View Full Version : IE Explorer Hijacked, Redirectors (Resolved)
smokinells
2009-07-16, 15:56
Symptoms include browser (IE and Mozilla) hijacking, google pages do not load, links are redirected, and sometimes wont even launch. If I launch AOL I can surf web no problem. I see v1.adwarefeed and othersonline loading in the bottom left box of the IE window when it is attempting to download content from a web page.
Here posted is my Highjack This log. Thanks for the help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:03 AM, on 7/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\WWShow\WWShow.dll
O2 - BHO: (no name) - {545f0548-2d43-460f-bafb-3c113e8e07ba} - C:\WINDOWS\system32\merilaro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Jcore\Jcore2.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [guvotosoji] Rundll32.exe "C:\WINDOWS\system32\gipidiwu.dll",s
O4 - HKLM\..\Run: [f448b8b1] rundll32.exe "C:\WINDOWS\system32\junefare.dll",b
O4 - HKLM\..\Run: [CPMf77b8b2d] Rundll32.exe "c:\windows\system32\welatili.dll",a
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Azkend/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/TradeWinds%202/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/heavyweapon/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F166E24-6D01-41A2-9801-15A92E47F6E5}: NameServer = 205.188.146.145
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\tutatezu.dll c:\windows\system32\welatili.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\welatili.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\welatili.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 13123 bytes
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
==============================WARNING==============================
There is some evidence of what may be a very nasty infection.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
Take any other steps you think appropriate for an attempted identity theft.
==============================WARNING==============================
----------------------------------------------------------------------------------------
Step 1
AdAware
Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:
Open AdAware
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem.
----------------------------------------------------------------------------------------
Step 2
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\WWShow\WWShow.dll
O2 - BHO: (no name) - {545f0548-2d43-460f-bafb-3c113e8e07ba} - C:\WINDOWS\system32\merilaro.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Jcore\Jcore2.dll
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [guvotosoji] Rundll32.exe "C:\WINDOWS\system32\gipidiwu.dll",s
O4 - HKLM\..\Run: [f448b8b1] rundll32.exe "C:\WINDOWS\system32\junefare.dll",b
O4 - HKLM\..\Run: [CPMf77b8b2d] Rundll32.exe "c:\windows\system32\welatili.dll",a
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\tutatezu.dll c:\windows\system32\welatili.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\welatili.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\welatili.dll
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
----------------------------------------------------------------------------------------
Step 3
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
----------------------------------------------------------------------------------------
Step 4
Please Download GMER to your desktop
Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
RSIT Logs
GMER Log
smokinells
2009-07-18, 01:41
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-07-17 18:07:19
Microsoft Windows XP Professional Service Pack 2
System drive C: has 141 GB (60%) free of 234 GB
Total RAM: 998 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:23 PM, on 7/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {545f0548-2d43-460f-bafb-3c113e8e07ba} - C:\WINDOWS\system32\merilaro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [guvotosoji] Rundll32.exe "C:\WINDOWS\system32\gipidiwu.dll",s
O4 - HKLM\..\Run: [f448b8b1] rundll32.exe "C:\WINDOWS\system32\zizedugo.dll",b
O4 - HKLM\..\Run: [CPMf77b8b2d] Rundll32.exe "c:\windows\system32\hanayoku.dll",a
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Azkend/Images/stg_drm.ocx
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/TradeWinds%202/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/heavyweapon/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F166E24-6D01-41A2-9801-15A92E47F6E5}: NameServer = 205.188.146.145
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\hanayoku.dll,C:\WINDOWS\system32\tutatezu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hanayoku.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hanayoku.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11576 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
C:\WINDOWS\tasks\Norton Security Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{545f0548-2d43-460f-bafb-3c113e8e07ba}]
C:\WINDOWS\system32\merilaro.dll [2009-03-27 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
CNisExtBho Class - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2004-08-30 103568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2004-08-30 218240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2004-08-30 103568]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2004-08-30 218240]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168]
""= []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-07-15 32768]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-05-17 543232]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-08-12 61952]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-12-01 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-12-01 126976]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
"HostManager"=C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe [2007-10-08 41824]
"guvotosoji"=C:\WINDOWS\system32\gipidiwu.dll [2009-03-27 49152]
"f448b8b1"=C:\WINDOWS\system32\zizedugo.dll [2009-07-17 80896]
"CPMf77b8b2d"=c:\windows\system32\hanayoku.dll [2009-07-17 84480]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2004-10-13 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2004-10-21 2744832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-08-27 58488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMf77b8b2d]
c:\windows\system32\wovohudi.dll [2009-05-27 82432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f448b8b1]
C:\WINDOWS\system32\wogeneti.dll,b []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\guvotosoji]
C:\WINDOWS\system32\gipidiwu.dll [2009-03-27 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe [2007-10-08 41824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mixersel]
C:\Program Files\Realtek\InstallShield\mixersel.exe [2003-11-10 369664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=2 /w []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ptidle]
C:\Documents and Settings\Owner\Application Data\ptidle\ptidle.exe [2009-05-15 56832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe [2004-06-30 99480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
C:\WINDOWS\ShowWnd.exe [2003-09-19 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-10-21 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
C:\Program Files\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
C:\Program Files\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe /service /registry /auto:TivoTransfer []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe [2004-08-30 33936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Center]
C:\WINDOWS\ehome\ehuihlp.dll [2004-08-10 1351680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\hanayoku.dll,C:\WINDOWS\system32\tutatezu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-12-01 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-10 239616]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hanayoku.dll [2009-07-17 84480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hanayoku.dll [2009-07-17 84480]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\tutatezu.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Configuration"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update Utility"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1146091179\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1146091179\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Networking Utility"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TiVo\Desktop\TiVoServer.exe"="C:\Program Files\TiVo\Desktop\TiVoServer.exe:*:Enabled:TiVo Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d23972f-89d9-11d9-8d10-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3331388-ad14-11d9-b1ba-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com c:
shell\Open\command - C:\resycled\ntldr.com c:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3331389-ad14-11d9-b1ba-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com d:
shell\Open\command - D:\resycled\ntldr.com d:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53fbfa1-89d8-11d9-9255-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
======List of files/folders created in the last 1 months======
65535-65535-31889 1707:31889:1771 ----N---- C:\WINDOWS\system32\zebiyuju.dll
65535-65535-31889 1707:31889:1771 ----N---- C:\WINDOWS\system32\yuvuhona.dll
65535-65535-31889 1707:31889:1771 ----N---- C:\WINDOWS\system32\tuyedote.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\yopeyele.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\tegedaku.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\saporule.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\safawuji.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\jehalipo.dll
2009-07-17 18:07:19 ----D---- C:\rsit
2009-07-17 11:56:20 ----SH---- C:\WINDOWS\system32\ogudeziz.ini
2009-07-16 21:56:06 ----SH---- C:\WINDOWS\system32\yoterine.exe
2009-07-16 03:54:04 ----SH---- C:\WINDOWS\system32\jiwegayi.exe
2009-07-15 09:52:27 ----SH---- C:\WINDOWS\system32\hukusado.exe
2009-07-14 15:50:39 ----SH---- C:\WINDOWS\system32\gufohedu.exe
2009-07-13 21:48:40 ----SH---- C:\WINDOWS\system32\katoragi.exe
2009-07-13 03:46:29 ----SH---- C:\WINDOWS\system32\weleyovu.exe
2009-07-12 09:44:28 ----SH---- C:\WINDOWS\system32\yubetoja.exe
2009-07-11 15:42:29 ----SH---- C:\WINDOWS\system32\sigegosu.exe
2009-07-10 21:40:29 ----SH---- C:\WINDOWS\system32\dawuyoha.exe
2009-07-10 03:38:24 ----SH---- C:\WINDOWS\system32\zediwupu.exe
2009-07-09 09:38:20 ----SH---- C:\WINDOWS\system32\erafenuj.ini
2009-07-07 10:18:24 ----SH---- C:\WINDOWS\system32\livulene.exe
2009-07-06 17:33:51 ----SH---- C:\WINDOWS\system32\emitusiv.ini
2009-07-05 16:21:56 ----SH---- C:\WINDOWS\system32\rihiyuru.exe
2009-07-04 22:20:03 ----SH---- C:\WINDOWS\system32\piyomuve.exe
2009-07-04 04:18:06 ----SH---- C:\WINDOWS\system32\tohuredu.exe
2009-07-03 10:16:09 ----SH---- C:\WINDOWS\system32\tijejufo.exe
2009-07-02 16:14:11 ----SH---- C:\WINDOWS\system32\mikiwoye.exe
2009-07-01 22:12:22 ----SH---- C:\WINDOWS\system32\rokihewu.exe
2009-07-01 04:10:06 ----SH---- C:\WINDOWS\system32\luniboga.exe
2009-06-30 10:08:07 ----SH---- C:\WINDOWS\system32\sorihade.exe
2009-06-29 16:05:51 ----SH---- C:\WINDOWS\system32\eponumuz.ini
2009-06-29 11:25:16 ----D---- C:\Program Files\CCleaner
2009-06-29 11:15:59 ----D---- C:\Program Files\Trend Micro
2009-06-29 01:04:39 ----SH---- C:\WINDOWS\system32\itenegow.ini
2009-06-28 19:40:45 ----SH---- C:\WINDOWS\system32\esomozog.ini
2009-06-28 13:04:26 ----SH---- C:\WINDOWS\system32\fonugile.exe
2009-06-27 17:52:32 ----A---- C:\WINDOWS\unt71.bat
2009-06-27 17:49:54 ----A---- C:\Program Files\Uninstall Fun Web Products.dll
======List of files/folders modified in the last 1 months======
2009-07-17 17:55:37 ----A---- C:\VETlog.txt
2009-07-17 17:55:36 ----A---- C:\WINDOWS\win.ini
2009-07-17 12:17:42 ----D---- C:\WINDOWS\system32
2009-07-17 11:56:16 ----ASH---- C:\WINDOWS\system32\zizedugo.dll
2009-07-17 11:56:16 ----ASH---- C:\WINDOWS\system32\hanayoku.dll
2009-07-17 11:04:15 ----D---- C:\Program Files\Mozilla Firefox
2009-07-16 21:56:06 ----D---- C:\WINDOWS\Temp
2009-07-16 08:37:25 ----D---- C:\WINDOWS
2009-07-16 08:36:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-14 13:52:12 ----D---- C:\WINDOWS\Prefetch
2009-07-09 14:58:49 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2009-07-09 13:52:57 ----D---- C:\WINDOWS\Registration
2009-07-09 13:50:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-09 09:38:05 ----N---- C:\WINDOWS\system32\junefare.dll
2009-07-09 09:38:04 ----ASH---- C:\WINDOWS\system32\welatili.dll
2009-07-06 16:17:56 ----ASH---- C:\WINDOWS\system32\zigehuze.dll
2009-07-06 16:17:56 ----ASH---- C:\WINDOWS\system32\visutime.dll
2009-06-29 16:05:47 ----ASH---- C:\WINDOWS\system32\zumunope.dll
2009-06-29 16:05:47 ----ASH---- C:\WINDOWS\system32\gurinuwe.dll
2009-06-29 15:33:41 ----SHD---- C:\WINDOWS\Installer
2009-06-29 15:33:12 ----D---- C:\Program Files\Common Files\aolshare
2009-06-29 15:33:12 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-06-29 15:32:58 ----RD---- C:\Program Files
2009-06-29 11:27:01 ----D---- C:\WINDOWS\Debug
2009-06-29 11:26:59 ----D---- C:\WINDOWS\Minidump
2009-06-29 11:00:26 ----D---- C:\Program Files\Common Files\AOL
2009-06-29 01:04:34 ----ASH---- C:\WINDOWS\system32\befuhaje.dll
2009-06-28 19:40:16 ----D---- C:\Program Files\Internet Explorer
2009-06-27 19:04:21 ----ASH---- C:\WINDOWS\system32\jubetufa.dll
2009-06-27 19:03:52 ----N---- C:\WINDOWS\system32\gozomose.dll
2009-06-27 19:03:52 ----ASH---- C:\WINDOWS\system32\ranuvozo.dll
2009-06-27 17:59:44 ----D---- C:\Program Files\Westward_at
2009-06-27 17:59:31 ----D---- C:\Program Files\Shockwave.com
2009-06-27 17:58:58 ----D---- C:\Program Files\GameHouse
2009-06-27 17:58:36 ----D---- C:\Program Files\VirtualVillagers2_at
2009-06-27 17:58:22 ----D---- C:\Program Files\Virtual Villagers 2
2009-06-27 17:57:29 ----D---- C:\Program Files\Oberon Media
2009-06-27 17:55:59 ----HD---- C:\Config.Msi
2009-06-27 17:55:59 ----D---- C:\Program Files\Common Files
2009-06-27 17:52:09 ----D---- C:\Program Files\Return to Castle Wolfenstein - Platinum Edition
2009-06-27 17:52:02 ----A---- C:\WINDOWS\Rtcwplat.INI
2009-06-27 17:51:00 ----D---- C:\Program Files\PizzaPanic_at
2009-06-27 17:49:51 ----AD---- C:\Program Files\MyWebSearch
2009-06-27 17:47:24 ----D---- C:\Program Files\MumboJumbo
2009-06-27 17:45:39 ----D---- C:\Program Files\Rockstar Games
2009-06-27 17:44:28 ----D---- C:\Program Files\Google
2009-06-27 17:44:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-06-27 17:14:41 ----D---- C:\Program Files\eMusic Download Manager
2009-06-27 17:14:32 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-06-27 17:12:47 ----D---- C:\Program Files\BigFix
2009-06-27 17:09:20 ----D---- C:\Program Files\Common Files\AnswerWorks 4.0
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2004-05-20 36918]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-09-06 51744]
R1 SAVRT;SAVRT; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-08-27 266464]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-02-10 8552]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 AR5416;D-Link DwA-556 Xtreme N PCIe Desktop Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5416.sys [2006-11-01 1048416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2004-11-11 131840]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-12-01 776637]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-10-27 2297984]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070425.033\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070425.033\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-08-27 25824]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-10-31 55840]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-06-16 180480]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2004-07-07 152049]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-10 42496]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-10 42496]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2004-07-07 70070]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-08-12 113664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 idrmkl;idrmkl; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\idrmkl.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 MSW_USB;Microsoft Broadband Networking Wireless USB Driver; C:\WINDOWS\system32\DRIVERS\MN510-51.sys [2003-06-20 634752]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2004-08-27 11040]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2004-08-27 171424]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2004-08-27 34496]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20080429.001\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2004-08-27 46208]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 wg111nd5;NETGEAR WG111 802.11g Wireless USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\wg111nd5.sys [2004-06-04 379488]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros Configuration Service; C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe [2006-11-03 360532]
R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2004-08-27 234616]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-08-27 164984]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2004-05-24 322104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2004-08-30 176768]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-02-10 172032]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-08-27 197752]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S2 ISSVC;ISSvc; C:\Program Files\Norton Internet Security\ISSVC.exe [2004-08-30 78992]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2004-08-30 66688]
S2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2004-07-21 173160]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-08-27 78968]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2004-07-23 197864]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-08-27 206048]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
-----------------EOF-----------------
smokinells
2009-07-18, 01:43
info.txt logfile of random's system information tool 1.06 2009-07-17 18:07:31
======Uninstall list======
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DHA - Home And Landscape Deluxe Suite-->C:\PROGRA~1\3DHA-H~1\UNWISE.EXE C:\PROGRA~1\3DHA-H~1\INSTALL.LOG
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 2.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AoA DVD to iPod Converter-->"C:\Program Files\AoA DVD to iPod Converter\unins000.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Build-a-lot-->C:\PROGRA~1\SHOCKW~1.COM\BUILD-~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\BUILD-~1\INSTALL.LOG
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CC_ccProxyExt-->MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ccPxyCore-->MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Chessmaster Challenge-->"C:\Program Files\Chessmaster Challenge\ReflexiveArcade\unins000.exe"
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0}
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Disney Pirates of the Caribbean Online-->C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
D-Link DWA-556 Xtreme N PCIe Desktop Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}\setup.exe" -l0x9 -removeonly
DrawPlus 3.0-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\DrawPlus\DeIsL1.isu"
ESSAdpt-->MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Frogger Beyond-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F59E04A-0902-4071-8184-16FC3481CCD3}\setup.exe" -l0x9
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR-->MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO-->MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_21ad1\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Mall Tycoon 2 Deluxe-->C:\WINDOWS\Mall Tycoon 2 Deluxe Uninstaller.exe
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Premium 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
NASA World Wind 1.4-->"C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.4.exe"
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Security Scan-->MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDLNCH-->MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Port Royale 2-->C:\Program Files\Cinemaware Marquee\Port Royale 2\Uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PrintMaster-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\PRINTM~1\DeIsL1.isu" -c"C:\PROGRA~1\BRODER~1\PRINTM~1\psfinst.dll"
Privateers Bounty - Age of Sail II-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Global Star\Privateers Bounty - Age of Sail II\Uninst.isu"
Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
RollerCoaster Tycoon Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{924EAD66-F854-4605-8493-696DD59A113B}\Setup.exe" -l0x9
Scholastic's I SPY School Days-->C:\PROGRA~1\SCHOLA~1\ISPYSC~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSC~1\INSTALL.LOG
School Tycoon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F34CA-580F-4615-80FE-BDFBD56B748F}\setup.exe" -l0x9 -removeonly
Scooby-Doo 2 - Monsters Unleashed-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9BD9BF5-F1D1-4904-B348-40D0E9FF0023}\setup.exe" -l0x9 -uninst
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SimTheme Park-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SimTheme Park\Uninst.isu" -c"C:\Program Files\SimTheme Park\uninst.dll" -BFLANG=1033
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Star Wars®: Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VCAMCEN-->MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
videoplay-->"C:\Program Files\videoplay\Uninstall.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
=====HijackThis Backups=====
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-17]
O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\WWShow\WWShow.dll [2009-07-17]
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM') [2009-07-17]
O4 - HKLM\..\Run: [CPMf77b8b2d] Rundll32.exe "c:\windows\system32\hanayoku.dll",a [2009-07-17]
O4 - HKLM\..\Run: [f448b8b1] rundll32.exe "C:\WINDOWS\system32\zizedugo.dll",b [2009-07-17]
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 [2009-07-17]
O4 - HKLM\..\Run: [guvotosoji] Rundll32.exe "C:\WINDOWS\system32\gipidiwu.dll",s [2009-07-17]
O4 - Startup: ChkDisk.lnk = ? [2009-07-17]
O2 - BHO: (no name) - {545f0548-2d43-460f-bafb-3c113e8e07ba} - C:\WINDOWS\system32\merilaro.dll [2009-07-17]
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user') [2009-07-17]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab [2009-07-17]
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') [2009-07-17]
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM') [2009-07-17]
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Jcore\Jcore2.dll [2009-07-17]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-07-17]
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user') [2009-07-17]
O4 - Startup: ChkDisk.dll [2009-07-17]
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16 [2009-07-17]
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hanayoku.dll [2009-07-17]
O20 - AppInit_DLLs: C:\WINDOWS\system32\tutatezu.dll c:\windows\system32\hanayoku.dll [2009-07-17]
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hanayoku.dll [2009-07-17]
======Security center information======
AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
======System event log======
Computer Name: KIDS
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&59a1a41&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
Record Number: 100935
Source Name: LDMS
Time Written: 20090709104627.000000-300
Event Type: error
User:
Computer Name: KIDS
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&343598db&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
Record Number: 100934
Source Name: LDMS
Time Written: 20090709104627.000000-300
Event Type: error
User:
Computer Name: KIDS
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&255493f1&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
Record Number: 100933
Source Name: LDMS
Time Written: 20090709104627.000000-300
Event Type: error
User:
Computer Name: KIDS
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&19d12bf5&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
Record Number: 100932
Source Name: LDMS
Time Written: 20090709104627.000000-300
Event Type: error
User:
Computer Name: KIDS
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&175a0a75&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
Record Number: 100931
Source Name: LDMS
Time Written: 20090709104627.000000-300
Event Type: error
User:
=====Application event log=====
Computer Name: OFFICE
Event Code: 1004
Message: Detection of product '{C6F5B6CF-609C-428E-876F-CA83176C021B}', feature 'Complete', component '{6DD22B40-C9AA-4632-A6C3-F364E77568C0}' failed. The resource 'C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\Portal\' does not exist.
Record Number: 15368
Source Name: MsiInstaller
Time Written: 20080913235635.000000-300
Event Type: warning
User: KIDS\Owner
Computer Name: OFFICE
Event Code: 10005
Message: Product: Norton AntiVirus 2005 -- Norton AntiVirus 2005 does not support the Repair feature, please uninstall and reinstall.
Record Number: 15366
Source Name: MsiInstaller
Time Written: 20080913235635.000000-300
Event Type: error
User: KIDS\Owner
Computer Name: OFFICE
Event Code: 1001
Message: Detection of product '{C6F5B6CF-609C-428E-876F-CA83176C021B}', feature 'Complete' failed during request for component '{A07EA0AF-E117-4A34-8D54-5D826F12988C}'
Record Number: 15365
Source Name: MsiInstaller
Time Written: 20080913235454.000000-300
Event Type: warning
User: KIDS\Owner
Computer Name: OFFICE
Event Code: 1004
Message: Detection of product '{C6F5B6CF-609C-428E-876F-CA83176C021B}', feature 'Complete', component '{6DD22B40-C9AA-4632-A6C3-F364E77568C0}' failed. The resource 'C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\Portal\' does not exist.
Record Number: 15364
Source Name: MsiInstaller
Time Written: 20080913235454.000000-300
Event Type: warning
User: KIDS\Owner
Computer Name: OFFICE
Event Code: 1000
Message: Faulting application itunes.exe, version 7.6.2.9, faulting module itunes.exe, version 7.6.2.9, fault address 0x0009fd08.
Record Number: 15363
Source Name: Application Error
Time Written: 20080908183458.000000-300
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\2020;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
smokinells
2009-07-18, 02:01
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-17 18:55:44
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
Code 847DEEEE ZwEnumerateKey
Code 847DEF96 ZwFlushInstructionCache
Code 8445C758 ZwQueryValueKey
Code 83F32CCE IofCallDriver
Code 8448DA86 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF0BC 5 Bytes JMP 83F32CD3
.text ntkrnlpa.exe!IofCompleteRequest 804EF14C 5 Bytes JMP 8448DA8B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B528A 5 Bytes JMP 847DEF9A
PAGE ntkrnlpa.exe!ZwQueryValueKey 806201CA 5 Bytes JMP 8445C75C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622950 5 Bytes JMP 847DEEF2
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!HttpOpenRequestA 78064341 5 Bytes JMP 00E8000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!InternetConnectA 7806499A 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!InternetConnectW 78065B88 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!HttpOpenRequestW 78065D62 5 Bytes JMP 00E9000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 00E1000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 00E0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!HttpSendRequestA 7806CD40 5 Bytes JMP 0016EBF0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!InternetSetStatusCallback 7807288F 5 Bytes JMP 00E4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!HttpSendRequestW 78080825 5 Bytes JMP 0016EC2D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 00E3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 00E2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1644] WININET.dll!InternetSetStatusCallbackW 780BB098 5 Bytes JMP 00E5000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[512] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\AOLSoftware.exe[2520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1146091179\ee\aolsoftware.exe[3892] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\prodrv06 \Device\ProDrv06 E22FE6E8
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E1753390
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
---- Modules - GMER 1.0.15 ----
Module \systemroot\system32\drivers\gaopdxypiqvmpx.sys (*** hidden *** ) A9A62000-A9A8A000 (163840 bytes)
---- EOF - GMER 1.0.15 ----
Information
No Antivirus
AV: Norton Internet Security (outdated)
I can see no indication of any current Antivirus software.
Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Paid AV list
kaspersky (http://www.kaspersky.co.uk/)
ESET NOD32 (http://www.eset.co.uk/)
Free AV list ( Home users only)
Avast (http://www.avast.com/eng/products.html)
Avira AntiVir (http://www.free-av.com/)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Antivirus is a MUST
----------------------------------------------------------------------------------------
Step 1
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------------------------------------
Step 2
Download and Run ComboFix (by sUBs)
Please download Commbofix from HERE (http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
For a full tutorial on using Combofix, please see this topic
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
MalwareBytes Log
Combofix Log
How are things running now ?
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes
Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended
There is a newer version of Adobe Acrobat Reader available.
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download Java SE Runtime Environment (JRE) (http://java.sun.com/javase/downloads/index.jsp). ( don't install it yet )
Scroll down to where it says "Java SE Runtime Environment (JRE)".
Click the "Download" button to the right.
Platform = Windows Language = Multi Language
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Now download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.
Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)
You can delete JavaRa (zip and exe)
Remove Programs
Older versions of some programs have vulnerabilities that malware can use to infect your system.
Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) .
If any of the following programs are still listed there, click on the program to highlight it, and click on remove.
Adobe Acrobat 5.0 << Unless you specifically need this, I recommend you remove it.
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2
Now close the Control Panel.
smokinells
2009-07-20, 01:18
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2
7/19/2009 6:17:36 PM
mbam-log-2009-07-19 (18-17-36).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 260553
Time elapsed: 48 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 8
Registry Keys Infected: 48
Registry Values Infected: 5
Registry Data Items Infected: 6
Folders Infected: 11
Files Infected: 92
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\zizedugo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\merilaro.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tutatezu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gipidiwu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\hanayoku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\WWShow\WWShow.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Delete on reboot.
c:\WINDOWS\system32\welatili.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{545f0548-2d43-460f-bafb-3c113e8e07ba} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{545f0548-2d43-460f-bafb-3c113e8e07ba} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{545f0548-2d43-460f-bafb-3c113e8e07ba} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_CPV.dll (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f448b8b1 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guvotosoji (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmf77b8b2d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\tutatezu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tutatezu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\tutatezu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\hanayoku.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\hanayoku.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Owner\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\digifast (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WWShow (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Jcore (Trojan.BHO) -> Delete on reboot.
C:\Program Files\A360 (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Twain (Trojan.Matcash) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\dunafase.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\esafanud.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gozomose.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\esomozog.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\junefare.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\erafenuj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\legimizu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uzimigel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lekupeyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\iyepukel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lodatopa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\apotadol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\patafudi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\idufatap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\saporule.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\eluropas.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\soyabodu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\udobayos.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tuyedote.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\etodeyut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\visutime.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\emitusiv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wigudozi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\izodugiw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yuvuhona.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\anohuvuy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zebiyuju.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ujuyibez.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zizedugo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\ogudeziz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zumunope.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\eponumuz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gipidiwu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\hanayoku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\merilaro.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tutatezu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\WWShow\WWShow.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Delete on reboot.
c:\documents and settings\localservice\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\unobi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\digifast\DFUninstall.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\digifast\digifast.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\microsoft\Windows\qqivtu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\ptidle\ptidle.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\ptidle\ptidle.exe13s (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\Twain\Twain.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\Uninstall Fun Web Products.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\components\dfff.dll (Trojan.Agent.V) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\components\WWShow.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:\program files\trend micro\hijackthis\backups\backup-20090717-180615-208.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\program files\trend micro\hijackthis\backups\backup-20090717-180615-614.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\program files\trend micro\hijackthis\backups\backup-20090717-180615-760.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\program files\trend micro\hijackthis\backups\backup-20090717-180615-895-ChkDisk.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\program files\videoplay\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ak1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\autochk.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\durifuki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hemaboma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\install.48025.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jametuza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jatuveru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jubetufa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kovabova.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lmn_setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\load.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ntdll64.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pofokago.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vadivana.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vipukuna.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vp_setup.exe (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wiwuzepe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yajosofo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yuwegiju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\start menu\Programs\Startup\ChkDisk.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dllcache\userinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ntdll64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\autorun.inf (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\resycled\ntldr.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\digifast\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\videoplay\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\welatili.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\loader49.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vic_setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Do you have the Combofix Log ?
smokinells
2009-07-20, 20:30
Sorry for the delay, doing battle with Norton.
ComboFix 09-07-19.04 - Owner 07/20/2009 12:35.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.998.701 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Cpvff.stt
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Mozilla Firefox\extensions\{DE62DA65-717F-475A-99AF-3C3E02DB6E40}
c:\program files\Mozilla Firefox\extensions\{DE62DA65-717F-475A-99AF-3C3E02DB6E40}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DE62DA65-717F-475A-99AF-3C3E02DB6E40}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{DE62DA65-717F-475A-99AF-3C3E02DB6E40}\install.rdf
c:\recycler\S-1-5-21-1239560779-933317433-4255459936-500
c:\recycler\S-1-5-21-2923451398-1525255478-1357813306-500
c:\recycler\S-1-5-21-3392222329-2640261166-2744693898-500
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\d91e2a2.msi
c:\windows\system32\ajurayiy.ini
c:\windows\system32\befuhaje.dll
c:\windows\system32\begageju.exe
c:\windows\system32\bikodina.dll
c:\windows\system32\bokahubu.dll
c:\windows\system32\dawuyoha.exe
c:\windows\system32\drivers\gaopdxypiqvmpx.sys
c:\windows\system32\drivers\ovfsthbdovfgqbrnxvcartqptnmmpvitlnmeow.sys
c:\windows\system32\falukovo.dll
c:\windows\system32\fimosaki.dll.tmp
c:\windows\system32\fonugile.exe
c:\windows\system32\gakomota.exe
c:\windows\system32\gaopdxeiurrjcb.dll
c:\windows\system32\gufohedu.exe
c:\windows\system32\gurinuwe.dll
c:\windows\system32\hukusado.exe
c:\windows\system32\itenegow.ini
c:\windows\system32\jidibupi.dll.tmp
c:\windows\system32\jiwegayi.exe
c:\windows\system32\jujiyaki.dll.tmp
c:\windows\system32\katoragi.exe
c:\windows\system32\kuzizemo.dll
c:\windows\system32\livulene.exe
c:\windows\system32\luniboga.exe
c:\windows\system32\mebapiro.dll.tmp
c:\windows\system32\mikiwoye.exe
c:\windows\system32\ovfsthbphacknpqslqmetputoqoanhyxskkchp.dll
c:\windows\system32\ovfsthidxjomauvddvnouogvxgqsihjpedspvw.dll
c:\windows\system32\ovfsthsxtgvbotlgrqhrrhuagqmjkohivrxbmy.dat
c:\windows\system32\ovfsthwabdabqbifeqfttqweeevjbtmaenyjdk.dat
c:\windows\system32\ovfsthwjorxmtwwuybfsixpnyvkypemsselmxr.dll
c:\windows\system32\piyomuve.exe
c:\windows\system32\reyojeku.dll
c:\windows\system32\rihiyuru.exe
c:\windows\system32\rokihewu.exe
c:\windows\system32\siduyohe.dll
c:\windows\system32\sigegosu.exe
c:\windows\system32\sorihade.exe
c:\windows\system32\tijejufo.exe
c:\windows\system32\tohuredu.exe
c:\windows\system32\uniq.tll
c:\windows\system32\vohodane.dll
c:\windows\system32\vupaneha.dll
c:\windows\system32\weleyovu.exe
c:\windows\system32\wovohudi.dll
c:\windows\system32\yoterine.exe
c:\windows\system32\yubetoja.exe
c:\windows\system32\yurobika.dll
c:\windows\system32\yuzonofe.dll
c:\windows\system32\zediwupu.exe
c:\windows\system32\zedufade.dll.tmp
c:\windows\system32\zosuduvi.exe
c:\windows\system32\zufusade.dll.tmp
D:\Autorun.inf
D:\resycled
d:\resycled\ntldr.com
----- BITS: Possible infected sites -----
hxxp://82.98.235.208
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
-------\Service_ovfsthkvxjbgomyrfknnwolfhxdomplrrtjxfu
((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.
2009-07-19 22:21 . 2009-07-19 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-19 22:21 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 22:20 . 2009-07-19 22:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 22:20 . 2009-07-19 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-19 22:20 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 23:07 . 2009-07-17 23:07 -------- d-----w- C:\rsit
2009-06-29 16:25 . 2009-06-29 16:25 -------- d-----w- c:\program files\CCleaner
2009-06-29 16:15 . 2009-06-29 16:15 -------- d-----w- c:\program files\Trend Micro
2009-06-29 15:59 . 2006-10-12 16:29 83504 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\TEMP\ProgUpd.dll
2009-06-27 22:52 . 2009-06-27 22:52 544 ----a-w- c:\windows\unt71.pif
2009-06-27 22:52 . 2009-06-27 22:52 272 ----a-w- c:\windows\unt71.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 17:34 . 2005-02-10 23:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-20 17:05 . 2005-06-30 20:58 93256 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 16:56 . 2009-04-17 16:56 84480 ----a-w- c:\windows\system32\hanayoku.dll.vir
2009-07-06 21:17 . 2009-04-06 21:17 83456 --sha-w- c:\windows\system32\zigehuze.dll
2009-06-29 20:33 . 2005-02-10 23:50 -------- d-----w- c:\program files\Common Files\aolshare
2009-06-29 20:33 . 2005-02-10 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-29 16:00 . 2005-02-10 23:50 -------- d-----w- c:\program files\Common Files\AOL
2009-06-28 00:03 . 2009-03-28 00:03 83456 --sha-w- c:\windows\system32\ranuvozo.dll
2009-06-27 22:59 . 2007-07-04 14:25 -------- d-----w- c:\program files\Westward_at
2009-06-27 22:59 . 2007-07-02 20:48 -------- d-----w- c:\program files\Shockwave.com
2009-06-27 22:58 . 2008-01-31 01:39 -------- d-----w- c:\program files\GameHouse
2009-06-27 22:58 . 2007-07-03 14:09 -------- d-----w- c:\program files\VirtualVillagers2_at
2009-06-27 22:58 . 2008-01-30 22:20 -------- d-----w- c:\program files\Virtual Villagers 2
2009-06-27 22:57 . 2009-05-10 20:12 -------- d-----w- c:\program files\Oberon Media
2009-06-27 22:52 . 2007-03-19 03:22 -------- d-----w- c:\program files\Return to Castle Wolfenstein - Platinum Edition
2009-06-27 22:51 . 2007-07-03 19:32 -------- d-----w- c:\program files\PizzaPanic_at
2009-06-27 22:47 . 2008-12-07 16:46 -------- d-----w- c:\program files\MumboJumbo
2009-06-27 22:45 . 2005-08-25 04:11 -------- d-----w- c:\program files\Rockstar Games
2009-06-27 22:44 . 2009-04-03 20:31 -------- d-----w- c:\program files\Google
2009-06-27 22:14 . 2008-02-16 21:45 -------- d-----w- c:\program files\eMusic Download Manager
2009-06-27 22:14 . 2009-01-10 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-27 22:12 . 2005-02-10 23:52 -------- d-----w- c:\program files\BigFix
2009-06-27 22:09 . 2007-03-25 17:15 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2009-05-30 19:41 . 1601-01-01 00:12 80896 --sha-w- c:\windows\system32\yopeyele.dll
2009-05-30 07:40 . 1601-01-01 00:12 81408 --sha-w- c:\windows\system32\tegedaku.dll
2009-05-29 19:40 . 1601-01-01 00:12 81920 --sha-w- c:\windows\system32\safawuji.dll
2009-05-29 07:40 . 1601-01-01 00:12 81920 --sha-w- c:\windows\system32\jehalipo.dll
2009-05-27 06:41 . 2009-05-26 22:39 14848 ----a-w- c:\windows\system32\ser.exe
2009-05-24 02:29 . 2009-05-24 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-24 02:28 . 2009-05-24 02:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-24 02:28 . 2009-05-24 02:28 -------- d-----w- c:\program files\Lavasoft
2009-05-01 21:09 . 2008-08-09 15:58 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2007-08-14 22:56 . 2007-08-14 22:56 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-07-16 13:40 . 2009-02-21 03:16 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"HostManager"="c:\program files\Common Files\AOL\1146091179\ee\AOLSoftware.exe" [2007-10-08 41824]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-28 58488]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-5-2 67128]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe [2008-12-27 13357056]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146091179\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146091179\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/23/2009 9:28 PM 64160]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/21/2007 6:28 PM 24652]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [12/27/2008 12:27 PM 55840]
S3 idrmkl;idrmkl;\??\c:\docume~1\Owner\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\Owner\LOCALS~1\Temp\idrmkl.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 951632]
.
Contents of the 'Scheduled Tasks' folder
2009-07-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
2009-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2005-04-14 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-10-28 19:00]
2009-07-18 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Owner.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2004-08-30 19:34]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm035NJUS&fl=0&ptb=pNjJXCdDL_DTyGuyfjMkfA&url=http://www.ask.com/web&q={searchTerms}&l=zj&o=sb
mStart Page = hxxp://www.gatewaybiz.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xm0iv32q.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.aol.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 12:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1718485107-1014299382-342967563-1006\Software\SecuROM\License information*]
"datasecu"=hex:36,80,eb,f4,bf,a3,0b,b9,a9,db,95,8e,ec,8f,d6,65,c4,27,b0,d9,f6,
57,5a,ba,26,c0,34,74,eb,ee,ae,a9,95,7d,d8,07,b7,d7,87,7e,95,2c,e9,18,4e,ea,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Completion time: 2009-07-20 12:47
ComboFix-quarantined-files.txt 2009-07-20 17:47
Pre-Run: 147,905,982,464 bytes free
Post-Run: 147,942,567,936 bytes free
262 --- E O F --- 2009-01-15 01:20
Step 1
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
http://forums.spybot.info/showthread.php?p=323571#post323571
Comment:: Katana
Suspect::[4]
c:\windows\unt71.pif
c:\windows\unt71.bat
c:\windows\system32\hanayoku.dll.vir
c:\windows\system32\zigehuze.dll
c:\windows\system32\ranuvozo.dll
c:\windows\system32\yopeyele.dll
c:\windows\system32\tegedaku.dll
c:\windows\system32\safawuji.dll
c:\windows\system32\jehalipo.dll
c:\windows\system32\ser.exe
File::
c:\windows\unt71.pif
c:\windows\unt71.bat
c:\windows\system32\hanayoku.dll.vir
c:\windows\system32\zigehuze.dll
c:\windows\system32\ranuvozo.dll
c:\windows\system32\yopeyele.dll
c:\windows\system32\tegedaku.dll
c:\windows\system32\safawuji.dll
c:\windows\system32\jehalipo.dll
c:\windows\system32\ser.exe
Driver::
idrmkl
ADS::
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box.
Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
----------------------------------------------------------------------------------------
Step 2
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Combofix Log
Kaspersky log
How are things running now ?
smokinells
2009-07-22, 23:30
ComboFix 09-07-19.04 - Owner 07/22/2009 16:04.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.998.530 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
FILE ::
"c:\windows\system32\hanayoku.dll.vir"
"c:\windows\system32\jehalipo.dll"
"c:\windows\system32\ranuvozo.dll"
"c:\windows\system32\safawuji.dll"
"c:\windows\system32\ser.exe"
"c:\windows\system32\tegedaku.dll"
"c:\windows\system32\yopeyele.dll"
"c:\windows\system32\zigehuze.dll"
"c:\windows\unt71.bat"
"c:\windows\unt71.pif"
file zipped: c:\windows\system32\hanayoku.dll.vir
file zipped: c:\windows\system32\jehalipo.dll
file zipped: c:\windows\system32\ranuvozo.dll
file zipped: c:\windows\system32\safawuji.dll
file zipped: c:\windows\system32\ser.exe
file zipped: c:\windows\system32\tegedaku.dll
file zipped: c:\windows\system32\yopeyele.dll
file zipped: c:\windows\system32\zigehuze.dll
file zipped: c:\windows\unt71.bat
file zipped: c:\windows\unt71.pif
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\hanayoku.dll.vir
c:\windows\system32\jehalipo.dll
c:\windows\system32\ranuvozo.dll
c:\windows\system32\safawuji.dll
c:\windows\system32\ser.exe
c:\windows\system32\tegedaku.dll
c:\windows\system32\yopeyele.dll
c:\windows\system32\zigehuze.dll
c:\windows\unt71.bat
c:\windows\unt71.pif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IDRMKL
-------\Service_idrmkl
((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-22 21:17 . 2009-07-22 21:17 -------- d-----w- c:\windows\LastGood
2009-07-21 02:35 . 2009-07-21 02:35 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-21 02:35 . 2009-07-21 02:35 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-21 02:35 . 2009-07-21 02:35 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-21 02:35 . 2009-07-21 02:35 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-19 22:21 . 2009-07-19 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-19 22:21 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 22:20 . 2009-07-19 22:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 22:20 . 2009-07-19 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-19 22:20 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 23:07 . 2009-07-17 23:07 -------- d-----w- C:\rsit
2009-06-29 16:25 . 2009-06-29 16:25 -------- d-----w- c:\program files\CCleaner
2009-06-29 16:15 . 2009-06-29 16:15 -------- d-----w- c:\program files\Trend Micro
2009-06-29 15:59 . 2006-10-12 16:29 83504 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\TEMP\ProgUpd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 20:53 . 2005-02-10 23:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-20 17:05 . 2005-06-30 20:58 93256 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 20:33 . 2005-02-10 23:50 -------- d-----w- c:\program files\Common Files\aolshare
2009-06-29 20:33 . 2005-02-10 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-29 16:00 . 2005-02-10 23:50 -------- d-----w- c:\program files\Common Files\AOL
2009-06-27 22:59 . 2007-07-04 14:25 -------- d-----w- c:\program files\Westward_at
2009-06-27 22:59 . 2007-07-02 20:48 -------- d-----w- c:\program files\Shockwave.com
2009-06-27 22:58 . 2008-01-31 01:39 -------- d-----w- c:\program files\GameHouse
2009-06-27 22:58 . 2007-07-03 14:09 -------- d-----w- c:\program files\VirtualVillagers2_at
2009-06-27 22:58 . 2008-01-30 22:20 -------- d-----w- c:\program files\Virtual Villagers 2
2009-06-27 22:57 . 2009-05-10 20:12 -------- d-----w- c:\program files\Oberon Media
2009-06-27 22:52 . 2007-03-19 03:22 -------- d-----w- c:\program files\Return to Castle Wolfenstein - Platinum Edition
2009-06-27 22:51 . 2007-07-03 19:32 -------- d-----w- c:\program files\PizzaPanic_at
2009-06-27 22:47 . 2008-12-07 16:46 -------- d-----w- c:\program files\MumboJumbo
2009-06-27 22:45 . 2005-08-25 04:11 -------- d-----w- c:\program files\Rockstar Games
2009-06-27 22:44 . 2009-04-03 20:31 -------- d-----w- c:\program files\Google
2009-06-27 22:14 . 2008-02-16 21:45 -------- d-----w- c:\program files\eMusic Download Manager
2009-06-27 22:14 . 2009-01-10 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-27 22:12 . 2005-02-10 23:52 -------- d-----w- c:\program files\BigFix
2009-06-27 22:09 . 2007-03-25 17:15 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2009-05-24 02:29 . 2009-05-24 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-24 02:28 . 2009-05-24 02:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-24 02:28 . 2009-05-24 02:28 -------- d-----w- c:\program files\Lavasoft
2009-05-01 21:09 . 2008-08-09 15:58 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2007-08-14 22:56 . 2007-08-14 22:56 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-07-16 13:40 . 2009-02-21 03:16 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-20_17.44.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-22 20:57 . 2009-01-09 22:35 20853704 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"HostManager"="c:\program files\Common Files\AOL\1146091179\ee\AOLSoftware.exe" [2007-10-08 41824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-5-2 67128]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe [2008-12-27 13357056]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146091179\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146091179\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/23/2009 9:28 PM 64160]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/21/2007 6:28 PM 24652]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [12/27/2008 12:27 PM 55840]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]
.
Contents of the 'Scheduled Tasks' folder
2009-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:34]
2009-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2005-04-14 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-10-28 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm035NJUS&fl=0&ptb=pNjJXCdDL_DTyGuyfjMkfA&url=http://www.ask.com/web&q={searchTerms}&l=zj&o=sb
mStart Page = hxxp://www.gatewaybiz.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xm0iv32q.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.aol.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 16:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1718485107-1014299382-342967563-1006\Software\SecuROM\License information*]
"datasecu"=hex:36,80,eb,f4,bf,a3,0b,b9,a9,db,95,8e,ec,8f,d6,65,c4,27,b0,d9,f6,
57,5a,ba,26,c0,34,74,eb,ee,ae,a9,95,7d,d8,07,b7,d7,87,7e,95,2c,e9,18,4e,ea,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
------------------------ Other Running Processes ------------------------
.
c:\program files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\wanmpsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\1146091179\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
.
**************************************************************************
.
Completion time: 2009-07-22 16:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-22 21:28
ComboFix2.txt 2009-07-20 17:47
Pre-Run: 148,063,211,520 bytes free
Post-Run: 147,927,625,728 bytes free
234 --- E O F --- 2009-07-22 21:00
Do you have the Kaspersky Log ?
smokinells
2009-07-25, 02:26
ComboFix 09-07-19.04 - Owner 07/22/2009 16:04.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.998.530 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
FILE ::
"c:\windows\system32\hanayoku.dll.vir"
"c:\windows\system32\jehalipo.dll"
"c:\windows\system32\ranuvozo.dll"
"c:\windows\system32\safawuji.dll"
"c:\windows\system32\ser.exe"
"c:\windows\system32\tegedaku.dll"
"c:\windows\system32\yopeyele.dll"
"c:\windows\system32\zigehuze.dll"
"c:\windows\unt71.bat"
"c:\windows\unt71.pif"
file zipped: c:\windows\system32\hanayoku.dll.vir
file zipped: c:\windows\system32\jehalipo.dll
file zipped: c:\windows\system32\ranuvozo.dll
file zipped: c:\windows\system32\safawuji.dll
file zipped: c:\windows\system32\ser.exe
file zipped: c:\windows\system32\tegedaku.dll
file zipped: c:\windows\system32\yopeyele.dll
file zipped: c:\windows\system32\zigehuze.dll
file zipped: c:\windows\unt71.bat
file zipped: c:\windows\unt71.pif
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\hanayoku.dll.vir
c:\windows\system32\jehalipo.dll
c:\windows\system32\ranuvozo.dll
c:\windows\system32\safawuji.dll
c:\windows\system32\ser.exe
c:\windows\system32\tegedaku.dll
c:\windows\system32\yopeyele.dll
c:\windows\system32\zigehuze.dll
c:\windows\unt71.bat
c:\windows\unt71.pif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IDRMKL
-------\Service_idrmkl
((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-22 21:17 . 2009-07-22 21:17 -------- d-----w- c:\windows\LastGood
2009-07-21 02:35 . 2009-07-21 02:35 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-21 02:35 . 2009-07-21 02:35 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-21 02:35 . 2009-07-21 02:35 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-21 02:35 . 2009-07-21 02:35 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-19 22:21 . 2009-07-19 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-19 22:21 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 22:20 . 2009-07-19 22:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 22:20 . 2009-07-19 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-19 22:20 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 23:07 . 2009-07-17 23:07 -------- d-----w- C:\rsit
2009-06-29 16:25 . 2009-06-29 16:25 -------- d-----w- c:\program files\CCleaner
2009-06-29 16:15 . 2009-06-29 16:15 -------- d-----w- c:\program files\Trend Micro
2009-06-29 15:59 . 2006-10-12 16:29 83504 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\TEMP\ProgUpd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 20:53 . 2005-02-10 23:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-20 17:05 . 2005-06-30 20:58 93256 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 20:33 . 2005-02-10 23:50 -------- d-----w- c:\program files\Common Files\aolshare
2009-06-29 20:33 . 2005-02-10 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-29 16:00 . 2005-02-10 23:50 -------- d-----w- c:\program files\Common Files\AOL
2009-06-27 22:59 . 2007-07-04 14:25 -------- d-----w- c:\program files\Westward_at
2009-06-27 22:59 . 2007-07-02 20:48 -------- d-----w- c:\program files\Shockwave.com
2009-06-27 22:58 . 2008-01-31 01:39 -------- d-----w- c:\program files\GameHouse
2009-06-27 22:58 . 2007-07-03 14:09 -------- d-----w- c:\program files\VirtualVillagers2_at
2009-06-27 22:58 . 2008-01-30 22:20 -------- d-----w- c:\program files\Virtual Villagers 2
2009-06-27 22:57 . 2009-05-10 20:12 -------- d-----w- c:\program files\Oberon Media
2009-06-27 22:52 . 2007-03-19 03:22 -------- d-----w- c:\program files\Return to Castle Wolfenstein - Platinum Edition
2009-06-27 22:51 . 2007-07-03 19:32 -------- d-----w- c:\program files\PizzaPanic_at
2009-06-27 22:47 . 2008-12-07 16:46 -------- d-----w- c:\program files\MumboJumbo
2009-06-27 22:45 . 2005-08-25 04:11 -------- d-----w- c:\program files\Rockstar Games
2009-06-27 22:44 . 2009-04-03 20:31 -------- d-----w- c:\program files\Google
2009-06-27 22:14 . 2008-02-16 21:45 -------- d-----w- c:\program files\eMusic Download Manager
2009-06-27 22:14 . 2009-01-10 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-27 22:12 . 2005-02-10 23:52 -------- d-----w- c:\program files\BigFix
2009-06-27 22:09 . 2007-03-25 17:15 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2009-05-24 02:29 . 2009-05-24 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-24 02:28 . 2009-05-24 02:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-24 02:28 . 2009-05-24 02:28 -------- d-----w- c:\program files\Lavasoft
2009-05-01 21:09 . 2008-08-09 15:58 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2007-08-14 22:56 . 2007-08-14 22:56 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-07-16 13:40 . 2009-02-21 03:16 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-20_17.44.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-22 20:57 . 2009-01-09 22:35 20853704 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"HostManager"="c:\program files\Common Files\AOL\1146091179\ee\AOLSoftware.exe" [2007-10-08 41824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-5-2 67128]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe [2008-12-27 13357056]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146091179\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146091179\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/23/2009 9:28 PM 64160]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/21/2007 6:28 PM 24652]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [12/27/2008 12:27 PM 55840]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]
.
Contents of the 'Scheduled Tasks' folder
2009-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:34]
2009-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2005-04-14 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-10-28 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm035NJUS&fl=0&ptb=pNjJXCdDL_DTyGuyfjMkfA&url=http://www.ask.com/web&q={searchTerms}&l=zj&o=sb
mStart Page = hxxp://www.gatewaybiz.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xm0iv32q.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.aol.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 16:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1718485107-1014299382-342967563-1006\Software\SecuROM\License information*]
"datasecu"=hex:36,80,eb,f4,bf,a3,0b,b9,a9,db,95,8e,ec,8f,d6,65,c4,27,b0,d9,f6,
57,5a,ba,26,c0,34,74,eb,ee,ae,a9,95,7d,d8,07,b7,d7,87,7e,95,2c,e9,18,4e,ea,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
------------------------ Other Running Processes ------------------------
.
c:\program files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\wanmpsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\1146091179\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
.
**************************************************************************
.
Completion time: 2009-07-22 16:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-22 21:28
ComboFix2.txt 2009-07-20 17:47
Pre-Run: 148,063,211,520 bytes free
Post-Run: 147,927,625,728 bytes free
234 --- E O F --- 2009-07-22 21:00
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Kaspersky log
How are things running now ?
smokinells
2009-07-25, 16:10
I have tried to run the Kaspersky tool several times. The screen goes wacko; whites out, title blocks moving all over the place, icons changing. I seems like the scanner is still running, so I let it run. After the scan, I see the button for saving the log file (not where it is supposed to be), so I click it, but then the button greys out and the computer stops working and it wacks out some more. I had to reboot it. I did see where Kaspersky had found threats.
Any ideas?
The computer does seem to be running better, though still slow. I am not being hijacked any longer, I think.
Try this scan instead ....
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.
smokinells
2009-07-26, 18:34
ANALYSIS: 2009-07-25 23:03:10
PROTECTIONS: 0
MALWARE: 31
SUSPECTS: 228
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@linksynergy[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\system@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@burstnet[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@www.burstbeacon[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
00551571 Trj/Agent.LJO Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxeiurrjcb.dll.vir
00551571 Trj/Agent.LJO Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1111\A0135315.dll
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1110\A0135311.sys
00817021 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1111\A0135317.dll
00817021 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthbphacknpqslqmetputoqoanhyxskkchp.dll.vir
00817049 Bck/Tdss.AQ Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ovfsthbdovfgqbrnxvcartqptnmmpvitlnmeow.sys.vir
00817049 Bck/Tdss.AQ Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1111\A0135316.sys
00957293 Generic Worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1112\A0135969.exe
00957293 Generic Worm Virus/Worm No 0 Yes No C:\Qoobox\Quarantine\[4]-Submit_2009-07-22_16.03.39.zip[Suspect_ser.exe.vir]
00957293 Generic Worm Virus/Worm No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\ser.exe.vir
00967002 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1111\A0135416.dll
00967002 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1111\A0135410.dll
00967002 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\yurobika.dll.vir
00967002 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\vohodane.dll.vir
00981870 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\yuzonofe.dll.vir
00981870 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1111\A0135417.dll
00981870 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\wovohudi.dll.vir
00981870 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1111\A0135413.dll
02083437 Generic Malware Virus/Trojan No 0 Yes No C:\office\Extras\MathType 5.1\mtype_v5_1_keygen.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1112\A0135984.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1111\A0135318.sys
05466532 Adware/SystemGuard2009 Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthidxjomauvddvnouogvxgqsihjpedspvw.dll.vir
05466532 Adware/SystemGuard2009 Adware No 0 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1111\A0135314.dll
05484535 Adware/SystemGuard2009 Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthwjorxmtwwuybfsixpnyvkypemsselmxr.dll.vir
05484535 Adware/SystemGuard2009 Adware No 0 Yes No C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1111\A0135313.dll
;==
smokinells
2009-07-26, 18:36
SUSPECTS
Sent Location
;==
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreamingExtras.Resources_ko.lproj_QuickTimeStreamingExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreamingExtras.Resources_ja.lproj_QuickTimeStreamingExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreamingExtras.Resources_it.lproj_QuickTimeStreamingExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreamingExtras.Resources_fr.lproj_QuickTimeStreamingExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreamingExtras.Resources_es.lproj_QuickTimeStreamingExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreamingAuthoring.Resources_zh_TW.lproj_QuickTimeStreamingAuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreamingAuthoring.Resources_sv.lproj_QuickTimeStreamingAuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreamingAuthoring.Resources_ru.lproj_QuickTimeStreamingAuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreamingAuthoring.Resources_nb.lproj_QuickTimeStreamingAuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreaming.Resources_zh_TW.lproj_QuickTimeStreamingLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreaming.Resources_nb.lproj_QuickTimeStreamingLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreaming.Resources_ja.lproj_QuickTimeStreamingLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreaming.Resources_it.lproj_QuickTimeStreamingLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreaming.Resources_fr.lproj_QuickTimeStreamingLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreaming.Resources_es.lproj_QuickTimeStreamingLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeStreaming.Resources_da.lproj_QuickTimeStreamingLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeQD3D.Resources_zh_TW.lproj_QuickTimeQD3DLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeQD3D.Resources_sv.lproj_QuickTimeQD3DLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimePlayer.Resources_da.lproj_QuickTimePlayerLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMusic.Resources_sv.lproj_QuickTimeMusicLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMusic.Resources_ru.lproj_QuickTimeMusicLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMusic.Resources_pl.lproj_QuickTimeMusicLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMusic.Resources_ko.lproj_QuickTimeMusicLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMusic.Resources_ja.lproj_QuickTimeMusicLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMusic.Resources_da.lproj_QuickTimeMusicLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMPEG4Authoring.Resources_ru.lproj_QuickTimeMPEG4AuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMPEG4Authoring.Resources_pl.lproj_QuickTimeMPEG4AuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMPEG4.Resources_sv.lproj_QuickTimeMPEG4Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMPEG4.Resources_ru.lproj_QuickTimeMPEG4Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMPEG4.Resources_pl.lproj_QuickTimeMPEG4Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMPEG4.Resources_ja.lproj_QuickTimeMPEG4Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMPEG4.Resources_it.lproj_QuickTimeMPEG4Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMPEG.Resources_ru.lproj_QuickTimeMPEGLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMPEG.Resources_ja.lproj_QuickTimeMPEGLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeMPEG.Resources_es.lproj_QuickTimeMPEGLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeInternetExtras.Resources_zh_TW.lproj_QuickTimeInternetExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeInternetExtras.Resources_sv.lproj_QuickTimeInternetExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeInternetExtras.Resources_ru.lproj_QuickTimeInternetExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeInternetExtras.Resources_pl.lproj_QuickTimeInternetExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeInternetExtras.Resources_ko.lproj_QuickTimeInternetExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeInternetExtras.Resources_ja.lproj_QuickTimeInternetExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeInternetExtras.Resources_it.lproj_QuickTimeInternetExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeInternetExtras.Resources_fr.lproj_QuickTimeInternetExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeInternetExtras.Resources_es.lproj_QuickTimeInternetExtrasLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeImage.Resources_ru.lproj_QuickTimeImageLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeImage.Resources_nb.lproj_QuickTimeImageLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeImage.Resources_ja.lproj_QuickTimeImageLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeImage.Resources_it.lproj_QuickTimeImageLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeImage.Resources_fr.lproj_QuickTimeImageLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeImage.Resources_es.lproj_QuickTimeImageLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeImage.Resources_da.lproj_QuickTimeImageLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeH264.Resources_zh_TW.lproj_QuickTimeH264Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeH264.Resources_sv.lproj_QuickTimeH264Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeH264.Resources_pl.lproj_QuickTimeH264Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeH264.Resources_ko.lproj_QuickTimeH264Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeH264.Resources_ja.lproj_QuickTimeH264Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeH264.Resources_it.lproj_QuickTimeH264Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeH264.Resources_fr.lproj_QuickTimeH264Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeH264.Resources_es.lproj_QuickTimeH264Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeH264.Resources_da.lproj_QuickTimeH264Localized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeEssentials.Resources_ko.lproj_QuickTimeEssentialsLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeEssentials.Resources_ja.lproj_QuickTimeEssentialsLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeEssentials.Resources_it.lproj_QuickTimeEssentialsLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeEssentials.Resources_es.lproj_QuickTimeEssentialsLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeEffects.Resources_zh_TW.lproj_QuickTimeEffectsLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeEffects.Resources_sv.lproj_QuickTimeEffectsLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeEffects.Resources_ru.lproj_QuickTimeEffectsLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeEffects.Resources_ja.lproj_QuickTimeEffectsLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeEffects.Resources_it.lproj_QuickTimeEffectsLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeCapture.Resources_zh_TW.lproj_QuickTimeCaptureLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeCapture.Resources_sv.lproj_QuickTimeCaptureLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeCapture.Resources_ru.lproj_QuickTimeCaptureLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeCapture.Resources_nb.lproj_QuickTimeCaptureLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeCapture.Resources_it.lproj_QuickTimeCaptureLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeCapture.Resources_es.lproj_QuickTimeCaptureLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeCapture.Resources_da.lproj_QuickTimeCaptureLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeAuthoring.Resources_fr.lproj_QuickTimeAuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeAuthoring.Resources_es.lproj_QuickTimeAuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeAuthoring.Resources_da.lproj_QuickTimeAuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeAudioSupport.Resources_zh_TW.lproj_QuickTimeAudioSupportLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeAudioSupport.Resources_sv.lproj_QuickTimeAudioSupportLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeAudioSupport.Resources_nb.lproj_QuickTimeAudioSupportLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTimeAudioSupport.Resources_it.lproj_QuickTimeAudioSupportLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime3GPPAuthoring.Resources_zh_TW.lproj_QuickTime3GPPAuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime3GPPAuthoring.Resources_sv.lproj_QuickTime3GPPAuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime3GPPAuthoring.Resources_da.lproj_QuickTime3GPPAuthoringLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime3GPP.Resources_zh_TW.lproj_QuickTime3GPPLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime3GPP.Resources_sv.lproj_QuickTime3GPPLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime3GPP.Resources_pl.lproj_QuickTime3GPPLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime3GPP.Resources_nb.lproj_QuickTime3GPPLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime3GPP.Resources_fr.lproj_QuickTime3GPPLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime3GPP.Resources_es.lproj_QuickTime3GPPLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime3GPP.Resources_da.lproj_QuickTime3GPPLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime.Resources_zh_TW.lproj_QuickTimeLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime.Resources_ru.lproj_QuickTimeLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][QuickTime.Resources_fr.lproj_QuickTimeLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][PropPanelHelpers.Resources_zh_TW.lproj_PropPanelHelpersLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][PropPanelHelpers.Resources_ja.lproj_PropPanelHelpersLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][PictureViewer.Resources_sv.lproj_PictureViewerLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][PictureViewer.Resources_ko.lproj_PictureViewerLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][PictureViewer.Resources_ja.lproj_PictureViewerLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][PictureViewer.Resources_es.lproj_PictureViewerLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][PictureViewer.Resources_da.lproj_PictureViewerLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][PanelHelperBase.Resources_zh_TW.lproj_PanelHelperBaseLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][PanelHelperBase.Resources_pl.lproj_PanelHelperBaseLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][PanelHelperBase.Resources_it.lproj_PanelHelperBaseLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][PanelHelperBase.Resources_fr.lproj_PanelHelperBaseLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][CoreVideo.Resources_zh_TW.lproj_CoreVideoLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][CoreVideo.Resources_ru.lproj_CoreVideoLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][CoreVideo.Resources_pl.lproj_CoreVideoLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][CoreVideo.Resources_ko.lproj_CoreVideoLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][CoreVideo.Resources_ja.lproj_CoreVideoLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][CoreVideo.Resources_it.lproj_CoreVideoLocalized.qtr]
No C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.55.90.70\QuickTime.msi[unk_0045][CoreVideo.Resources_es.lproj_CoreVideoLocalized.qtr]
smokinells
2009-07-26, 18:37
No C:\Program Files\QuickTime\PictureViewer.Resources\da.lproj\PictureViewerLocalized.qtr
No C:\Program Files\QuickTime\PictureViewer.Resources\es.lproj\PictureViewerLocalized.qtr
No C:\Program Files\QuickTime\PictureViewer.Resources\ja.lproj\PictureViewerLocalized.qtr
No C:\Program Files\QuickTime\PictureViewer.Resources\ko.lproj\PictureViewerLocalized.qtr
No C:\Program Files\QuickTime\PictureViewer.Resources\sv.lproj\PictureViewerLocalized.qtr
No C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\fr.lproj\PanelHelperBaseLocalized.qtr
No C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\it.lproj\PanelHelperBaseLocalized.qtr
No C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\pl.lproj\PanelHelperBaseLocalized.qtr
No C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj\PanelHelperBaseLocalized.qtr
No C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ja.lproj\PropPanelHelpersLocalized.qtr
No C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\es.lproj\CoreVideoLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\it.lproj\CoreVideoLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\ja.lproj\CoreVideoLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\ko.lproj\CoreVideoLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\pl.lproj\CoreVideoLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\ru.lproj\CoreVideoLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\zh_TW.lproj\CoreVideoLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\fr.lproj\QuickTimeLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\ru.lproj\QuickTimeLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\es.lproj\QuickTime3GPPLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\fr.lproj\QuickTime3GPPLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTime3GPPLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\pl.lproj\QuickTime3GPPLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\da.lproj\QuickTime3GPPAuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\sv.lproj\QuickTime3GPPAuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_TW.lproj\QuickTime3GPPAuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\it.lproj\QuickTimeAudioSupportLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nb.lproj\QuickTimeAudioSupportLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\sv.lproj\QuickTimeAudioSupportLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj\QuickTimeAudioSupportLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\da.lproj\QuickTimeAuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\es.lproj\QuickTimeAuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fr.lproj\QuickTimeAuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\da.lproj\QuickTimeCaptureLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\es.lproj\QuickTimeCaptureLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\it.lproj\QuickTimeCaptureLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\nb.lproj\QuickTimeCaptureLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\ru.lproj\QuickTimeCaptureLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeCaptureLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\zh_TW.lproj\QuickTimeCaptureLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\it.lproj\QuickTimeEffectsLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\ja.lproj\QuickTimeEffectsLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\ru.lproj\QuickTimeEffectsLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\sv.lproj\QuickTimeEffectsLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources\zh_TW.lproj\QuickTimeEffectsLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\es.lproj\QuickTimeEssentialsLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\it.lproj\QuickTimeEssentialsLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ja.lproj\QuickTimeEssentialsLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ko.lproj\QuickTimeEssentialsLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\da.lproj\QuickTimeH264Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\es.lproj\QuickTimeH264Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\fr.lproj\QuickTimeH264Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\it.lproj\QuickTimeH264Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\ja.lproj\QuickTimeH264Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\ko.lproj\QuickTimeH264Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\pl.lproj\QuickTimeH264Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\sv.lproj\QuickTimeH264Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources\zh_TW.lproj\QuickTimeH264Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\da.lproj\QuickTimeImageLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\es.lproj\QuickTimeImageLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\fr.lproj\QuickTimeImageLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\it.lproj\QuickTimeImageLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\ja.lproj\QuickTimeImageLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\nb.lproj\QuickTimeImageLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\ru.lproj\QuickTimeImageLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeInternetExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\fr.lproj\QuickTimeInternetExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\it.lproj\QuickTimeInternetExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ja.lproj\QuickTimeInternetExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ko.lproj\QuickTimeInternetExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pl.lproj\QuickTimeInternetExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ru.lproj\QuickTimeInternetExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\sv.lproj\QuickTimeInternetExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\zh_TW.lproj\QuickTimeInternetExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\es.lproj\QuickTimeMPEGLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\ja.lproj\QuickTimeMPEGLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\ru.lproj\QuickTimeMPEGLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\it.lproj\QuickTimeMPEG4Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ja.lproj\QuickTimeMPEG4Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pl.lproj\QuickTimeMPEG4Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ru.lproj\QuickTimeMPEG4Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\sv.lproj\QuickTimeMPEG4Localized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pl.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ru.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\da.lproj\QuickTimeMusicLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\ja.lproj\QuickTimeMusicLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\ko.lproj\QuickTimeMusicLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\pl.lproj\QuickTimeMusicLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\ru.lproj\QuickTimeMusicLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\sv.lproj\QuickTimeMusicLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.Resources\sv.lproj\QuickTimeQD3DLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.Resources\zh_TW.lproj\QuickTimeQD3DLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\da.lproj\QuickTimeStreamingLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\es.lproj\QuickTimeStreamingLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\fr.lproj\QuickTimeStreamingLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\it.lproj\QuickTimeStreamingLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\ja.lproj\QuickTimeStreamingLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\nb.lproj\QuickTimeStreamingLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\nb.lproj\QuickTimeStreamingAuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ru.lproj\QuickTimeStreamingAuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\sv.lproj\QuickTimeStreamingAuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_TW.lproj\QuickTimeStreamingAuthoringLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\es.lproj\QuickTimeStreamingExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\fr.lproj\QuickTimeStreamingExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\it.lproj\QuickTimeStreamingExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ja.lproj\QuickTimeStreamingExtrasLocalized.qtr
No C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ko.lproj\QuickTimeStreamingExtrasLocalized.qtr
No C:\Program Files\QuickTime\QuickTimePlayer.Resources\da.lproj\QuickTimePlayerLocalized.qtr
;=
VULNERABILITIES
Id Severity Description
;==============================
108742 MEDIUM MS06-006
;==============================
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt
You can also delete any logs we have produced, and empty your Recycle bin.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'