mina/Downloads/TTWipe.bat) and select "save as" and save it to your desktop
Double click TTWipe.bat
Reboot your machine for the changes to take effect.
----------------------------------------------------------------------------------------
Step 2
Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following
Start MalwareBytes AntiMalware
Update Malwarebytes' Anti-Malware
Select the Update tab
Click Update
When the update is complete, select the Scanner tab
Select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------------------------------------
Step 3
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
MalwareBytes Log
Combofix Log
How are things running now ?
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download Java SE Runtime Environment (JRE) (http://java.sun.com/javase/downloads/index.jsp). ( don't install it yet )
Scroll down to where it says "Java SE Runtime Environment (JRE)".
Click the "Download" button to the right.
Platform = Windows Language = Multi Language
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)
combofix:
ComboFix 09-06-29.02 - Owner 06/29/2009 17:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.296 [GMT -4:00]
Running from: h:\windows\Apps\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\Microsoft\profile.dat
C:\Documents
c:\windows\gvbb1767.exe
c:\windows\lids88065.exe
c:\windows\S.exe
c:\windows\ssrtm4133.exe
c:\windows\system32\drivers\SKYNETnkdmqptn.sys
c:\windows\system32\ebkbccjg.ini
c:\windows\system32\fbaf0240-074b-776c-3074-9c352c24595f.exe
c:\windows\system32\fowpjfvi.ini
c:\windows\system32\hhwygmst.ini
c:\windows\system32\qpqss.tmp2
c:\windows\system32\skinboxer43.dll
c:\windows\system32\SKYNETfwmmkklr.dat
c:\windows\system32\SKYNETiorjolwo.dll
c:\windows\system32\SKYNETxcmhgapj.dat
c:\windows\system32\SKYNETxdupxfqp.dll
c:\windows\system32\vbymjozskdicaanun.exe
c:\windows\system32\wservice.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETltewsqoe
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.
2009-06-29 21:38 . 2009-06-29 21:38 -------- d-sh--w- C:\found.000
2009-06-29 02:36 . 2009-06-29 02:37 -------- d-----w- C:\rsit
2009-06-27 19:07 . 2009-06-27 19:07 -------- d-----w- c:\program files\Safer Networking
2009-06-24 20:40 . 2009-06-29 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\93363746
2009-06-24 20:40 . 2009-06-29 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\13353754
2009-06-23 23:42 . 2009-06-23 23:44 -------- d-----w- c:\program files\Peggle
2009-06-23 23:17 . 2009-06-23 23:20 73728 ---ha-w- c:\documents and settings\Owner\Application Data\RBRegEx550.dll
2009-06-23 23:17 . 2009-06-23 23:20 39936 ---ha-w- c:\documents and settings\Owner\Application Data\RBShell555.dll
2009-06-23 23:16 . 2009-06-23 23:16 138752 ----a-w- c:\windows\dhcr87834.exe
2009-06-23 23:16 . 2009-06-23 23:16 138752 ----a-w- c:\windows\wrimm50128.exe
2009-06-23 23:15 . 2009-06-23 23:15 93696 ----a-w- c:\windows\febk7167.exe
2009-06-23 23:15 . 2009-06-23 23:15 138752 ----a-w- c:\windows\kvad88233.exe
2009-06-23 23:15 . 2009-06-23 23:15 93696 ----a-w- c:\windows\henl37870.exe
2009-06-23 23:15 . 2009-06-23 23:15 93696 ----a-w- c:\windows\tfpdf3461.exe
2009-06-18 23:33 . 2009-06-18 23:41 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-06-11 20:30 . 2009-06-17 01:34 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-11 20:29 . 2009-06-11 20:29 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
2009-06-11 20:17 . 2009-06-11 20:17 -------- d-----w- c:\program files\JRE
2009-06-11 20:17 . 2009-06-11 20:17 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-09 23:55 . 2009-06-09 23:55 -------- d-----w- c:\program files\MagicDVDRipper
2009-06-09 23:45 . 2009-06-09 23:45 -------- d-----w- c:\program files\Convert Genius
2009-06-09 23:41 . 2009-06-09 23:41 -------- d-----w- c:\program files\iPod
2009-06-09 23:41 . 2009-06-09 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-09 23:38 . 2009-06-09 23:38 -------- d-----w- c:\program files\QuickTime
2009-06-09 23:30 . 2009-06-09 23:30 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 20:52 . 2009-06-04 20:52 -------- d-----w- c:\program files\Convert VOB to AVI
2009-06-04 20:49 . 2009-06-04 20:49 -------- d-----w- C:\ConverterOutput
2009-06-04 20:48 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-04 20:48 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-04 20:48 . 2009-06-04 20:48 -------- d-----w- c:\program files\Cucusoft
2009-06-04 20:45 . 2009-06-04 20:45 -------- d-----w- c:\program files\Common Files\Common Share
2009-06-04 20:45 . 2008-12-18 17:38 719872 ----a-w- c:\windows\system32\devil.dll
2009-06-04 20:45 . 2008-12-18 17:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2009-06-04 20:45 . 2009-06-04 20:45 -------- d-----w- c:\program files\OJOsoft
2009-06-04 19:31 . 2009-06-04 19:32 -------- d-----w- c:\program files\DebugMode
2009-06-02 02:40 . 2009-06-03 19:48 -------- d-----w- C:\DVD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 20:22 . 2009-01-15 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 20:21 . 2009-01-15 04:10 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-29 20:00 . 2007-01-07 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-29 19:57 . 2008-08-10 17:33 -------- d-----w- c:\documents and settings\Owner\Application Data\.purple
2009-06-28 16:41 . 2007-07-27 12:56 -------- d-----w- c:\program files\Warcraft III
2009-06-28 16:18 . 2009-02-11 21:57 -------- d-----w- c:\program files\Google
2009-06-25 22:11 . 2008-08-10 18:22 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2009-06-23 23:42 . 2007-03-17 19:55 -------- d-----w- c:\program files\BFG
2009-06-23 23:23 . 2007-01-06 18:41 98304 ----a-w- c:\windows\DUMP8abb.tmp
2009-06-17 15:27 . 2009-01-15 04:10 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-01-15 04:10 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 00:18 . 2009-03-16 21:52 -------- d-----w- c:\program files\lx_cats
2009-06-12 08:45 . 2007-01-07 01:49 64336 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 20:16 . 2008-10-01 00:50 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-06-11 20:03 . 2007-10-16 10:53 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-06-11 19:59 . 2007-10-16 10:55 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-09 23:42 . 2008-09-28 22:25 -------- d-----w- c:\program files\iTunes
2009-06-09 23:41 . 2008-01-18 00:54 -------- d-----w- c:\program files\Common Files\Apple
2009-06-05 15:42 . 2008-09-09 23:17 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2008-01-18 00:54 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 20:48 . 2007-07-13 16:44 -------- d-----w- c:\program files\Common Files\Download Manager
2009-06-04 00:53 . 2009-02-24 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\DVD Flick
2009-05-12 02:45 . 2007-02-26 03:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-12 02:37 . 2009-05-12 02:37 -------- d-----w- c:\program files\YouTube Downloader
2009-05-07 15:44 . 2009-02-28 09:55 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2004-08-04 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 13:50 . 2007-01-07 03:04 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-20 15:35 . 2008-06-19 20:06 119296 ----a-w- c:\windows\system32\zlib.dll
2009-04-19 17:32 . 2009-04-19 17:32 8854 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-04-19 17:32 . 2009-04-19 17:32 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-04-19 17:32 . 2009-04-19 17:32 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-19 00:44 . 2009-04-18 22:58 1026 ----a-w- C:\logfile.dat
2009-04-17 09:58 . 2009-02-28 09:55 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-04 12:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2008-12-18 01:33 . 2008-12-18 01:39 3139872 ----a-w- c:\program files\video.flv
2008-07-13 14:05 . 2008-07-13 14:05 58652 ----a-w- c:\program files\AMVapp-uninst.exe
2005-01-21 15:53 . 2007-07-30 04:22 45056 ------r- c:\program files\SetAttrib.exe
2004-11-30 22:23 . 2007-07-30 04:22 40960 ------r- c:\program files\delete.exe
2007-11-15 19:05 . 2008-03-13 19:11 89088 ----a-w- c:\program files\mozilla firefox\plugins\atl71.dll
2007-11-15 19:05 . 2008-03-13 19:11 53248 ----a-w- c:\program files\mozilla firefox\plugins\boost_filesystem-vc71-mt-1_33_1.dll
2007-11-15 19:05 . 2008-03-13 19:11 499712 ----a-w- c:\program files\mozilla firefox\plugins\msvcp71.dll
2007-11-15 19:05 . 2008-03-13 19:11 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2007-11-15 19:05 . 2008-03-13 19:11 110592 ----a-w- c:\program files\mozilla firefox\plugins\v22_base.dll
2007-11-15 19:05 . 2008-03-13 19:11 114688 ----a-w- c:\program files\mozilla firefox\plugins\v22_compression.dll
2007-11-15 19:05 . 2008-03-13 19:11 106496 ----a-w- c:\program files\mozilla firefox\plugins\v22_connect.dll
2007-11-15 19:05 . 2008-03-13 19:11 229376 ----a-w- c:\program files\mozilla firefox\plugins\v22_update.dll
2007-11-15 19:05 . 2008-03-13 19:11 196608 ----a-w- c:\program files\mozilla firefox\plugins\v22_utility.dll
2007-11-15 19:05 . 2008-03-13 19:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\v22_winapplib.dll
2007-10-18 01:50 . 2007-10-11 18:32 88 --sh--r- c:\windows\system32\4E2CAE1B1E.sys
2007-10-18 01:50 . 2007-10-11 10:48 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-4 3450608]
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^runit_32.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\runit_32.lnk
backup=c:\windows\pss\runit_32.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"LightScribeService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AresChatServer"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"StyleXPService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
"WinTabService"=2 (0x2)
"gusvc"=2 (0x2)
"lxcy_device"=2 (0x2)
"PinnacleUpdateSvc"=2 (0x2)
"NetSvc"=3 (0x3)
"WUSB54GCSVC"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CoffeeTycoon_Setup.exe"=c:\docume~1\Owner\Desktop\COFFEE~1.EXE /r
"LemonadeTycoon2Setup.exe"=c:\docume~1\Owner\Desktop\LEMONA~1.EXE /r
"SchoolTycoonSetup.exe"=c:\docume~1\Owner\Desktop\SCHOOL~1.EXE /r
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LXCYCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\CCFile\\ccfile.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYMonitor.exe"=
"c:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYWorld.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"111:TCP"= 111:TCP:*:Disabled:fghfgh
"5000:TCP"= 5000:TCP:TCP Port 5000
"22119:TCP"= 22119:TCP:BitComet 22119 TCP
"22119:UDP"= 22119:UDP:BitComet 22119 UDP
"135:TCP"= 135:TCP:TCP Port 135
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [11/15/2007 6:43 AM 15872]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [3/26/2009 6:53 PM 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [3/26/2009 6:53 PM 51072]
R2 kqemu;kqemu driver;c:\windows\system32\drivers\kqemu.sys [2/6/2007 5:02 PM 123939]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/28/2007 11:06 PM 16512]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [4/18/2009 6:58 PM 18560]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 5:10 PM 32512]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [10/26/2008 1:23 PM 33752]
S4 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
.
- - - - ORPHANS REMOVED - - - -
Notify-dimsntfy - (no file)
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZN
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: myspace.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 17:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3748)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-29 17:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-29 21:52
Pre-Run: 22,841,077,760 bytes free
Post-Run: 22,922,145,792 bytes free
271 --- E O F --- 2009-06-28 01:34
Malwarebytes' Anti-Malware 1.38
Database version: 2352
Windows 5.1.2600 Service Pack 2
6/29/2009 5:04:32 PM
mbam-log-2009-06-29 (17-04-27).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 204317
Time elapsed: 40 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
\\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (Trojan.TDSS) -> No action taken.
C:\program files\mozilla firefox\components\7a5ae556-f761-d029-d79c-3bbb8bc4107b.dll (Adware.Yoog) -> No action taken.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\runit (Adware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\runit (Adware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5de6867e-a466-c8f0-b794-a53fa1163f31} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5de6867e-a466-c8f0-b794-a53fa1163f31} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3185f83-1c0f-f0dc-3531-660c89ed2805} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d3185f83-1c0f-f0dc-3531-660c89ed2805} (Adware.BHO) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qayqekvptdm (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
\\?\globalroot\systemroot\system32\SKYNETxdupxfqp.dll (Trojan.TDSS) -> No action taken.
c:\documents and settings\all users\application data\13353754\13353754.exe (Rogue.Installer) -> No action taken.
c:\documents and settings\all users\application data\93363746\93363746.exe (Rogue.Installer) -> No action taken.
c:\WINDOWS\ikrvh20508.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\qijsh6724.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\vguwe7074.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\jfvh.exe (Trojan.Agent) -> No action taken.
c:\program files\mozilla firefox\components\7a5ae556-f761-d029-d79c-3bbb8bc4107b.dll (Adware.Yoog) -> No action taken.
C:\WINDOWS\system32\xquubyhtpi.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\nsl28.dll (Adware.BHO) -> No action taken.
^ i forgot to delete, so i am rerunning malwarebytes to scan/remove
Information
Do you know why you have all those open ports on your machine ?
----------------------------------------------------------------------------------------
Step 1
Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total
Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
Copy/paste the the following file path into the window
c:\windows\system32\drivers\kqemu.sys
Click Submit/Send File
Please post back, to let me know the results.
Please do the same for the following file
c:\windows\system32\drivers\vburner.sys
c:\windows\dhcr87834.exe
c:\windows\febk7167.exe
c:\windows\kvad88233.exe
If Virustotal is too busy please try Jotti (http://virusscan.jotti.org/)
----------------------------------------------------------------------------------------
Step 2
Recovery Console
!!!!!! Warning !!!!!!.... Your log shows that Recovery Console is not installed.
Due to the threat that current and future malware poses it is vital that you have some form of recovery console.
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System - (SP3 Users should download the SP2 pack)
Windows XP Home Edition SP2
http://i51.photobucket.com/albums/f387/Katana_1970/KB310994.gif
Download the file & save it as its originally named, next to ComboFix.exe.
http://i51.photobucket.com/albums/f387/Katana_1970/rc1.gif
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.
----------------------------------------------------------------------------------------
Step 3
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
http://forums.spybot.info/showthread.php?p=320166#post320166
Suspect::
c:\windows\system32\drivers\kqemu.sys
c:\windows\system32\drivers\vburner.sys
c:\windows\dhcr87834.exe
c:\windows\febk7167.exe
c:\windows\kvad88233.exe
c:\documents and settings\Owner\Start Menu\Programs\Startup\runit_32.lnk
Folder::
c:\documents and settings\All Users\Application Data\93363746
c:\documents and settings\All Users\Application Data\13353754
File::
c:\windows\dhcr87834.exe
c:\windows\wrimm50128.exe
c:\windows\febk7167.exe
c:\windows\kvad88233.exe
c:\windows\henl37870.exe
c:\windows\tfpdf3461.exe
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"111:TCP"=-
"5000:TCP"=-
"22119:TCP"=-
"22119:UDP"=-
ADS::
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box.
Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
----------------------------------------------------------------------------------------
Step 4
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Virus Total Reports
Combofix Log
Kaspersky Log
How are things running now ?
Sorry I haven't replied, I have been swamped with work. The ads have stopped, I will still follow through with your instructions, I just need to finish up some stuff.
Thank you for spending some time on this.
Here are the files that reported anything, the rest had nothing attached to them. Kqemu is a thing I used when I used Wubi ( Linux via windows installation ).
Here is the first one..
File kvad88233.exe received on 2009.07.03 18:40:39 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.07.03 Trojan-Dropper!IK
AhnLab-V3 5.0.0.2 2009.07.03 -
AntiVir 7.9.0.204 2009.07.03 TR/Dropper.Gen
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.02 -
Avast 4.8.1335.0 2009.07.03 Win32:Trojan-gen {Other}
AVG 8.5.0.386 2009.07.03 Dropper.Generic.ARLY
BitDefender 7.2 2009.07.03 -
CAT-QuickHeal 10.00 2009.07.03 -
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.03 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6596 2009.07.03 -
F-Prot 4.4.4.56 2009.07.02 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.03 Win32:Trojan-gen {Other}
Ikarus T3.1.1.64.0 2009.07.03 Trojan-Dropper
Jiangmin 11.0.706 2009.07.03 -
K7AntiVirus 7.10.783 2009.07.03 -
Kaspersky 7.0.0.125 2009.07.03 -
McAfee 5665 2009.07.03 -
McAfee+Artemis 5665 2009.07.03 -
McAfee-GW-Edition 6.8.5 2009.07.03 Heuristic.LooksLike.Trojan.Buzus.H
Microsoft 1.4803 2009.07.03 -
NOD32 4213 2009.07.03 a variant of Win32/Injector.RG
Norman 6.01.09 2009.07.03 -
nProtect 2009.1.8.0 2009.07.03 Trojan/W32.Agent.138752.AB
Panda 10.0.0.14 2009.07.03 -
PCTools 4.4.2.0 2009.07.03 -
Prevx 3.0 2009.07.03 Medium Risk Malware
Rising 21.36.44.00 2009.07.03 -
Sophos 4.43.0 2009.07.03 Mal/Generic-A
Symantec 1.4.4.12 2009.07.03 -
TheHacker 6.3.4.3.360 2009.07.03 -
TrendMicro 8.950.0.1094 2009.07.03 -
VBA32 3.12.10.7 2009.07.03 BScope.Trojan-Dropper.Pict.62314
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.03 -
Additional information
File size: 138752 bytes
MD5...: cc8e5909a46fc84dd0e035395f294aaa
SHA1..: 19bb1b50253befcd36c720376d90a16458f276dd
SHA256: 7ed81c21afd9745d2218a47c19b0a428878e4e88ed7e8008b4e893564028b5aa
ssdeep: 3072:Vgnia6r1Ad+PoayqtYFSr9t1wAMXA51qRkmOn1YsrbZ:Vgnifloayqth5jw<br>AN51ekmPsx<br>
PEiD..: Armadillo v1.71
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x65d8<br>timedatestamp.....: 0x4a3512e5 (Sun Jun 14 15:10:29 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5764 0x5800 5.45 15d6b97bccf95fe6818618c2e1d26cfc<br>.rdata 0x7000 0x7e2 0x800 5.12 12146d57c33d5aa20e216efac8b062c7<br>.data 0x8000 0x778 0x400 5.40 2961ed1a4aac8c7448119604252e6f41<br>.rsrc 0x9000 0x1b580 0x1b600 7.96 9974a28c83ac9111e6bccea428ce6f39<br><br>( 5 imports ) <br>> KERNEL32.dll: ExitProcess, LoadLibraryA, GetModuleHandleA, GetProcAddress, GetTimeFormatA, CreateThread, Sleep, VirtualAlloc, VirtualQueryEx, GetStartupInfoA<br>> USER32.dll: DestroyWindow, GetSystemMetrics, RegisterClassA, LoadCursorA, PostQuitMessage, CreateWindowExA, SetDlgItemTextA, GetWindowRect, LoadIconA, MessageBoxA, LoadImageA, ReleaseDC, GetDCEx, WaitMessage, DispatchMessageA, TranslateMessage, PeekMessageA, ShowWindow, DefWindowProcA, UpdateWindow, SetFocus<br>> GDI32.dll: CreateCompatibleBitmap, CreateRectRgnIndirect, DeleteObject, GetStockObject, GetObjectA<br>> MSVCP60.dll: __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z<br>> MSVCRT.dll: sprintf, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, atoi, memmove, memset, malloc, getenv, memcpy, __2@YAPAXI@Z, _except_handler3, rand, strlen, _controlfp<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=DBBD277900ABE2841EF502B9FCB6B000760EC51D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=DBBD277900ABE2841EF502B9FCB6B000760EC51D</a>
File febk7167.exe received on 2009.07.03 18:37:04 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.07.03 Trojan-Dropper.Agent!IK
AhnLab-V3 5.0.0.2 2009.07.03 Win-Trojan/Clicker.93696
AntiVir 7.9.0.204 2009.07.03 TR/Click.MSH.4
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.02 -
Avast 4.8.1335.0 2009.07.03 Win32:Trojan-gen {Other}
AVG 8.5.0.386 2009.07.03 Clicker.ZZJ
BitDefender 7.2 2009.07.03 Trojan.Clicker.MSH
CAT-QuickHeal 10.00 2009.07.03 Trojan.Agent2.fbd
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.07.03 -
eSafe 7.0.17.0 2009.07.02 Win32.TrojanClicker
eTrust-Vet 31.6.6596 2009.07.03 -
F-Prot 4.4.4.56 2009.07.02 -
F-Secure 8.0.14470.0 2009.07.03 -
Fortinet 3.117.0.0 2009.07.03 PossibleThreat
GData 19 2009.07.03 Trojan.Clicker.MSH
Ikarus T3.1.1.64.0 2009.07.03 Trojan-Dropper.Agent
Jiangmin 11.0.706 2009.07.03 Trojan/Agent.cdmt
K7AntiVirus 7.10.783 2009.07.03 -
Kaspersky 7.0.0.125 2009.07.03 Heur.Trojan.Generic
McAfee 5665 2009.07.03 Generic.dx!kg
McAfee+Artemis 5665 2009.07.03 Generic.dx!kg
McAfee-GW-Edition 6.8.5 2009.07.03 Heuristic.LooksLike.Trojan.Click.H
Microsoft 1.4803 2009.07.03 -
NOD32 4213 2009.07.03 Win32/TrojanClicker.Delf.NFT
Norman 6.01.09 2009.07.03 -
nProtect 2009.1.8.0 2009.07.03 Trojan-Clicker/W32.Agent.93696
Panda 10.0.0.14 2009.07.03 Generic Trojan
PCTools 4.4.2.0 2009.07.03 -
Prevx 3.0 2009.07.03 High Risk Cloaked Malware
Rising 21.36.44.00 2009.07.03 -
Sophos 4.43.0 2009.07.03 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.07.02 Trojan-Clicker.MSH
Symantec 1.4.4.12 2009.07.03 -
TheHacker 6.3.4.3.360 2009.07.03 -
TrendMicro 8.950.0.1094 2009.07.03 TROJ_CLICKER.KE
VBA32 3.12.10.7 2009.07.03 Win32.TrojanClicker.Delf.NFT
ViRobot 2009.7.3.1818 2009.07.03 Trojan.Win32.Agent.93696.H
VirusBuster 4.6.5.0 2009.07.03 -
Additional information
File size: 93696 bytes
MD5...: 87f8ccea5e2a689bf14b84094bcd4ca5
SHA1..: a68c0d3721e2e0308ec195354c12c75ef3d1fd62
SHA256: 8ca46f158a72a8a681d5538517caa157541bb7d27a5936b16dbaa62cb651a62c
ssdeep: 1536:faVuIwx3KYqTlJVx1qM4/43PAt1rlTByi:faVuR4BxJL13kwPAt1rlty<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (38.4%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x14250<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 9 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x12148 0x12200 6.54 f7d65922c757fcd8017ce5cd002b5697<br>.itext 0x14000 0x304 0x400 4.97 6c8ff2c83834b1a45d69a710a6b1f984<br>.data 0x15000 0xc88 0xe00 2.32 7be78e492c3c629991cfdce25b6163d9<br>.bss 0x16000 0x32e0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x1a000 0xa2a 0xc00 4.42 92d009dd41efae282e8b4fb4f56189b0<br>.tls 0x1b000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0x1c000 0x18 0x200 0.20 327f5cc76968e5de7ebbacb62224fab2<br>.reloc 0x1d000 0x16a0 0x1800 6.53 c70e98601345ecaeac4ab19d08fe57eb<br>.rsrc 0x1f000 0x1000 0x1000 3.67 25a762d318dfe61df521633cc3c8f77f<br><br>( 10 imports ) <br>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<br>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>> user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA<br>> kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<br>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<br>> user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA<br>> kernel32.dll: WriteFile, VirtualQuery, Sleep, MultiByteToWideChar, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetDiskFreeSpaceA, GetDateFormatA, GetCPInfo, FreeLibrary, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CompareStringA<br>> oleaut32.dll: GetErrorInfo, SysFreeString<br>> ole32.dll: CLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize<br>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7A52783100ED9C166E230114EAD037008826D8B6' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=7A52783100ED9C166E230114EAD037008826D8B6</a>
Last one...
File dhcr87834.exe received on 2009.07.03 18:34:22 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.07.03 Trojan-Dropper!IK
AhnLab-V3 5.0.0.2 2009.07.03 -
AntiVir 7.9.0.204 2009.07.03 TR/Dropper.Gen
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.02 -
Avast 4.8.1335.0 2009.07.03 Win32:Trojan-gen {Other}
AVG 8.5.0.386 2009.07.03 Dropper.Generic.ARLY
BitDefender 7.2 2009.07.03 -
CAT-QuickHeal 10.00 2009.07.03 -
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.03 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6596 2009.07.03 -
F-Prot 4.4.4.56 2009.07.02 -
F-Secure 8.0.14470.0 2009.07.03 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.03 Win32:Trojan-gen {Other}
Ikarus T3.1.1.64.0 2009.07.03 Trojan-Dropper
Jiangmin 11.0.706 2009.07.03 -
K7AntiVirus 7.10.783 2009.07.03 -
Kaspersky 7.0.0.125 2009.07.03 -
McAfee 5665 2009.07.03 -
McAfee+Artemis 5665 2009.07.03 -
McAfee-GW-Edition 6.8.5 2009.07.03 Heuristic.LooksLike.Trojan.Buzus.H
Microsoft 1.4803 2009.07.03 -
NOD32 4213 2009.07.03 a variant of Win32/Injector.RG
Norman 6.01.09 2009.07.03 -
nProtect 2009.1.8.0 2009.07.03 Trojan/W32.Agent.138752.AB
Panda 10.0.0.14 2009.07.03 -
PCTools 4.4.2.0 2009.07.03 -
Prevx 3.0 2009.07.03 Medium Risk Malware
Rising 21.36.44.00 2009.07.03 -
Sophos 4.43.0 2009.07.03 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.07.02 -
Symantec 1.4.4.12 2009.07.03 -
TheHacker 6.3.4.3.360 2009.07.03 -
TrendMicro 8.950.0.1094 2009.07.03 -
VBA32 3.12.10.7 2009.07.03 BScope.Trojan-Dropper.Pict.62314
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.03 -
Additional information
File size: 138752 bytes
MD5...: cc8e5909a46fc84dd0e035395f294aaa
SHA1..: 19bb1b50253befcd36c720376d90a16458f276dd
SHA256: 7ed81c21afd9745d2218a47c19b0a428878e4e88ed7e8008b4e893564028b5aa
ssdeep: 3072:Vgnia6r1Ad+PoayqtYFSr9t1wAMXA51qRkmOn1YsrbZ:Vgnifloayqth5jw<br>AN51ekmPsx<br>
PEiD..: Armadillo v1.71
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x65d8<br>timedatestamp.....: 0x4a3512e5 (Sun Jun 14 15:10:29 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5764 0x5800 5.45 15d6b97bccf95fe6818618c2e1d26cfc<br>.rdata 0x7000 0x7e2 0x800 5.12 12146d57c33d5aa20e216efac8b062c7<br>.data 0x8000 0x778 0x400 5.40 2961ed1a4aac8c7448119604252e6f41<br>.rsrc 0x9000 0x1b580 0x1b600 7.96 9974a28c83ac9111e6bccea428ce6f39<br><br>( 5 imports ) <br>> KERNEL32.dll: ExitProcess, LoadLibraryA, GetModuleHandleA, GetProcAddress, GetTimeFormatA, CreateThread, Sleep, VirtualAlloc, VirtualQueryEx, GetStartupInfoA<br>> USER32.dll: DestroyWindow, GetSystemMetrics, RegisterClassA, LoadCursorA, PostQuitMessage, CreateWindowExA, SetDlgItemTextA, GetWindowRect, LoadIconA, MessageBoxA, LoadImageA, ReleaseDC, GetDCEx, WaitMessage, DispatchMessageA, TranslateMessage, PeekMessageA, ShowWindow, DefWindowProcA, UpdateWindow, SetFocus<br>> GDI32.dll: CreateCompatibleBitmap, CreateRectRgnIndirect, DeleteObject, GetStockObject, GetObjectA<br>> MSVCP60.dll: __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z<br>> MSVCRT.dll: sprintf, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, atoi, memmove, memset, malloc, getenv, memcpy, __2@YAPAXI@Z, _except_handler3, rand, strlen, _controlfp<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=DBBD277900ABE2841EF502B9FCB6B000760EC51D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=DBBD277900ABE2841EF502B9FCB6B000760EC51D</a>
I installed windows recovery console, I hope it didn't ruin my boot menu ( I dual boot ubuntu, I hope its ok )
Combofix Log:
ComboFix 09-07-02.03 - Owner 07/03/2009 14:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.258 [GMT -4:00]
Running from: h:\windows\Apps\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\1057912.msp
c:\windows\Installer\1057915.msp
c:\windows\Installer\1057918.msp
c:\windows\Installer\105791b.msp
c:\windows\Installer\105791e.msp
c:\windows\Installer\1057921.msp
c:\windows\Installer\1104877.msp
c:\windows\Installer\110487a.msp
c:\windows\Installer\110487d.msp
c:\windows\Installer\1104880.msp
c:\windows\Installer\115dad.msp
c:\windows\Installer\115db0.msp
c:\windows\Installer\115db3.msp
c:\windows\Installer\115db6.msp
c:\windows\Installer\115db9.msp
c:\windows\Installer\115dbc.msp
c:\windows\Installer\116e16e.msp
c:\windows\Installer\116e171.msp
c:\windows\Installer\116e174.msp
c:\windows\Installer\116e177.msp
c:\windows\Installer\116e17a.msp
c:\windows\Installer\116e17d.msp
c:\windows\Installer\133df6.msp
c:\windows\Installer\133df9.msp
c:\windows\Installer\133dfc.msp
c:\windows\Installer\133dff.msp
c:\windows\Installer\133e02.msp
c:\windows\Installer\133e05.msp
c:\windows\Installer\134317.msp
c:\windows\Installer\13431a.msp
c:\windows\Installer\13431d.msp
c:\windows\Installer\134320.msp
c:\windows\Installer\1366bf4.msp
c:\windows\Installer\1366bf7.msp
c:\windows\Installer\1366bfa.msp
c:\windows\Installer\1366bfd.msp
c:\windows\Installer\1366c00.msp
c:\windows\Installer\1366c03.msp
c:\windows\Installer\14d9eeb.msp
c:\windows\Installer\14d9eee.msp
c:\windows\Installer\14d9ef1.msp
c:\windows\Installer\14d9ef4.msp
c:\windows\Installer\1547895.msp
c:\windows\Installer\1547898.msp
c:\windows\Installer\154789b.msp
c:\windows\Installer\154789e.msp
c:\windows\Installer\15478a1.msp
c:\windows\Installer\15478a4.msp
c:\windows\Installer\163cbdc.msp
c:\windows\Installer\163cbdf.msp
c:\windows\Installer\163cbe2.msp
c:\windows\Installer\163cbe5.msp
c:\windows\Installer\163cbe8.msp
c:\windows\Installer\163cbeb.msp
c:\windows\Installer\170f3f7.msp
c:\windows\Installer\170f3fa.msp
c:\windows\Installer\170f3fd.msp
c:\windows\Installer\170f400.msp
c:\windows\Installer\170f403.msp
c:\windows\Installer\170f406.msp
c:\windows\Installer\173a88.msp
c:\windows\Installer\173a8b.msp
c:\windows\Installer\173a8e.msp
c:\windows\Installer\173a91.msp
c:\windows\Installer\173a94.msp
c:\windows\Installer\173a97.msp
c:\windows\Installer\174a4ba.msp
c:\windows\Installer\174a4bd.msp
c:\windows\Installer\174a4c0.msp
c:\windows\Installer\174a4c3.msp
c:\windows\Installer\174a4c6.msp
c:\windows\Installer\174a4c9.msp
c:\windows\Installer\174cbe9.msp
c:\windows\Installer\174cbec.msp
c:\windows\Installer\174cbef.msp
c:\windows\Installer\174cbf2.msp
c:\windows\Installer\174cbf5.msp
c:\windows\Installer\174cbf8.msp
c:\windows\Installer\1790b7.msp
c:\windows\Installer\1790ba.msp
c:\windows\Installer\1790bd.msp
c:\windows\Installer\1790c0.msp
c:\windows\Installer\1790c3.msp
c:\windows\Installer\1790c6.msp
c:\windows\Installer\19249e6.msp
c:\windows\Installer\19249e9.msp
c:\windows\Installer\19249ec.msp
c:\windows\Installer\19249ef.msp
c:\windows\Installer\19249f2.msp
c:\windows\Installer\19249f5.msp
c:\windows\Installer\1a5abc1.msp
c:\windows\Installer\1a5abc4.msp
c:\windows\Installer\1a5abc7.msp
c:\windows\Installer\1a5abca.msp
c:\windows\Installer\1a5abcd.msp
c:\windows\Installer\1a5abd0.msp
c:\windows\Installer\1ae1e5.msp
c:\windows\Installer\1ae1e8.msp
c:\windows\Installer\1ae1eb.msp
c:\windows\Installer\1ae1ee.msp
c:\windows\Installer\1af3fe7.msp
c:\windows\Installer\1af3fea.msp
c:\windows\Installer\1af3fed.msp
c:\windows\Installer\1af3ff0.msp
c:\windows\Installer\1af3ff3.msp
c:\windows\Installer\1af3ff6.msp
c:\windows\Installer\1b51f5.msp
c:\windows\Installer\1b51f8.msp
c:\windows\Installer\1b51fb.msp
c:\windows\Installer\1b51fe.msp
c:\windows\Installer\1b5201.msp
c:\windows\Installer\1b5204.msp
c:\windows\Installer\1b6b999.msp
c:\windows\Installer\1b6b99c.msp
c:\windows\Installer\1b6b99f.msp
c:\windows\Installer\1b6b9a2.msp
c:\windows\Installer\1b6b9a5.msp
c:\windows\Installer\1b6b9a8.msp
c:\windows\Installer\1bc0530.msp
c:\windows\Installer\1bc0533.msp
c:\windows\Installer\1bc0536.msp
c:\windows\Installer\1bc0539.msp
c:\windows\Installer\1c6fc61.msp
c:\windows\Installer\1c6fc64.msp
c:\windows\Installer\1c6fc67.msp
c:\windows\Installer\1c6fc6a.msp
c:\windows\Installer\1c6fc6d.msp
c:\windows\Installer\1c6fc70.msp
c:\windows\Installer\1cfdff.msp
c:\windows\Installer\1cfe02.msp
c:\windows\Installer\1cfe05.msp
c:\windows\Installer\1cfe08.msp
c:\windows\Installer\1cfe0b.msp
c:\windows\Installer\1cfe0e.msp
c:\windows\Installer\1d01b28.msp
c:\windows\Installer\1d01b2b.msp
c:\windows\Installer\1d01b2e.msp
c:\windows\Installer\1d01b31.msp
c:\windows\Installer\1d01b34.msp
c:\windows\Installer\1d01b37.msp
c:\windows\Installer\1e75ab.msp
c:\windows\Installer\1e75ae.msp
c:\windows\Installer\1e75b1.msp
c:\windows\Installer\1e75b4.msp
c:\windows\Installer\1e75b7.msp
c:\windows\Installer\1e75ba.msp
c:\windows\Installer\1f3b8b.msp
c:\windows\Installer\1f3b8e.msp
c:\windows\Installer\1f3b91.msp
c:\windows\Installer\1f3b94.msp
c:\windows\Installer\1f3b97.msp
c:\windows\Installer\1f3b9a.msp
c:\windows\Installer\1f47203.msp
c:\windows\Installer\1f47206.msp
c:\windows\Installer\1f47209.msp
c:\windows\Installer\1f4720c.msp
c:\windows\Installer\1f4720f.msp
c:\windows\Installer\1f47212.msp
c:\windows\Installer\1f89a19.msp
c:\windows\Installer\1f89a1c.msp
c:\windows\Installer\1f89a1f.msp
c:\windows\Installer\1f89a22.msp
c:\windows\Installer\1f89a25.msp
c:\windows\Installer\1f89a28.msp
c:\windows\Installer\20dfa05.msp
c:\windows\Installer\21dfe.msp
c:\windows\Installer\21e01.msp
c:\windows\Installer\21e04.msp
c:\windows\Installer\21e07.msp
c:\windows\Installer\21e0a.msp
c:\windows\Installer\21e0d.msp
c:\windows\Installer\21e4edf.msp
c:\windows\Installer\21e4ee2.msp
c:\windows\Installer\21e4ee5.msp
c:\windows\Installer\21e4ee8.msp
c:\windows\Installer\21e4eeb.msp
c:\windows\Installer\21e4eee.msp
c:\windows\Installer\21ee2a3.msp
c:\windows\Installer\21ee2a6.msp
c:\windows\Installer\21ee2a9.msp
c:\windows\Installer\21ee2ac.msp
c:\windows\Installer\22154db.msp
c:\windows\Installer\22154de.msp
c:\windows\Installer\22154e1.msp
c:\windows\Installer\22154e4.msp
c:\windows\Installer\22154e7.msp
c:\windows\Installer\22154ea.msp
c:\windows\Installer\239679.msp
c:\windows\Installer\23967c.msp
c:\windows\Installer\23967f.msp
c:\windows\Installer\239682.msp
c:\windows\Installer\23cd39d.msp
c:\windows\Installer\23cd3a0.msp
c:\windows\Installer\23cd3a3.msp
c:\windows\Installer\23cd3a6.msp
c:\windows\Installer\23cd3a9.msp
c:\windows\Installer\23cd3ac.msp
c:\windows\Installer\245796.msp
c:\windows\Installer\245799.msp
c:\windows\Installer\24579c.msp
c:\windows\Installer\24579f.msp
c:\windows\Installer\245fb4.msp
c:\windows\Installer\245fb7.msp
c:\windows\Installer\245fba.msp
c:\windows\Installer\245fbd.msp
c:\windows\Installer\245fc0.msp
c:\windows\Installer\245fc3.msp
c:\windows\Installer\25f3be7.msp
c:\windows\Installer\25f3bea.msp
c:\windows\Installer\25f3bed.msp
c:\windows\Installer\25f3bf0.msp
c:\windows\Installer\267304.msp
c:\windows\Installer\267307.msp
c:\windows\Installer\26730a.msp
c:\windows\Installer\26730d.msp
c:\windows\Installer\267310.msp
c:\windows\Installer\267313.msp
c:\windows\Installer\27942ed.msp
c:\windows\Installer\27942f0.msp
c:\windows\Installer\27942f3.msp
c:\windows\Installer\27942f6.msp
c:\windows\Installer\27942f9.msp
c:\windows\Installer\27942fc.msp
c:\windows\Installer\27d0d15.msp
c:\windows\Installer\27d0d18.msp
c:\windows\Installer\27d0d1b.msp
c:\windows\Installer\27d0d1e.msp
c:\windows\Installer\28056c.msp
c:\windows\Installer\28056f.msp
c:\windows\Installer\280572.msp
c:\windows\Installer\280575.msp
c:\windows\Installer\280578.msp
c:\windows\Installer\28057b.msp
c:\windows\Installer\2823ad3.msp
c:\windows\Installer\2823ad6.msp
c:\windows\Installer\2823ad9.msp
c:\windows\Installer\2823adc.msp
c:\windows\Installer\2823adf.msp
c:\windows\Installer\2823ae2.msp
c:\windows\Installer\28d896b.msp
c:\windows\Installer\28d896e.msp
c:\windows\Installer\28d8971.msp
c:\windows\Installer\28d8974.msp
c:\windows\Installer\28d8977.msp
c:\windows\Installer\28d897a.msp
c:\windows\Installer\29725ce.msp
c:\windows\Installer\29725d1.msp
c:\windows\Installer\29725d4.msp
c:\windows\Installer\29725d7.msp
c:\windows\Installer\29725da.msp
c:\windows\Installer\29725dd.msp
c:\windows\Installer\2ad70a.msp
c:\windows\Installer\2ad70d.msp
c:\windows\Installer\2ad710.msp
c:\windows\Installer\2ad713.msp
c:\windows\Installer\2ad716.msp
c:\windows\Installer\2ad719.msp
c:\windows\Installer\2cfd4bb.msp
c:\windows\Installer\2cfd4be.msp
c:\windows\Installer\2cfd4c1.msp
c:\windows\Installer\2cfd4c4.msp
c:\windows\Installer\2f969.msp
c:\windows\Installer\2f96c.msp
c:\windows\Installer\2f96f.msp
c:\windows\Installer\30a39c4.msp
c:\windows\Installer\30a39c7.msp
c:\windows\Installer\30a39ca.msp
c:\windows\Installer\30a39cd.msp
c:\windows\Installer\30b0b8.msp
c:\windows\Installer\30b0bb.msp
c:\windows\Installer\30b0be.msp
c:\windows\Installer\30b0c1.msp
c:\windows\Installer\30b0c4.msp
c:\windows\Installer\30b0c7.msp
c:\windows\Installer\312fbd5.msp
c:\windows\Installer\312fbd8.msp
c:\windows\Installer\312fbdb.msp
c:\windows\Installer\312fbde.msp
c:\windows\Installer\31cf96.msp
c:\windows\Installer\31cf99.msp
c:\windows\Installer\31cf9c.msp
c:\windows\Installer\31cf9f.msp
c:\windows\Installer\31cfa2.msp
c:\windows\Installer\31cfa5.msp
c:\windows\Installer\323a0a3.msp
c:\windows\Installer\323a0a6.msp
c:\windows\Installer\323a0a9.msp
c:\windows\Installer\323a0ac.msp
c:\windows\Installer\323a0af.msp
c:\windows\Installer\323a0b2.msp
c:\windows\Installer\3346f4.msp
c:\windows\Installer\3346f7.msp
c:\windows\Installer\3346fa.msp
c:\windows\Installer\3346fd.msp
c:\windows\Installer\33b83.msp
c:\windows\Installer\33b86.msp
c:\windows\Installer\33b89.msp
c:\windows\Installer\33b8c.msp
c:\windows\Installer\34a9c0.msp
c:\windows\Installer\34a9c3.msp
c:\windows\Installer\34a9c6.msp
c:\windows\Installer\34a9c9.msp
c:\windows\Installer\34a9cc.msp
c:\windows\Installer\34a9cf.msp
c:\windows\Installer\34b26a.msp
c:\windows\Installer\34b26d.msp
c:\windows\Installer\34b270.msp
c:\windows\Installer\34b273.msp
c:\windows\Installer\34b276.msp
c:\windows\Installer\34b279.msp
c:\windows\Installer\36a4f7c.msp
c:\windows\Installer\36a4f7f.msp
c:\windows\Installer\36a4f82.msp
c:\windows\Installer\36a4f85.msp
c:\windows\Installer\395cae5.msp
c:\windows\Installer\395cae8.msp
c:\windows\Installer\395caeb.msp
c:\windows\Installer\395caee.msp
c:\windows\Installer\3a941.msi
c:\windows\Installer\3b4b38d.msp
c:\windows\Installer\3b4b390.msp
c:\windows\Installer\3b4b393.msp
c:\windows\Installer\3b4b396.msp
c:\windows\Installer\3d9bf9.msp
c:\windows\Installer\3d9bfc.msp
c:\windows\Installer\3d9bff.msp
c:\windows\Installer\3d9c02.msp
c:\windows\Installer\3d9c05.msp
c:\windows\Installer\3d9c08.msp
c:\windows\Installer\3e3ed0.msp
c:\windows\Installer\3e3ed3.msp
c:\windows\Installer\3e3ed6.msp
c:\windows\Installer\3e3ed9.msp
c:\windows\Installer\3e3edc.msp
c:\windows\Installer\3e3edf.msp
c:\windows\Installer\47bc2d7.msp
c:\windows\Installer\47bc2da.msp
c:\windows\Installer\47bc2dd.msp
c:\windows\Installer\47bc2e0.msp
c:\windows\Installer\484503c.msp
c:\windows\Installer\484503f.msp
c:\windows\Installer\4845042.msp
c:\windows\Installer\4845045.msp
c:\windows\Installer\4a41c.msp
c:\windows\Installer\4a41f.msp
c:\windows\Installer\4a422.msp
c:\windows\Installer\4a425.msp
c:\windows\Installer\4a428.msp
c:\windows\Installer\4a42b.msp
c:\windows\Installer\4fccb.msp
c:\windows\Installer\4fcce.msp
c:\windows\Installer\4fcd1.msp
c:\windows\Installer\4fcd4.msp
c:\windows\Installer\4fcd7.msp
c:\windows\Installer\4fcda.msp
c:\windows\Installer\4fd8cb.msp
c:\windows\Installer\4fd8ce.msp
c:\windows\Installer\4fd8d1.msp
c:\windows\Installer\4fd8d4.msp
c:\windows\Installer\4fd8d7.msp
c:\windows\Installer\4fd8da.msp
c:\windows\Installer\522934.msp
c:\windows\Installer\522937.msp
c:\windows\Installer\52293a.msp
c:\windows\Installer\52293d.msp
c:\windows\Installer\5611514.msp
c:\windows\Installer\5611517.msp
c:\windows\Installer\561151a.msp
c:\windows\Installer\561151d.msp
c:\windows\Installer\5766a2.msp
c:\windows\Installer\5766a5.msp
c:\windows\Installer\5766a8.msp
c:\windows\Installer\5766ab.msp
c:\windows\Installer\5766ae.msp
c:\windows\Installer\5766b1.msp
c:\windows\Installer\57a63b.msp
c:\windows\Installer\57a63e.msp
c:\windows\Installer\57a641.msp
c:\windows\Installer\57a644.msp
c:\windows\Installer\57a647.msp
c:\windows\Installer\57a64a.msp
c:\windows\Installer\5ec8a6.msp
c:\windows\Installer\5ec8a9.msp
c:\windows\Installer\5ec8ac.msp
c:\windows\Installer\5ec8af.msp
c:\windows\Installer\5ec8b2.msp
c:\windows\Installer\5ec8b5.msp
c:\windows\Installer\5f11e4.msp
c:\windows\Installer\5f11e7.msp
c:\windows\Installer\5f11ea.msp
c:\windows\Installer\5f11ed.msp
c:\windows\Installer\5fe26bc.msp
c:\windows\Installer\5fe26bf.msp
c:\windows\Installer\5fe26c2.msp
c:\windows\Installer\5fe26c5.msp
c:\windows\Installer\5fe26c8.msp
c:\windows\Installer\5fe26cb.msp
c:\windows\Installer\630e56.msp
c:\windows\Installer\630e59.msp
c:\windows\Installer\630e5c.msp
c:\windows\Installer\630e5f.msp
c:\windows\Installer\69945.msp
c:\windows\Installer\69948.msp
c:\windows\Installer\6994b.msp
c:\windows\Installer\6994e.msp
c:\windows\Installer\6a7fa.msp
c:\windows\Installer\6a7fd.msp
c:\windows\Installer\6a800.msp
c:\windows\Installer\6a803.msp
c:\windows\Installer\6a806.msp
c:\windows\Installer\6a809.msp
c:\windows\Installer\6d68ba.msp
c:\windows\Installer\6d68bd.msp
c:\windows\Installer\6d68c0.msp
c:\windows\Installer\6d68c3.msp
c:\windows\Installer\6d68c6.msp
c:\windows\Installer\6d68c9.msp
c:\windows\Installer\790c48.msp
c:\windows\Installer\790c4b.msp
c:\windows\Installer\790c4e.msp
c:\windows\Installer\790c51.msp
c:\windows\Installer\7919d4.msp
c:\windows\Installer\7919d7.msp
c:\windows\Installer\7919da.msp
c:\windows\Installer\7919dd.msp
c:\windows\Installer\7919e0.msp
c:\windows\Installer\7919e3.msp
c:\windows\Installer\7a3ee.msp
c:\windows\Installer\7a3f1.msp
c:\windows\Installer\7a3f4.msp
c:\windows\Installer\7a3f7.msp
c:\windows\Installer\7a3fa.msp
c:\windows\Installer\7a3fd.msp
c:\windows\Installer\7c225fa.msp
c:\windows\Installer\7c225fd.msp
c:\windows\Installer\7c22600.msp
c:\windows\Installer\7c22603.msp
c:\windows\Installer\7e3f56.msp
c:\windows\Installer\7e3f59.msp
c:\windows\Installer\7e3f5c.msp
c:\windows\Installer\7e3f5f.msp
c:\windows\Installer\7f9fef.msp
c:\windows\Installer\7f9ff2.msp
c:\windows\Installer\7f9ff5.msp
c:\windows\Installer\7f9ff8.msp
c:\windows\Installer\8388d.msp
c:\windows\Installer\83890.msp
c:\windows\Installer\83893.msp
c:\windows\Installer\83896.msp
c:\windows\Installer\842894.msp
c:\windows\Installer\842897.msp
c:\windows\Installer\84289a.msp
c:\windows\Installer\84289d.msp
c:\windows\Installer\8428a0.msp
c:\windows\Installer\8428a3.msp
c:\windows\Installer\865d18.msp
c:\windows\Installer\865d1b.msp
c:\windows\Installer\865d1e.msp
c:\windows\Installer\865d21.msp
c:\windows\Installer\865d24.msp
c:\windows\Installer\865d27.msp
c:\windows\Installer\886bd.msp
c:\windows\Installer\886c0.msp
c:\windows\Installer\886c3.msp
c:\windows\Installer\886c6.msp
c:\windows\Installer\886c9.msp
c:\windows\Installer\886cc.msp
c:\windows\Installer\8a0e0a.msp
c:\windows\Installer\8a0e0d.msp
c:\windows\Installer\8a0e10.msp
c:\windows\Installer\8a0e13.msp
c:\windows\Installer\8a0e16.msp
c:\windows\Installer\8a0e19.msp
c:\windows\Installer\8a4ecd9.msp
c:\windows\Installer\8a4ecdc.msp
c:\windows\Installer\8a4ecdf.msp
c:\windows\Installer\8a4ece2.msp
c:\windows\Installer\8a58de.msp
c:\windows\Installer\8a58e1.msp
c:\windows\Installer\8a58e4.msp
c:\windows\Installer\8a58e7.msp
c:\windows\Installer\8a58ea.msp
c:\windows\Installer\8a58ed.msp
c:\windows\Installer\8a8741.msp
c:\windows\Installer\8a8744.msp
c:\windows\Installer\8a8747.msp
c:\windows\Installer\8a874a.msp
c:\windows\Installer\8ce6dc.msp
c:\windows\Installer\8ce6df.msp
c:\windows\Installer\8ce6e2.msp
c:\windows\Installer\8ce6e5.msp
c:\windows\Installer\8ecc84.msp
c:\windows\Installer\8ecc87.msp
c:\windows\Installer\8ecc8a.msp
c:\windows\Installer\8ecc8d.msp
c:\windows\Installer\8ecc90.msp
c:\windows\Installer\8ecc93.msp
c:\windows\Installer\90ed9.msp
c:\windows\Installer\90edc.msp
c:\windows\Installer\90edf.msp
c:\windows\Installer\90ee2.msp
c:\windows\Installer\9116d2.msp
c:\windows\Installer\9116d5.msp
c:\windows\Installer\9116d8.msp
c:\windows\Installer\9116db.msp
c:\windows\Installer\9116de.msp
c:\windows\Installer\9116e1.msp
c:\windows\Installer\93c9f.msp
c:\windows\Installer\93ca2.msp
c:\windows\Installer\93ca5.msp
c:\windows\Installer\93ca8.msp
c:\windows\Installer\9a2a1d3.msp
c:\windows\Installer\9a2a1d6.msp
c:\windows\Installer\9a2a1d9.msp
c:\windows\Installer\9a2a1dc.msp
c:\windows\Installer\a3e31.msp
c:\windows\Installer\a3e34.msp
c:\windows\Installer\a3e37.msp
c:\windows\Installer\a3e3a.msp
c:\windows\Installer\a5d61a.msp
c:\windows\Installer\a5d61d.msp
c:\windows\Installer\a5d620.msp
c:\windows\Installer\a5d623.msp
c:\windows\Installer\a5d626.msp
c:\windows\Installer\a5d629.msp
c:\windows\Installer\ad495.msp
c:\windows\Installer\ad498.msp
c:\windows\Installer\ad49b.msp
c:\windows\Installer\ad49e.msp
c:\windows\Installer\ad4a1.msp
c:\windows\Installer\ad4a4.msp
c:\windows\Installer\afdf7.msp
c:\windows\Installer\afdfa.msp
c:\windows\Installer\afdfd.msp
c:\windows\Installer\afe00.msp
c:\windows\Installer\b12667.msp
c:\windows\Installer\b1266a.msp
c:\windows\Installer\b1266d.msp
c:\windows\Installer\b12670.msp
c:\windows\Installer\b12673.msp
c:\windows\Installer\b12676.msp
c:\windows\Installer\b3fe7d.msp
c:\windows\Installer\b3fe80.msp
c:\windows\Installer\b3fe83.msp
c:\windows\Installer\b3fe86.msp
c:\windows\Installer\b3fe89.msp
c:\windows\Installer\b3fe8c.msp
c:\windows\Installer\bc3834.msp
c:\windows\Installer\bc3837.msp
c:\windows\Installer\bc383a.msp
c:\windows\Installer\bc383d.msp
c:\windows\Installer\bc3840.msp
c:\windows\Installer\bc3843.msp
c:\windows\Installer\bfb13.msp
c:\windows\Installer\bfb16.msp
c:\windows\Installer\bfb19.msp
c:\windows\Installer\bfb1c.msp
c:\windows\Installer\c2b3b0.msp
c:\windows\Installer\c2b3b3.msp
c:\windows\Installer\c2b3b6.msp
c:\windows\Installer\c2b3b9.msp
c:\windows\Installer\c2b3bc.msp
c:\windows\Installer\c2b3bf.msp
c:\windows\Installer\c303d.msp
c:\windows\Installer\c3040.msp
c:\windows\Installer\c3043.msp
c:\windows\Installer\c3046.msp
c:\windows\Installer\c3049.msp
c:\windows\Installer\c304c.msp
c:\windows\Installer\cebd99.msp
c:\windows\Installer\cebd9c.msp
c:\windows\Installer\cebd9f.msp
c:\windows\Installer\cebda2.msp
c:\windows\Installer\cebda5.msp
c:\windows\Installer\cebda8.msp
c:\windows\Installer\d272e0.msp
c:\windows\Installer\d272e3.msp
c:\windows\Installer\d71f98.msp
c:\windows\Installer\d71f9b.msp
c:\windows\Installer\d71f9e.msp
c:\windows\Installer\d71fa1.msp
c:\windows\Installer\d71fa4.msp
c:\windows\Installer\d71fa7.msp
c:\windows\Installer\e8071b.msp
c:\windows\Installer\e8071e.msp
c:\windows\Installer\e80721.msp
c:\windows\Installer\e80724.msp
c:\windows\Installer\e80727.msp
c:\windows\Installer\e8072a.msp
c:\windows\Installer\f51efa0.msp
c:\windows\Installer\f51efa3.msp
c:\windows\Installer\f51efa6.msp
c:\windows\Installer\f51efa9.msp
c:\windows\Installer\f7064.msp
c:\windows\Installer\f7067.msp
c:\windows\Installer\f706a.msp
c:\windows\Installer\f706d.msp
c:\windows\Installer\f7070.msp
c:\windows\Installer\f7073.msp
c:\windows\Installer\f7befc2.msp
c:\windows\Installer\f7befc5.msp
c:\windows\Installer\f7befc8.msp
c:\windows\Installer\f7befcb.msp
c:\windows\Installer\f82e2.msp
c:\windows\Installer\f82e5.msp
c:\windows\Installer\f82e8.msp
c:\windows\Installer\f82eb.msp
c:\windows\Installer\f9d844.msp
c:\windows\Installer\f9d847.msp
c:\windows\Installer\f9d84a.msp
c:\windows\Installer\f9d84d.msp
c:\windows\Installer\f9d850.msp
c:\windows\Installer\f9d853.msp
c:\windows\Installer\fbca11.msp
c:\windows\Installer\fbca14.msp
c:\windows\Installer\fbca17.msp
c:\windows\Installer\fbca1a.msp
c:\windows\Installer\fbca1d.msp
c:\windows\Installer\fbca20.msp
c:\windows\Installer\fc73fd.msp
c:\windows\Installer\fc7400.msp
c:\windows\Installer\fc7403.msp
c:\windows\Installer\fc7406.msp
c:\windows\Installer\fcdc6.msp
c:\windows\Installer\fcdc9.msp
c:\windows\Installer\fcdcc.msp
c:\windows\Installer\fcdcf.msp
c:\windows\Installer\fcdd2.msp
c:\windows\Installer\fcdd5.msp
.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-06-29 21:38 . 2009-06-29 21:38 -------- d-sh--w- C:\found.000
2009-06-29 02:36 . 2009-06-29 02:37 -------- d-----w- C:\rsit
2009-06-27 19:07 . 2009-06-27 19:07 -------- d-----w- c:\program files\Safer Networking
2009-06-24 20:40 . 2009-06-29 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\93363746
2009-06-24 20:40 . 2009-06-29 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\13353754
2009-06-23 23:42 . 2009-06-23 23:44 -------- d-----w- c:\program files\Peggle
2009-06-23 23:17 . 2009-06-23 23:20 73728 ---ha-w- c:\documents and settings\Owner\Application Data\RBRegEx550.dll
2009-06-23 23:17 . 2009-06-23 23:20 39936 ---ha-w- c:\documents and settings\Owner\Application Data\RBShell555.dll
2009-06-23 23:16 . 2009-06-23 23:16 138752 ----a-w- c:\windows\dhcr87834.exe
2009-06-23 23:16 . 2009-06-23 23:16 138752 ----a-w- c:\windows\wrimm50128.exe
2009-06-23 23:15 . 2009-06-23 23:15 93696 ----a-w- c:\windows\febk7167.exe
2009-06-23 23:15 . 2009-06-23 23:15 138752 ----a-w- c:\windows\kvad88233.exe
2009-06-23 23:15 . 2009-06-23 23:15 93696 ----a-w- c:\windows\henl37870.exe
2009-06-23 23:15 . 2009-06-23 23:15 93696 ----a-w- c:\windows\tfpdf3461.exe
2009-06-18 23:33 . 2009-06-18 23:41 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-06-11 20:30 . 2009-06-17 01:34 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-11 20:29 . 2009-06-11 20:29 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
2009-06-11 20:17 . 2009-06-11 20:17 -------- d-----w- c:\program files\JRE
2009-06-11 20:17 . 2009-06-11 20:17 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-09 23:55 . 2009-06-09 23:55 -------- d-----w- c:\program files\MagicDVDRipper
2009-06-09 23:45 . 2009-06-09 23:45 -------- d-----w- c:\program files\Convert Genius
2009-06-09 23:41 . 2009-06-09 23:41 -------- d-----w- c:\program files\iPod
2009-06-09 23:41 . 2009-06-09 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-09 23:38 . 2009-06-09 23:38 -------- d-----w- c:\program files\QuickTime
2009-06-09 23:30 . 2009-06-09 23:30 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 20:52 . 2009-06-04 20:52 -------- d-----w- c:\program files\Convert VOB to AVI
2009-06-04 20:49 . 2009-06-04 20:49 -------- d-----w- C:\ConverterOutput
2009-06-04 20:48 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-04 20:48 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-04 20:48 . 2009-06-04 20:48 -------- d-----w- c:\program files\Cucusoft
2009-06-04 20:45 . 2009-06-04 20:45 -------- d-----w- c:\program files\Common Files\Common Share
2009-06-04 20:45 . 2008-12-18 17:38 719872 ----a-w- c:\windows\system32\devil.dll
2009-06-04 20:45 . 2008-12-18 17:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2009-06-04 20:45 . 2009-06-04 20:45 -------- d-----w- c:\program files\OJOsoft
2009-06-04 19:31 . 2009-06-04 19:32 -------- d-----w- c:\program files\DebugMode
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 23:38 . 2008-08-10 17:33 -------- d-----w- c:\documents and settings\Owner\Application Data\.purple
2009-06-30 19:28 . 2007-07-27 12:56 -------- d-----w- c:\program files\Warcraft III
2009-06-29 20:22 . 2009-01-15 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 20:21 . 2009-01-15 04:10 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-29 20:00 . 2007-01-07 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-28 16:18 . 2009-02-11 21:57 -------- d-----w- c:\program files\Google
2009-06-25 22:11 . 2008-08-10 18:22 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2009-06-23 23:42 . 2007-03-17 19:55 -------- d-----w- c:\program files\BFG
2009-06-23 23:23 . 2007-01-06 18:41 98304 ----a-w- c:\windows\DUMP8abb.tmp
2009-06-17 15:27 . 2009-01-15 04:10 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-01-15 04:10 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 00:18 . 2009-03-16 21:52 -------- d-----w- c:\program files\lx_cats
2009-06-12 08:45 . 2007-01-07 01:49 64336 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 20:16 . 2008-10-01 00:50 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-06-11 20:03 . 2007-10-16 10:53 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-06-11 19:59 . 2007-10-16 10:55 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-09 23:42 . 2008-09-28 22:25 -------- d-----w- c:\program files\iTunes
2009-06-09 23:41 . 2008-01-18 00:54 -------- d-----w- c:\program files\Common Files\Apple
2009-06-05 15:42 . 2008-09-09 23:17 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2008-01-18 00:54 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 20:48 . 2007-07-13 16:44 -------- d-----w- c:\program files\Common Files\Download Manager
2009-06-04 00:53 . 2009-02-24 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\DVD Flick
2009-05-12 02:45 . 2007-02-26 03:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-12 02:37 . 2009-05-12 02:37 -------- d-----w- c:\program files\YouTube Downloader
2009-05-07 15:44 . 2009-02-28 09:55 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2004-08-04 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 13:50 . 2007-01-07 03:04 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-20 15:35 . 2008-06-19 20:06 119296 ----a-w- c:\windows\system32\zlib.dll
2009-04-19 17:32 . 2009-04-19 17:32 8854 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-04-19 17:32 . 2009-04-19 17:32 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-04-19 17:32 . 2009-04-19 17:32 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-19 00:44 . 2009-04-18 22:58 1026 ----a-w- C:\logfile.dat
2009-04-17 09:58 . 2009-02-28 09:55 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-04 12:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2008-12-18 01:33 . 2008-12-18 01:39 3139872 ----a-w- c:\program files\video.flv
2008-07-13 14:05 . 2008-07-13 14:05 58652 ----a-w- c:\program files\AMVapp-uninst.exe
2005-01-21 15:53 . 2007-07-30 04:22 45056 ------r- c:\program files\SetAttrib.exe
2004-11-30 22:23 . 2007-07-30 04:22 40960 ------r- c:\program files\delete.exe
2007-11-15 19:05 . 2008-03-13 19:11 89088 ----a-w- c:\program files\mozilla firefox\plugins\atl71.dll
2007-11-15 19:05 . 2008-03-13 19:11 53248 ----a-w- c:\program files\mozilla firefox\plugins\boost_filesystem-vc71-mt-1_33_1.dll
2007-11-15 19:05 . 2008-03-13 19:11 499712 ----a-w- c:\program files\mozilla firefox\plugins\msvcp71.dll
2007-11-15 19:05 . 2008-03-13 19:11 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2007-11-15 19:05 . 2008-03-13 19:11 110592 ----a-w- c:\program files\mozilla firefox\plugins\v22_base.dll
2007-11-15 19:05 . 2008-03-13 19:11 114688 ----a-w- c:\program files\mozilla firefox\plugins\v22_compression.dll
2007-11-15 19:05 . 2008-03-13 19:11 106496 ----a-w- c:\program files\mozilla firefox\plugins\v22_connect.dll
2007-11-15 19:05 . 2008-03-13 19:11 229376 ----a-w- c:\program files\mozilla firefox\plugins\v22_update.dll
2007-11-15 19:05 . 2008-03-13 19:11 196608 ----a-w- c:\program files\mozilla firefox\plugins\v22_utility.dll
2007-11-15 19:05 . 2008-03-13 19:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\v22_winapplib.dll
2007-10-18 01:50 . 2007-10-11 18:32 88 --sh--r- c:\windows\system32\4E2CAE1B1E.sys
2007-10-18 01:50 . 2007-10-11 10:48 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-29_21.43.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-11 10:39 . 2008-04-11 10:39 86528 c:\windows\Installer\679ee.msi
+ 2009-03-17 00:04 . 2009-03-17 00:04 25088 c:\windows\Installer\2ec8601.msi
+ 2009-03-17 00:04 . 2009-03-17 00:04 28160 c:\windows\Installer\2ec85fc.msi
+ 2009-03-17 00:04 . 2009-03-17 00:04 83456 c:\windows\Installer\2ec85e8.msi
+ 2009-03-17 00:04 . 2009-03-17 00:04 59904 c:\windows\Installer\2ec85e3.msi
+ 2007-11-11 18:14 . 2007-11-11 18:14 572928 c:\windows\system32\config\systemprofile\Local Settings\Application Data\WindowsLiveInstaller\MsiSources\Install_{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}.msi
+ 2007-08-19 21:22 . 2007-08-19 21:22 990720 c:\windows\Installer\f8baa56.msi
+ 2008-08-14 13:16 . 2008-08-14 13:16 331264 c:\windows\Installer\c4bb4c.msi
+ 2007-01-07 03:08 . 2007-01-07 03:08 264704 c:\windows\Installer\bedf.msi
+ 2009-04-19 17:32 . 2009-04-19 17:32 257024 c:\windows\Installer\b7e680.msi
+ 2009-01-01 03:06 . 2009-01-01 03:06 282112 c:\windows\Installer\930f3e.msi
+ 2007-08-15 10:02 . 2007-08-15 10:02 431104 c:\windows\Installer\88589a8.msi
+ 2008-11-13 03:15 . 2008-11-13 03:15 972800 c:\windows\Installer\766ea5.msi
+ 2008-11-13 03:15 . 2008-11-13 03:15 432640 c:\windows\Installer\766e9f.msi
+ 2008-10-19 08:54 . 2008-10-19 08:54 308736 c:\windows\Installer\687f5.msi
+ 2007-11-07 19:07 . 2007-11-07 19:07 999936 c:\windows\Installer\679f7.msp
+ 2007-11-07 18:56 . 2007-11-07 18:56 553472 c:\windows\Installer\679f4.msp
+ 2007-11-07 18:58 . 2007-11-07 18:58 908800 c:\windows\Installer\679f0.msp
+ 2007-11-07 18:54 . 2007-11-07 18:54 507392 c:\windows\Installer\679ef.msp
+ 2008-06-23 18:39 . 2008-06-23 18:39 271872 c:\windows\Installer\600859.msi
+ 2008-10-23 00:43 . 2008-10-23 00:43 561664 c:\windows\Installer\4be16e.msi
+ 2007-01-07 20:07 . 2007-01-07 20:07 390656 c:\windows\Installer\338299.msi
+ 2009-03-17 00:05 . 2009-03-17 00:05 431104 c:\windows\Installer\2ec8607.msi
+ 2009-03-17 00:04 . 2009-03-17 00:04 140288 c:\windows\Installer\2ec85f7.msi
+ 2009-03-17 00:04 . 2009-03-17 00:04 202752 c:\windows\Installer\2ec85f2.msi
+ 2009-03-17 00:04 . 2009-03-17 00:04 152576 c:\windows\Installer\2ec85ed.msi
+ 2009-03-17 00:03 . 2009-03-17 00:03 107008 c:\windows\Installer\2ec85de.msi
+ 2009-03-17 00:03 . 2009-03-17 00:03 301056 c:\windows\Installer\2ec85d9.msi
+ 2007-01-08 11:00 . 2007-01-08 11:00 428544 c:\windows\Installer\1ff91f0.msi
+ 2009-03-19 10:37 . 2009-03-19 10:37 355328 c:\windows\Installer\1c8b1.msi
+ 2008-12-21 20:26 . 2008-12-21 20:26 167424 c:\windows\Installer\11ea90.msi
+ 2007-05-09 10:41 . 2007-05-09 10:41 470528 c:\windows\Installer\115cc7.msi
+ 2008-08-12 15:38 . 2008-08-12 15:38 532992 c:\windows\Installer\112c81.msi
+ 2008-01-01 16:28 . 2008-01-01 16:28 164352 c:\windows\Installer\1124b589.msi
+ 2008-02-24 18:43 . 2005-04-04 07:07 982016 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ISScript11.Msi
+ 2004-08-04 12:00 . 2004-08-04 12:00 1326080 c:\windows\system32\webfldrs.msi
+ 2007-05-25 19:08 . 2007-05-25 19:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2009-03-13 10:26 . 2009-03-13 10:26 1659392 c:\windows\Installer\d09c2.msi
+ 2009-06-09 23:43 . 2009-06-09 23:43 4074496 c:\windows\Installer\b5417c.msi
+ 2009-06-09 23:38 . 2009-06-09 23:38 8992256 c:\windows\Installer\b53e43.msi
+ 2009-06-09 23:34 . 2009-06-09 23:34 3295232 c:\windows\Installer\b53ba9.msi
+ 2007-05-06 12:13 . 2007-05-06 12:13 3443712 c:\windows\Installer\aba7838.msi
+ 2009-01-24 02:44 . 2009-01-24 02:44 1851904 c:\windows\Installer\957751.msi
+ 2008-10-19 18:28 . 2008-10-19 18:28 6074368 c:\windows\Installer\8d9a44.msi
+ 2007-11-07 18:50 . 2007-11-07 18:50 6055936 c:\windows\Installer\679f6.msp
+ 2007-11-07 19:00 . 2007-11-07 19:00 3407360 c:\windows\Installer\679f5.msp
+ 2007-11-07 18:46 . 2007-11-07 18:46 3010560 c:\windows\Installer\679f3.msp
+ 2007-11-07 19:02 . 2007-11-07 19:02 6473216 c:\windows\Installer\679f2.msp
+ 2007-11-07 19:12 . 2007-11-07 19:12 2533376 c:\windows\Installer\679f1.msp
+ 2008-09-07 14:09 . 2008-09-07 14:09 1549312 c:\windows\Installer\60428ff.msi
+ 2007-05-07 10:03 . 2007-05-07 10:03 5864960 c:\windows\Installer\50a912.msp
+ 2009-04-23 13:42 . 2009-04-23 13:42 1914880 c:\windows\Installer\2da9f.msi
+ 2008-06-19 22:28 . 2008-06-19 22:28 1573376 c:\windows\Installer\2a241.msp
+ 2007-07-21 17:26 . 2007-07-21 17:26 7574016 c:\windows\Installer\2a211.msp
+ 2008-10-20 14:18 . 2008-10-20 14:18 6474240 c:\windows\Installer\2a209.msp
+ 2009-05-04 11:46 . 2009-05-04 11:46 8299008 c:\windows\Installer\2930b72.msp
+ 2009-04-24 16:30 . 2009-04-24 16:30 2583552 c:\windows\Installer\2930b66.msp
+ 2009-06-11 20:19 . 2009-06-11 20:19 9811968 c:\windows\Installer\1e1a1a.msi
+ 2009-04-18 22:56 . 2009-04-18 22:56 8541184 c:\windows\Installer\1b2a9e0.msi
+ 2009-03-02 02:44 . 2009-03-02 02:44 1046528 c:\windows\Installer\1ad093.msi
+ 2009-05-30 02:50 . 2009-05-30 02:50 1100288 c:\windows\Installer\16b22a8.msi
+ 2007-11-11 22:48 . 2007-11-11 22:48 5885952 c:\windows\Installer\14cc78e0.msi
+ 2009-04-24 16:31 . 2009-04-24 16:31 1425920 c:\windows\Installer\1167110.msp
+ 2008-02-24 18:43 . 2006-06-19 21:04 9934848 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\iTunes.msi
+ 2007-01-07 18:13 . 2007-03-09 17:16 2445824 c:\windows\Downloaded Installations\{4E6E8521-5CEC-4E42-9965-BEB0E8148B52}\DriverMagic.msi
+ 2007-11-11 18:15 . 2007-11-11 18:15 17160704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\WindowsLiveInstaller\MsiSources\Install_{508CE775-4BA4-4748-82DF-FE28DA9F03B0}.msi
+ 2007-05-06 12:15 . 2007-05-06 12:15 19210240 c:\windows\Installer\abdde26.msp
+ 2009-02-25 23:07 . 2009-02-25 23:07 11646464 c:\windows\Installer\69e8b.msp
+ 2008-12-06 02:06 . 2008-12-06 02:06 10608640 c:\windows\Installer\3e13e4.msi
+ 2008-10-20 14:22 . 2008-10-20 14:22 11758592 c:\windows\Installer\2a251.msp
+ 2008-08-11 15:51 . 2008-08-11 15:51 15916544 c:\windows\Installer\2a249.msp
+ 2008-08-11 15:49 . 2008-08-11 15:49 22457344 c:\windows\Installer\2a238.msp
+ 2008-09-24 16:05 . 2008-09-24 16:05 16381440 c:\windows\Installer\2a22d.msp
+ 2007-10-15 03:33 . 2007-10-15 03:33 26646016 c:\windows\Installer\2a225.msp
+ 2007-07-11 10:09 . 2007-07-11 10:09 15256576 c:\windows\Installer\20dfa04.msp
+ 2009-03-14 20:06 . 2009-03-14 20:06 10726400 c:\windows\Installer\1465556.msi
+ 2008-10-01 00:08 . 2008-10-01 00:08 41880576 c:\windows\{3CFE644B-130D-49B2-A377-798D91B61C7B}\Linksys WUSB100 RangePlus Wireless USB Adapter.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-4 3450608]
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^runit_32.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\runit_32.lnk
backup=c:\windows\pss\runit_32.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"LightScribeService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AresChatServer"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"StyleXPService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
"WinTabService"=2 (0x2)
"gusvc"=2 (0x2)
"lxcy_device"=2 (0x2)
"PinnacleUpdateSvc"=2 (0x2)
"NetSvc"=3 (0x3)
"WUSB54GCSVC"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CoffeeTycoon_Setup.exe"=c:\docume~1\Owner\Desktop\COFFEE~1.EXE /r
"LemonadeTycoon2Setup.exe"=c:\docume~1\Owner\Desktop\LEMONA~1.EXE /r
"SchoolTycoonSetup.exe"=c:\docume~1\Owner\Desktop\SCHOOL~1.EXE /r
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LXCYCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\CCFile\\ccfile.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYMonitor.exe"=
"c:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYWorld.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"111:TCP"= 111:TCP:*:Disabled:fghfgh
"5000:TCP"= 5000:TCP:TCP Port 5000
"22119:TCP"= 22119:TCP:BitComet 22119 TCP
"22119:UDP"= 22119:UDP:BitComet 22119 UDP
"135:TCP"= 135:TCP:TCP Port 135
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [11/15/2007 6:43 AM 15872]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [3/26/2009 6:53 PM 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [3/26/2009 6:53 PM 51072]
R2 kqemu;kqemu driver;c:\windows\system32\drivers\kqemu.sys [2/6/2007 5:02 PM 123939]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/28/2007 11:06 PM 16512]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [4/18/2009 6:58 PM 18560]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 5:10 PM 32512]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [10/26/2008 1:23 PM 33752]
S4 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZN
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: myspace.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 14:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-07-03 15:04
ComboFix-quarantined-files.txt 2009-07-03 19:04
ComboFix2.txt 2009-06-29 21:53
Pre-Run: 23,585,488,896 bytes free
Post-Run: 23,528,501,248 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=15
956 --- E O F --- 2009-07-03 01:43
Combofix - After running script
ComboFix 09-07-02.03 - Owner 07/03/2009 15:16.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.236 [GMT -4:00]
Running from: h:\windows\Apps\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
FILE ::
"c:\windows\dhcr87834.exe"
"c:\windows\febk7167.exe"
"c:\windows\henl37870.exe"
"c:\windows\kvad88233.exe"
"c:\windows\tfpdf3461.exe"
"c:\windows\wrimm50128.exe"
file zipped: c:\windows\Suspect_dhcr87834.exe.vir
file zipped: c:\windows\Suspect_febk7167.exe.vir
file zipped: c:\windows\Suspect_kvad88233.exe.vir
file zipped: c:\windows\system32\drivers\Suspect_kqemu.sys.vir
file zipped: c:\windows\system32\drivers\Suspect_vburner.sys.vir
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\13353754
c:\documents and settings\All Users\Application Data\13353754\13353754.glu
c:\documents and settings\All Users\Application Data\93363746
c:\windows\dhcr87834.exe
c:\windows\febk7167.exe
c:\windows\henl37870.exe
c:\windows\kvad88233.exe
c:\windows\tfpdf3461.exe
c:\windows\wrimm50128.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-06-29 21:38 . 2009-06-29 21:38 -------- d-sh--w- C:\found.000
2009-06-29 02:36 . 2009-06-29 02:37 -------- d-----w- C:\rsit
2009-06-27 19:07 . 2009-06-27 19:07 -------- d-----w- c:\program files\Safer Networking
2009-06-23 23:42 . 2009-06-23 23:44 -------- d-----w- c:\program files\Peggle
2009-06-23 23:17 . 2009-06-23 23:20 73728 ---ha-w- c:\documents and settings\Owner\Application Data\RBRegEx550.dll
2009-06-23 23:17 . 2009-06-23 23:20 39936 ---ha-w- c:\documents and settings\Owner\Application Data\RBShell555.dll
2009-06-18 23:33 . 2009-06-18 23:41 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-06-11 20:30 . 2009-06-17 01:34 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-11 20:29 . 2009-06-11 20:29 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
2009-06-11 20:17 . 2009-06-11 20:17 -------- d-----w- c:\program files\JRE
2009-06-11 20:17 . 2009-06-11 20:17 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-09 23:55 . 2009-06-09 23:55 -------- d-----w- c:\program files\MagicDVDRipper
2009-06-09 23:45 . 2009-06-09 23:45 -------- d-----w- c:\program files\Convert Genius
2009-06-09 23:41 . 2009-06-09 23:41 -------- d-----w- c:\program files\iPod
2009-06-09 23:41 . 2009-06-09 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-09 23:38 . 2009-06-09 23:38 -------- d-----w- c:\program files\QuickTime
2009-06-09 23:30 . 2009-06-09 23:30 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 20:52 . 2009-06-04 20:52 -------- d-----w- c:\program files\Convert VOB to AVI
2009-06-04 20:49 . 2009-06-04 20:49 -------- d-----w- C:\ConverterOutput
2009-06-04 20:48 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-04 20:48 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-04 20:48 . 2009-06-04 20:48 -------- d-----w- c:\program files\Cucusoft
2009-06-04 20:45 . 2009-06-04 20:45 -------- d-----w- c:\program files\Common Files\Common Share
2009-06-04 20:45 . 2008-12-18 17:38 719872 ----a-w- c:\windows\system32\devil.dll
2009-06-04 20:45 . 2008-12-18 17:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2009-06-04 20:45 . 2009-06-04 20:45 -------- d-----w- c:\program files\OJOsoft
2009-06-04 19:31 . 2009-06-04 19:32 -------- d-----w- c:\program files\DebugMode
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 23:38 . 2008-08-10 17:33 -------- d-----w- c:\documents and settings\Owner\Application Data\.purple
2009-06-30 19:28 . 2007-07-27 12:56 -------- d-----w- c:\program files\Warcraft III
2009-06-29 20:22 . 2009-01-15 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 20:21 . 2009-01-15 04:10 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-29 20:00 . 2007-01-07 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-28 16:18 . 2009-02-11 21:57 -------- d-----w- c:\program files\Google
2009-06-25 22:11 . 2008-08-10 18:22 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2009-06-23 23:42 . 2007-03-17 19:55 -------- d-----w- c:\program files\BFG
2009-06-23 23:23 . 2007-01-06 18:41 98304 ----a-w- c:\windows\DUMP8abb.tmp
2009-06-17 15:27 . 2009-01-15 04:10 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-01-15 04:10 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 00:18 . 2009-03-16 21:52 -------- d-----w- c:\program files\lx_cats
2009-06-12 08:45 . 2007-01-07 01:49 64336 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 20:16 . 2008-10-01 00:50 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-06-11 20:03 . 2007-10-16 10:53 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-06-11 19:59 . 2007-10-16 10:55 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-09 23:42 . 2008-09-28 22:25 -------- d-----w- c:\program files\iTunes
2009-06-09 23:41 . 2008-01-18 00:54 -------- d-----w- c:\program files\Common Files\Apple
2009-06-05 15:42 . 2008-09-09 23:17 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2008-01-18 00:54 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 20:48 . 2007-07-13 16:44 -------- d-----w- c:\program files\Common Files\Download Manager
2009-06-04 00:53 . 2009-02-24 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\DVD Flick
2009-05-12 02:45 . 2007-02-26 03:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-12 02:37 . 2009-05-12 02:37 -------- d-----w- c:\program files\YouTube Downloader
2009-05-07 15:44 . 2009-02-28 09:55 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2004-08-04 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 13:50 . 2007-01-07 03:04 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-20 15:35 . 2008-06-19 20:06 119296 ----a-w- c:\windows\system32\zlib.dll
2009-04-19 17:32 . 2009-04-19 17:32 8854 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-04-19 17:32 . 2009-04-19 17:32 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-04-19 17:32 . 2009-04-19 17:32 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-19 00:44 . 2009-04-18 22:58 1026 ----a-w- C:\logfile.dat
2009-04-17 09:58 . 2009-02-28 09:55 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-04 12:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2008-12-18 01:33 . 2008-12-18 01:39 3139872 ----a-w- c:\program files\video.flv
2008-07-13 14:05 . 2008-07-13 14:05 58652 ----a-w- c:\program files\AMVapp-uninst.exe
2005-01-21 15:53 . 2007-07-30 04:22 45056 ------r- c:\program files\SetAttrib.exe
2004-11-30 22:23 . 2007-07-30 04:22 40960 ------r- c:\program files\delete.exe
2007-11-15 19:05 . 2008-03-13 19:11 89088 ----a-w- c:\program files\mozilla firefox\plugins\atl71.dll
2007-11-15 19:05 . 2008-03-13 19:11 53248 ----a-w- c:\program files\mozilla firefox\plugins\boost_filesystem-vc71-mt-1_33_1.dll
2007-11-15 19:05 . 2008-03-13 19:11 499712 ----a-w- c:\program files\mozilla firefox\plugins\msvcp71.dll
2007-11-15 19:05 . 2008-03-13 19:11 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2007-11-15 19:05 . 2008-03-13 19:11 110592 ----a-w- c:\program files\mozilla firefox\plugins\v22_base.dll
2007-11-15 19:05 . 2008-03-13 19:11 114688 ----a-w- c:\program files\mozilla firefox\plugins\v22_compression.dll
2007-11-15 19:05 . 2008-03-13 19:11 106496 ----a-w- c:\program files\mozilla firefox\plugins\v22_connect.dll
2007-11-15 19:05 . 2008-03-13 19:11 229376 ----a-w- c:\program files\mozilla firefox\plugins\v22_update.dll
2007-11-15 19:05 . 2008-03-13 19:11 196608 ----a-w- c:\program files\mozilla firefox\plugins\v22_utility.dll
2007-11-15 19:05 . 2008-03-13 19:11 159744 ----a-w- c:\program files\mozilla firefox\plugins\v22_winapplib.dll
2007-10-18 01:50 . 2007-10-11 18:32 88 --sh--r- c:\windows\system32\4E2CAE1B1E.sys
2007-10-18 01:50 . 2007-10-11 10:48 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-4 3450608]
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^runit_32.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\runit_32.lnk
backup=c:\windows\pss\runit_32.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"LightScribeService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AresChatServer"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"StyleXPService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
"WinTabService"=2 (0x2)
"gusvc"=2 (0x2)
"lxcy_device"=2 (0x2)
"PinnacleUpdateSvc"=2 (0x2)
"NetSvc"=3 (0x3)
"WUSB54GCSVC"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CoffeeTycoon_Setup.exe"=c:\docume~1\Owner\Desktop\COFFEE~1.EXE /r
"LemonadeTycoon2Setup.exe"=c:\docume~1\Owner\Desktop\LEMONA~1.EXE /r
"SchoolTycoonSetup.exe"=c:\docume~1\Owner\Desktop\SCHOOL~1.EXE /r
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LXCYCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\CCFile\\ccfile.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYMonitor.exe"=
"c:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYWorld.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [11/15/2007 6:43 AM 15872]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [3/26/2009 6:53 PM 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [3/26/2009 6:53 PM 51072]
R2 kqemu;kqemu driver;c:\windows\system32\drivers\kqemu.sys [2/6/2007 5:02 PM 123939]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/28/2007 11:06 PM 16512]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [4/18/2009 6:58 PM 18560]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 5:10 PM 32512]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [10/26/2008 1:23 PM 33752]
S4 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZN
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: myspace.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 15:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-07-03 15:29
ComboFix-quarantined-files.txt 2009-07-03 19:29
ComboFix2.txt 2009-07-03 19:04
ComboFix3.txt 2009-06-29 21:53
Pre-Run: 23,547,723,776 bytes free
Post-Run: 23,523,221,504 bytes free
246 --- E O F --- 2009-07-03 01:43
Upload was successful
Kaspersky said there is no malware. My computer is running pretty well, no ads, no pop ups.
I installed windows recovery console, I hope it didn't ruin my boot menu ( I dual boot ubuntu, I hope its ok )
[/B]
A backup is made of the original settings, we can sort out any problems easily :)
Please check to see if you are able to dual boot and let me know.
I am A-OK, but the recovery console boot menu thing didn't pop up, I am sure it will be under boot menu. Thanks for helping me out man!
Anything else?
OH! And I know he doesn't remember me, but thank Link for me too haha.
sorry for double post =P
I found the recovery console option, and Link saved my butt a while back, and got me interested in computers ( a lot more )
I found the recovery console option,
Does your dual boot work as normal ?
Please post a fresh HJT log in your reply along with the following.
Please download the Options.txt file that I have attached,and save it on your desktop.
Download and Run Registry Search
Download (LINK >>>) Registry Search (http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip) (<<< LINK) to your desktop.
Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
Open the new folder, and double click on regsearch.exe
Click the Import button
Select the Options.txt file I made and click Open
Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
Please save the text file to your desktop.
Paste the results in your reply
Yeah, it does my normal dual boot, then when I select windows it offers recovery console. It is great.
RegSearch:
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 7/6/2009 3:43:54 PM for strings:
; '174a4bd.msp'
; '30a39ca.msp'
; '8a8744.msp'
; 'cebda5.msp'
; 'fcdcc.msp'
; '50a912.msp'
; '2a241.msp'
; '2a211.msp'
; '2a209.msp'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Patches\3574AFE896173CC42AB8A061348B3AB9]
"LocalPackage"="C:\\WINDOWS\\Installer\\50a912.msp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Patches\556DB5E59AA79F74BBD61A8DEC92CA68]
"LocalPackage"="C:\\WINDOWS\\Installer\\2a211.msp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Patches\7FD39136BD189C649A80602B92A68BF7]
"LocalPackage"="C:\\WINDOWS\\Installer\\2a241.msp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Patches\B180E588DB2767E4E889034BEB64F8CA]
"LocalPackage"="C:\\WINDOWS\\Installer\\2a209.msp"
; End Of The Log...
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:11 PM, on 7/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\program files\mozilla firefox\firefox.exe
H:\Windows\SysFiles\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Search - ?p=ZN
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168641034593
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 4697 bytes
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O8 - Extra context menu item: &Search - ?p=ZN
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
Please post a fresh RSIT log in your reply
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-07-06 19:58:20
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 21 GB (29%) free of 73 GB
Total RAM: 510 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:30 PM, on 7/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
H:\Windows\SysFiles\HJT\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168641034593
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 4397 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-22 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-22 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-22 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\13353754]
C:\Documents and Settings\All Users\Application Data\13353754\13353754.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\93363746]
C:\Documents and Settings\All Users\Application Data\93363746\93363746.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2008-12-31 2489280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cftmon]
C:\WINDOWS\system32\jfvh.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleaner]
C:\Program Files\RAM Riser\Cleaner.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoffeeTycoon_Setup.exe]
C:\DOCUME~1\Owner\Desktop\COFFEE~1.EXE /r []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 3400 Series\ezprint.exe [2007-06-25 82608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlyMonitor]
C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe [2008-05-13 664904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LemonadeTycoon2Setup.exe]
C:\DOCUME~1\Owner\Desktop\LEMONA~1.EXE /r []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
C:\Program Files\Lexmark 3400 Series\lxcymon.exe [2007-06-25 291504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qayqekvptdm]
C:\WINDOWS\System32\regsvr32.exe [2004-08-04 11776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SchoolTycoonSetup.exe]
C:\DOCUME~1\Owner\Desktop\SCHOOL~1.EXE /r []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\Program Files\Free Desktop Clock\DesktopClock.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Steam\Steam.exe [2009-05-29 1217784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-22 136600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService]
WService.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
C:\Program Files\Ideazon\ZEngine\Zboard.exe [2008-11-12 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-04-16 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^runit_32.lnk]
C:\PROGRA~1\runit\runit_32.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3
"WMPNetworkSvc"=3
"WLSetupSvc"=3
"usnjsvc"=3
"PnkBstrA"=2
"LightScribeService"=2
"Bonjour Service"=2
"AresChatServer"=3
"Apple Mobile Device"=2
"rpcapd"=3
"ose"=3
"MDM"=2
"IDriverT"=3
"CLTNetCnService"=2
"StyleXPService"=2
"NMIndexingService"=3
"JavaQuickStarterService"=2
"getPlus(R) Helper"=3
"WinTabService"=2
"gusvc"=2
"lxcy_device"=2
"PinnacleUpdateSvc"=2
"NetSvc"=3
"WUSB54GCSVC"=2
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Disabled:Remote Assistance - Windows Messenger and Voice"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\lxcycoms.exe"="C:\WINDOWS\system32\lxcycoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\CCFile\ccfile.exe"="C:\Program Files\CCFile\ccfile.exe:*:Enabled:CCFile"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe"="C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe:*:Enabled:FLYMonitor.exe"
"C:\Program Files\LeapFrog\FlyWorld\bin\FLYWorld.exe"="C:\Program Files\LeapFrog\FlyWorld\bin\FLYWorld.exe:*:Enabled:FLYWorld.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2009-07-03 23:25:14 ----SHD---- C:\RECYCLER
2009-07-03 23:25:03 ----D---- C:\WINDOWS\temp
2009-07-03 15:29:52 ----A---- C:\ComboFix.txt
2009-07-03 14:48:36 ----A---- C:\Boot.bak
2009-07-03 14:48:19 ----RASHD---- C:\cmdcons
2009-06-29 17:38:15 ----SHD---- C:\found.000
2009-06-29 17:12:59 ----A---- C:\WINDOWS\zip.exe
2009-06-29 17:12:59 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-29 17:12:59 ----A---- C:\WINDOWS\SWSC.exe
2009-06-29 17:12:59 ----A---- C:\WINDOWS\SWREG.exe
2009-06-29 17:12:59 ----A---- C:\WINDOWS\sed.exe
2009-06-29 17:12:59 ----A---- C:\WINDOWS\PEV.exe
2009-06-29 17:12:59 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-29 17:12:59 ----A---- C:\WINDOWS\grep.exe
2009-06-28 22:36:26 ----D---- C:\rsit
2009-06-27 15:07:32 ----D---- C:\Program Files\Safer Networking
2009-06-25 15:52:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-23 19:42:20 ----D---- C:\Program Files\Peggle
2009-06-23 19:17:08 ----AH---- C:\Documents and Settings\Owner\Application Data\RBShell555.dll
2009-06-23 19:17:08 ----AH---- C:\Documents and Settings\Owner\Application Data\RBRegEx550.dll
2009-06-23 19:15:59 ----A---- C:\WINDOWS\system32\winset.ini
2009-06-18 19:33:29 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2009-06-12 03:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-12 03:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-12 03:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-12 03:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-12 03:33:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-11 16:29:56 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
2009-06-11 16:17:32 ----D---- C:\Program Files\JRE
2009-06-11 16:17:08 ----D---- C:\Program Files\OpenOffice.org 3
2009-06-09 19:55:07 ----D---- C:\Program Files\MagicDVDRipper
2009-06-09 19:45:14 ----D---- C:\Program Files\Convert Genius
2009-06-09 19:41:48 ----D---- C:\Program Files\iPod
2009-06-09 19:41:23 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-09 19:38:06 ----D---- C:\Program Files\QuickTime
======List of files/folders modified in the last 1 months======
2009-07-06 19:55:50 ----D---- C:\HJT
2009-07-06 19:37:45 ----D---- C:\Program Files\Mozilla Firefox
2009-07-06 19:37:37 ----D---- C:\Program Files\Warcraft III
2009-07-06 19:22:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-06 15:39:15 ----D---- C:\WINDOWS\system32\ias
2009-07-05 10:25:07 ----SHD---- C:\WINDOWS\Installer
2009-07-05 10:25:07 ----HD---- C:\Config.Msi
2009-07-03 23:25:04 ----D---- C:\WINDOWS\system32
2009-07-03 23:25:04 ----D---- C:\Qoobox
2009-07-03 23:25:03 ----AD---- C:\WINDOWS
2009-07-03 15:24:43 ----A---- C:\WINDOWS\system.ini
2009-07-03 15:21:14 ----D---- C:\WINDOWS\system32\drivers
2009-07-03 15:21:14 ----D---- C:\WINDOWS\AppPatch
2009-07-03 15:21:03 ----RD---- C:\Program Files\Common Files
2009-07-03 15:11:56 ----D---- C:\WINDOWS\Prefetch
2009-07-03 14:48:36 ----RASH---- C:\boot.ini
2009-06-30 19:38:03 ----D---- C:\Documents and Settings\Owner\Application Data\.purple
2009-06-29 19:53:42 ----RD---- C:\Program Files
2009-06-29 17:51:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-29 17:32:56 ----D---- C:\WINDOWS\system32\config
2009-06-29 17:32:14 ----D---- C:\WINDOWS\ERDNT
2009-06-29 17:28:50 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-06-29 16:22:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-29 16:00:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-28 12:18:20 ----D---- C:\Program Files\Google
2009-06-27 15:42:55 ----SD---- C:\WINDOWS\Tasks
2009-06-25 23:10:24 ----A---- C:\WINDOWS\win.ini
2009-06-25 18:11:37 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2009-06-24 15:51:29 ----A---- C:\WINDOWS\wininit.ini
2009-06-23 19:42:20 ----D---- C:\Program Files\BFG
2009-06-23 19:23:11 ----A---- C:\WINDOWS\DUMP8abb.tmp
2009-06-13 20:18:06 ----D---- C:\Program Files\lx_cats
2009-06-12 04:32:08 ----D---- C:\WINDOWS\pss
2009-06-12 04:29:31 ----HD---- C:\WINDOWS\inf
2009-06-12 03:39:26 ----A---- C:\WINDOWS\imsins.BAK
2009-06-12 03:39:17 ----D---- C:\Program Files\Internet Explorer
2009-06-12 03:38:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 16:19:40 ----RSD---- C:\WINDOWS\assembly
2009-06-11 16:17:56 ----RSD---- C:\WINDOWS\Fonts
2009-06-11 16:16:08 ----D---- C:\Program Files\OpenOffice.org 2.4
2009-06-11 16:03:38 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2009-06-09 19:42:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-09 19:42:28 ----D---- C:\Program Files\iTunes
2009-06-09 19:41:18 ----D---- C:\Program Files\Common Files\Apple
2009-06-09 19:33:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-12-31 24872]
R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-09-25 181120]
R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2008-08-28 51072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-30 21419]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512]
R2 kqemu;kqemu driver; \??\C:\WINDOWS\system32\drivers\kqemu.sys []
R3 Alpham1;Ideazon Merc USB Human Interface Device; C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
R3 Alpham2;Ideazon Merc MM USB Human Interface Device; C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-12-30 103360]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2005-05-06 1339776]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2006-03-01 618880]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2005-05-06 47360]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2005-05-06 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 a117cin0;a117cin0; C:\WINDOWS\system32\drivers\a117cin0.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-11-23 4025088]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 avcgbdr;Adaptec GameBridge AVC-14X0/15X0; C:\WINDOWS\system32\drivers\avcgbdr.sys [2005-09-26 125568]
S3 avcgbfl;Adaptec GameBridge AVC-14X0/15X0 Loader; C:\WINDOWS\System32\Drivers\avcgbfl.sys [2005-10-26 19712]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FlyUsb;FLY Fusion; C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2008-05-13 18560]
S3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\System32\Drivers\fsRamDsk.sys [2004-09-22 37409]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 ovt519;EyeToy; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-06-04 513152]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2005-12-22 108003]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-13 15370]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys []
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-05 11090]
S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S4 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-22 152984]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
S4 lxcy_device;lxcy_device; C:\WINDOWS\system32\lxcycoms.exe [2007-06-20 537264]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S4 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S4 PinnacleUpdateSvc;PinnacleUpdate Service; C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe [2008-09-02 262144]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-16 66872]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S4 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2003-09-30 40960]
S4 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
-----------------EOF-----------------
OTMoveIt
Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop
Double-click OTM.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^runit_32.lnk]
:Files
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
----------------------------------------------------------------------------------------
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Uninstall OTMoveIt (OTM.exe)
Open OTMoveIt Click Cleanup,
When a box pops up click YES.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
Hey, thanks for everything man. I always thought that spybot's teatimer prevented everything, and the fact that I didn't have it on startup was stupid ^^;. Thanks again, everything is ok, I am installing....
WinPatrol
SpywareBlaster
and the "hosts.zip" one
I already have Firefox, Spybot, and Malware Bytes.
I think it sounds like a good setup.