Jump to content

SDMFdeeger

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. My computer does seem to be running faster than it has in awhile - could be my imagination though lol
  2. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:21:12 PM, on 11/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\notepad.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe C:\Program Files\Cerberus\Cerberus.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mms.beer.com/ N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop"); user_pref("browser.search.defaultengine", "http://www.google.com/"); user_pref("browser.startup.homepage", "http://home.netscape.com/"); user_pref("browser.startup.homepage_override.mstone", "rv:1.4"); user_pref("browser.turbo.showDialog", true); user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop"); user_pref("browser.search.defaultengine", "http://www.google.com/"); user_pref("browser.startup.homepage", "http://home.netscape.com/"); user_pref("browser.startup.homepage_override.mstone", "rv:1.4"); user_pref("browser.turbo.showDialog", true); user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: Shortcut to Cerberus.exe.lnk = C:\Program Files\Cerberus\Cerberus.exe O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163579087109 O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: ZKMP - Unknown owner - C:\DOCUME~1\Deege\LOCALS~1\Temp\ZKMP.exe (file missing) -- End of file - 6690 bytes
  3. Also, when I started internet explorer, it gave me some warning saying that the system had recovered from a serious error (probably had to do with the attempted delete of that index.dat file maybe?
  4. ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\WINDOWS\system32\drivers\moved\TMPassthru.sys moved successfully. C:\Program Files\AIM\Sysfiles\WxBug.EXE moved successfully. C:\Documents and Settings\Deege\Desktop\Deege's Stuff\Programs\overnet0.52.exe moved successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_798.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11122008_191256 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_798.dat not found!
  5. The reason that this file below is in the directory /moved/ is because I moved 3 files that I suspected may be re-creating problem files into that directory. C:\WINDOWS\system32\drivers\moved\TMPassthru.sys
  6. # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3602 (20081111) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=aa1c40cf4095634183a71abf3849a6c6 # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2008-11-11 03:37:31 # local_time=2008-11-11 10:37:31 (-0500, Eastern Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=462888 # found=7 # scan_time=5040 C:\Documents and Settings\Deege\Desktop\Deege's Stuff\Programs\overnet0.52.exe Win32/Adware.UCmore application C86B34078C12A472F5C1933EEA714B7A C:\Documents and Settings\Deege\Desktop\Deege's Stuff\Programs\overnet0.52.exe
  7. I don't have any antivirus programs installed, because quite frankly, they bug me. They usually tend to slow down my computer and bother me more than viruses do LOL (But I do use online scanners very frequently), not to mention Malwarebytes, Spybot, Adaware, etc. I will run these scanners and post these logs in a few mins.
  8. ComboFix 08-11-05.02 - Deege 2008-11-06 2:02:53.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639 [GMT -5:00] Running from: c:\documents and settings\Deege\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 ))))))))))))))))))))))))))))))) . 2008-11-06 01:50 . 2008-11-06 01:55 <DIR> d-------- c:\program files\XoftSpySE 2008-11-06 01:38 . 2008-11-06 01:38 <DIR> d-------- c:\windows\system32\drivers\moved 2008-11-06 00:25 . 2008-11-06 00:25 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-11-06 00:25 . 2008-11-06 00:25 <DIR> d-------- c:\documents and settings\Deege\Application Data\SUPERAntiSpyware.com 2008-11-06 00:25 . 2008-11-06 00:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-11-06 00:25 . 2008-11-06 00:25 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-06 00:14 . 2008-11-06 00:14 <DIR> d-------- c:\program files\CCleaner 2008-11-06 00:04 . 2008-11-06 01:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater 2008-11-03 03:17 . 2008-09-06 15:09 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx 2008-11-03 03:17 . 2008-09-06 15:09 57,344 --a------ c:\windows\system32\QuickTime.qts 2008-11-03 02:32 . 2008-11-03 03:17 <DIR> d-------- c:\program files\QuickTime Alternative 2008-10-26 02:11 . 2008-10-26 02:19 <DIR> d-------- c:\program files\EsetOnlineScanner 2008-10-26 02:08 . 2008-10-26 02:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-10-25 19:56 . 2003-06-25 15:05 266,360 --a------ c:\windows\system32\TweakUI.exe 2008-10-25 19:56 . 2002-06-21 14:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf 2008-10-25 19:42 . 2008-10-25 19:42 <DIR> d-------- c:\documents and settings\Administrator.DEEGER\Application Data\Malwarebytes 2008-10-25 19:34 . 2008-10-25 19:34 0 --a------ c:\windows\system32\SEF 2008-10-25 05:08 . 2008-10-25 05:08 <DIR> d-------- c:\program files\Sophos 2008-10-25 05:01 . 2008-10-25 19:51 250 --a------ c:\windows\gmer.ini 2008-10-24 04:25 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-21 18:42 . 2008-10-21 18:42 0 --a------ c:\windows\system32\CIYZYF 2008-10-21 18:39 . 2008-10-21 18:39 0 --a------ c:\windows\system32\ERRYNGLEYNC 2008-10-21 10:54 . 2008-10-21 15:43 7 --a------ c:\windows\system32\axt.bin 2008-10-21 10:34 . 2008-10-21 10:34 8,576 --a------ c:\windows\system32\drivers\TMPassthru.sys 2008-10-21 10:34 . 2008-10-21 10:34 664 --a------ c:\windows\system32\adr95.bin 2008-10-16 03:10 . 2008-10-16 03:10 <DIR> d-------- c:\program files\coverXP 2008-10-15 20:51 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-15 20:50 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 20:50 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 20:50 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 20:50 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 20:50 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-06 06:07 --------- d-----w c:\program files\Common Files\Adobe 2008-11-06 06:06 --------- d-----w c:\program files\Google 2008-11-06 05:25 --------- d-----w c:\program files\Java 2008-11-06 05:25 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-06 05:21 --------- d-----w c:\program files\GetRight 2008-11-06 05:21 --------- d-----w c:\documents and settings\Deege\Application Data\ImgBurn 2008-11-06 05:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-06 05:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-05 07:13 --------- d-----w c:\documents and settings\Deege\Application Data\dvdcss 2008-11-03 08:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-11-03 07:54 --------- d-----w c:\program files\Apple Software Update 2008-11-03 07:36 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity 2008-11-03 07:32 --------- d-----w c:\documents and settings\Deege\Application Data\Apple Computer 2008-10-30 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2008-10-25 09:56 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-10-25 09:20 --------- d-----w c:\program files\Soulseek 2008-10-22 20:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 20:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-18 06:13 --------- d-----w c:\documents and settings\Deege\Application Data\Vso 2008-10-17 08:03 --------- d-----w c:\program files\mIRC 2008-10-05 06:54 --------- d-----w c:\program files\DVDFab 5 2008-10-05 06:47 --------- d-----w c:\program files\DVDFab Platinum 3 2008-10-05 06:46 87,608 ----a-w c:\documents and settings\Deege\Application Data\ezpinst.exe 2008-10-05 06:46 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2008-10-05 06:46 47,360 ----a-w c:\documents and settings\Deege\Application Data\pcouffin.sys 2008-10-04 21:08 --------- d-----w c:\documents and settings\Deege\Application Data\DVD Flick 2008-09-29 06:44 --------- d-----w c:\program files\MSN Messenger 2008-09-29 05:37 --------- d-----w c:\documents and settings\Deege\Application Data\Media Player Classic 2008-09-17 05:47 --------- d-----w c:\program files\Common Files\Ahead 2008-09-17 05:47 --------- d-----w c:\program files\Ahead 2008-09-17 05:29 --------- d-----w c:\documents and settings\All Users\Application Data\zozqrebg 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-15 02:32 --------- d--h--w c:\program files\InstallShield Installation Information 2008-09-14 12:21 --------- d-----w c:\program files\Trend Micro 2008-09-14 12:12 --------- d-----w c:\program files\FTP Explorer 2008-09-14 11:55 --------- d-----w c:\documents and settings\Deege\Application Data\GlobalSCAPE 2008-09-14 11:53 --------- d-----w c:\program files\GlobalSCAPE 2008-09-14 08:18 --------- d-----w c:\program files\SmartFTP Client 2.0 Setup Files 2008-09-13 08:00 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys 2008-09-13 01:56 --------- d-----w c:\documents and settings\Deege\Application Data\Malwarebytes 2008-09-13 01:56 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-09-13 00:51 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe 2005-12-14 06:13 36 ----a-w c:\documents and settings\Deege\klextlock.dat 2002-04-16 15:26 333 ----a-w c:\program files\about 2002-04-16 14:35 195,072 ----a-w c:\program files\lame.exe 2002-04-16 14:35 145,920 ----a-w c:\program files\lame_enc.dll 2002-01-22 05:24 25,632 ----a-w c:\program files\USAGE 2002-01-22 05:19 1,801 ----a-w c:\program files\README 2001-02-05 10:56 707 ----a-w c:\program files\LICENSE 2000-03-08 12:37 30 ----a-w c:\program files\FILE_ID.DIZ 1999-11-24 17:40 25,292 ----a-w c:\program files\COPYING 2008-06-21 06:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062120080622\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-10-26_ 3.46.52.98 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe + 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe + 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe + 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2008-11-06 06:06:45 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe + 2008-11-03 07:53:13 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe + 2008-11-06 06:08:20 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe + 2008-11-06 05:25:53 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-11-06 05:25:53 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2000-08-31 12:00:00 28,672 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe - 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe - 2007-09-25 03:30:28 135,168 ----a-w c:\windows\system32\java.exe + 2008-11-06 05:25:12 144,792 ----a-w c:\windows\system32\java.exe - 2007-09-25 03:30:30 135,168 ----a-w c:\windows\system32\javaw.exe + 2008-11-06 05:25:12 144,792 ----a-w c:\windows\system32\javaw.exe - 2007-09-25 04:31:42 139,264 ----a-w c:\windows\system32\javaws.exe + 2008-11-06 05:25:12 148,888 ----a-w c:\windows\system32\javaws.exe - 2008-06-21 06:20:32 63,528 ----a-w c:\windows\system32\perfc009.dat + 2008-11-03 07:56:14 63,528 ----a-w c:\windows\system32\perfc009.dat - 2008-06-21 06:20:32 406,328 ----a-w c:\windows\system32\perfh009.dat + 2008-11-03 07:56:14 406,328 ----a-w c:\windows\system32\perfh009.dat + 2008-11-06 06:42:45 16,384 ----atw c:\windows\temp\Perflib_Perfdata_770.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-18 8720384] c:\documents and settings\Deege\Start Menu\Programs\Startup\ Shortcut to Cerberus.exe.lnk - c:\program files\Cerberus\Cerberus.exe [2006-09-11 3481600] c:\documents and settings\All Users\Start Menu\Programs\Startup\ FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe [2007-03-09 1069056] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TMPassthru.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Deege\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Cerberus FTP Server.lnk] path=c:\documents and settings\Deege\Start Menu\Programs\Startup\Cerberus FTP Server.lnk backup=c:\windows\pss\Cerberus FTP Server.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk] path=c:\documents and settings\Deege\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk backup=c:\windows\pss\GetRight - Tray Icon.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Shortcut to Cerberus.exe.lnk] path=c:\documents and settings\Deege\Start Menu\Programs\Startup\Shortcut to Cerberus.exe.lnk backup=c:\windows\pss\Shortcut to Cerberus.exe.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gkityqda] c:\documents and settings\Deege\My Documents\?ymbols\t?skmgr.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2004-08-10 10:37 61440 c:\program files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM] --a------ 2004-04-10 22:51 144896 c:\progra~1\AIM\DeadAIM.ocm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 16:15 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] --a------ 2007-03-15 14:57 1033800 c:\program files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] --a------ 2007-12-18 20:47 8720384 c:\program files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-01-20 02:05 217088 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-01-12 02:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwPrnMon] -ra------ 2005-09-29 14:20 548864 c:\program files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-08-12 04:23 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr] --a------ 2005-02-16 23:03 106496 c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule] --a------ 2005-05-04 16:51 282624 c:\program files\WinFast\WFTVFM\WFWIZ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2006-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "IDriverT"=3 (0x3) "iPodService"=3 (0x3) "ZuneNetworkSvc"=3 (0x3) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "usnjsvc"=3 (0x3) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Cerberus\\Cerberus.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\ICQ\\Icq.exe"= "c:\\Program Files\\SmartFTP\\SmartFTP.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Direct Connect\\Direct Connect.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Team MediaPortal\\MediaPortal\\MediaPortal.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= R1 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys [2008-10-21 8576] R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2004-10-04 75925] R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-06 152984] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2004-10-04 36423] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys [2004-10-04 10005] R3 ews88mt;EWS88 WDM Audio;c:\windows\system32\drivers\ews88wdm.sys [2002-06-13 149256] S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\5.tmp [ ] S3 pae_1394;pae_1394;c:\windows\system32\Drivers\pae_1394.sys [2005-06-09 111616] S3 pae_avs;pae_avs;c:\windows\system32\Drivers\pae_avs.sys [2005-06-09 27136] S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 9446] S4 BTDZ;BTDZ;c:\docume~1\Deege\LOCALS~1\Temp\BTDZ.exe [ ] S4 NFSTE;NFSTE;c:\docume~1\Deege\LOCALS~1\Temp\NFSTE.exe [ ] S4 QBQKRDDKN;QBQKRDDKN;c:\docume~1\Deege\LOCALS~1\Temp\QBQKRDDKN.exe [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\Setup.exe -auto . Contents of the 'Scheduled Tasks' folder 2008-11-06 c:\windows\Tasks\859B293E9A10D756.job - c:\docume~1\deege\applic~1\2comp~1\roam vc mfcd.exe [] 2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Deege\Application Data\Mozilla\Firefox\Profiles\8kqe0byr.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 02:06:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\5.tmp" . Completion time: 2008-11-06 2:12:10 ComboFix-quarantined-files.txt 2008-11-06 07:11:08 ComboFix2.txt 2008-10-26 07:47:48 Pre-Run: 53,312,679,936 bytes free Post-Run: 53,318,746,112 bytes free 279 --- E O F --- 2008-10-25 07:01:15 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:13:08 AM, on 11/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\BitTornado\btdownloadgui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mms.beer.com/ N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop"); user_pref("browser.search.defaultengine", "http://www.google.com/"); user_pref("browser.startup.homepage", "http://home.netscape.com/"); user_pref("browser.startup.homepage_override.mstone", "rv:1.4"); user_pref("browser.turbo.showDialog", true); user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop"); user_pref("browser.search.defaultengine", "http://www.google.com/"); user_pref("browser.startup.homepage", "http://home.netscape.com/"); user_pref("browser.startup.homepage_override.mstone", "rv:1.4"); user_pref("browser.turbo.showDialog", true); user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: Shortcut to Cerberus.exe.lnk = C:\Program Files\Cerberus\Cerberus.exe O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163579087109 O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: ZKMP - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Deege\LOCALS~1\Temp\ZKMP.exe -- End of file - 6491 bytes
  9. GMER does not warn me of rootkit activity - however, after a minute or two into the rootkit scan, my computer automatically restarts itself with no warning. I tried it twice - the 2nd time it restarted right around the time it was scanning the /devices/
  10. I am going to do this in several steps so I can do one tool at a time. Here is the log.txt and info.txt from RSIT: Logfile of random's system information tool 1.04 (written by random/random) Run by Deege at 2008-11-08 14:35:21 Microsoft Windows XP Professional Service Pack 3 System drive C: has 50 GB (38%) free of 131 GB Total RAM: 1023 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:35:29 PM, on 11/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\BitTornado\btdownloadgui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Deege\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Deege.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mms.beer.com/ N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop"); user_pref("browser.search.defaultengine", "http://www.google.com/"); user_pref("browser.startup.homepage", "http://home.netscape.com/"); user_pref("browser.startup.homepage_override.mstone", "rv:1.4"); user_pref("browser.turbo.showDialog", true); user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop"); user_pref("browser.search.defaultengine", "http://www.google.com/"); user_pref("browser.startup.homepage", "http://home.netscape.com/"); user_pref("browser.startup.homepage_override.mstone", "rv:1.4"); user_pref("browser.turbo.showDialog", true); user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: Shortcut to Cerberus.exe.lnk = C:\Program Files\Cerberus\Cerberus.exe O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163579087109 O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- End of file - 6327 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\859B293E9A10D756.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Deege.job C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Deege.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-06 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-06 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-06 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-06 136600] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe [2004-08-10 61440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM] C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-04-10 144896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gkityqda] C:\Documents and Settings\Deege\My Documents\?ymbols\t?skmgr.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] C:\Program Files\Kontiki\KHost.exe [2007-03-15 1033800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe [2007-12-18 8720384] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwPrnMon] C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe [2005-09-29 548864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-12 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe [2005-02-16 106496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-05-04 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-11-30 4662776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Adobe Gamma.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Cerberus FTP Server.lnk] C:\Documents and Settings\Deege\Application Data\Microsoft\Installer\{5C635813-A908-4F35-9699-A30F34DCF7A9}\_5D784EEFB0D8F564BDBC41.exe [2007-01-27 90126] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk] C:\PROGRA~1\GetRight\getright.exe [2004-03-24 2121728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Deege^Start Menu^Programs^Startup^Shortcut to Cerberus.exe.lnk] C:\PROGRA~1\Cerberus\Cerberus.exe [2006-09-11 3481600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "IDriverT"=3 "iPodService"=3 "ZuneNetworkSvc"=3 "iPod Service"=3 "Apple Mobile Device"=2 "WMPNetworkSvc"=3 "usnjsvc"=3 "Adobe LM Service"=3 C:\Documents and Settings\All Users\Start Menu\Programs\Startup FirePod Control Panel.lnk - C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe C:\Documents and Settings\Deege\Start Menu\Programs\Startup Shortcut to Cerberus.exe.lnk - C:\Program Files\Cerberus\Cerberus.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TMPassthru.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TMPassthru.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger" "C:\Program Files\Cerberus\Cerberus.exe"="C:\Program Files\Cerberus\Cerberus.exe:*:Enabled:Cerberus FTP Server Application" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ" "C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek" "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Direct Connect\Direct Connect.exe"="C:\Program Files\Direct Connect\Direct Connect.exe:*:Enabled:Direct Connect" "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service" "C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe"="C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe:*:Disabled: " "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe"="C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe:*:Enabled:FTP Transfer Engine" "C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\Setup.exe -auto ======File associations====== .js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2008-11-08 14:35:20 ----D---- C:\rsit 2008-11-07 17:55:43 ----D---- C:\WINDOWS\LastGood 2008-11-06 10:58:58 ----SHD---- C:\RECYCLER 2008-11-06 02:12:12 ----A---- C:\ComboFix.txt 2008-11-06 01:50:59 ----D---- C:\Program Files\XoftSpySE 2008-11-06 01:42:31 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-06 00:25:55 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-11-06 00:25:50 ----D---- C:\Program Files\SUPERAntiSpyware 2008-11-06 00:25:50 ----D---- C:\Documents and Settings\Deege\Application Data\SUPERAntiSpyware.com 2008-11-06 00:25:27 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-06 00:25:27 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-06 00:25:27 ----A---- C:\WINDOWS\system32\java.exe 2008-11-06 00:25:27 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-06 00:14:49 ----D---- C:\Program Files\CCleaner 2008-11-03 02:32:24 ----D---- C:\Program Files\QuickTime Alternative 2008-10-26 02:47:49 ----D---- C:\WINDOWS\temp 2008-10-26 02:11:03 ----D---- C:\Program Files\EsetOnlineScanner 2008-10-26 02:08:52 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-10-26 02:07:09 ----A---- C:\Boot.bak 2008-10-26 02:07:01 ----D---- C:\cmdcons 2008-10-26 02:05:58 ----A---- C:\WINDOWS\zip.exe 2008-10-26 02:05:58 ----A---- C:\WINDOWS\VFIND.exe 2008-10-26 02:05:58 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-10-26 02:05:58 ----A---- C:\WINDOWS\SWSC.exe 2008-10-26 02:05:58 ----A---- C:\WINDOWS\SWREG.exe 2008-10-26 02:05:58 ----A---- C:\WINDOWS\sed.exe 2008-10-26 02:05:58 ----A---- C:\WINDOWS\NIRCMD.exe 2008-10-26 02:05:58 ----A---- C:\WINDOWS\grep.exe 2008-10-26 02:05:58 ----A---- C:\WINDOWS\fdsv.exe 2008-10-26 02:05:54 ----D---- C:\WINDOWS\ERDNT 2008-10-26 02:05:54 ----D---- C:\Qoobox 2008-10-25 19:56:54 ----A---- C:\WINDOWS\system32\TweakUI.exe 2008-10-25 05:08:56 ----D---- C:\Program Files\Sophos 2008-10-25 05:01:02 ----A---- C:\WINDOWS\gmer.ini 2008-10-25 05:00:49 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-10-25 05:00:49 ----A---- C:\WINDOWS\gmer.exe 2008-10-25 05:00:49 ----A---- C:\WINDOWS\gmer.dll 2008-10-18 06:38:30 ----A---- C:\WINDOWS\rinopref.txt 2008-10-16 03:10:12 ----D---- C:\Program Files\coverXP ======List of files/folders modified in the last 1 months====== 2008-11-08 14:35:25 ----D---- C:\WINDOWS\Prefetch 2008-11-08 14:34:26 ----D---- C:\Program Files\Trend Micro 2008-11-08 00:36:27 ----D---- C:\Documents and Settings\Deege\Application Data\dvdcss 2008-11-07 17:58:19 ----HD---- C:\WINDOWS\inf 2008-11-07 17:58:19 ----D---- C:\WINDOWS\system32 2008-11-07 17:58:12 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-07 17:58:12 ----D---- C:\WINDOWS 2008-11-07 17:58:10 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-07 17:55:51 ----D---- C:\WINDOWS\Help 2008-11-07 17:55:43 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-07 08:54:24 ----D---- C:\Program Files\Mozilla Firefox 2008-11-07 08:08:14 ----D---- C:\Temp 2008-11-07 08:08:07 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-07 07:53:42 ----D---- C:\Program Files\Google 2008-11-07 07:53:26 ----D---- C:\WINDOWS\system32\drivers 2008-11-07 07:44:41 ----SD---- C:\WINDOWS\Tasks 2008-11-07 07:44:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-06 10:59:47 ----RD---- C:\Program Files 2008-11-06 10:59:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-11-06 02:06:43 ----A---- C:\WINDOWS\system.ini 2008-11-06 02:05:06 ----D---- C:\WINDOWS\AppPatch 2008-11-06 02:05:06 ----D---- C:\Program Files\Common Files 2008-11-06 01:40:22 ----D---- C:\WINDOWS\system32\LogFiles 2008-11-06 01:08:22 ----SHD---- C:\WINDOWS\Installer 2008-11-06 01:08:21 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-11-06 01:08:21 ----D---- C:\Config.Msi 2008-11-06 01:07:58 ----D---- C:\Program Files\Common Files\Adobe 2008-11-06 01:07:43 ----D---- C:\Program Files\Adobe 2008-11-06 00:48:22 ----SHD---- C:\System Volume Information 2008-11-06 00:48:22 ----D---- C:\WINDOWS\system32\Restore 2008-11-06 00:25:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-11-06 00:25:09 ----D---- C:\Program Files\Java 2008-11-06 00:21:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-06 00:21:32 ----D---- C:\Program Files\GetRight 2008-11-06 00:21:32 ----D---- C:\Documents and Settings\Deege\Application Data\ImgBurn 2008-11-06 00:20:42 ----D---- C:\WINDOWS\Debug 2008-11-06 00:20:40 ----D---- C:\WINDOWS\Minidump 2008-11-03 03:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-11-03 02:56:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-03 02:54:46 ----D---- C:\Program Files\Apple Software Update 2008-11-03 02:36:18 ----D---- C:\Documents and Settings\All Users\Application Data\WholeSecurity 2008-11-03 02:32:15 ----D---- C:\Documents and Settings\Deege\Application Data\Apple Computer 2008-10-29 19:47:08 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-28 04:56:32 ----D---- C:\Program Files\Xara 2008-10-28 04:56:32 ----D---- C:\Program Files\Windows Media Player 2008-10-28 04:56:31 ----D---- C:\Program Files\Windows Media Connect 2 2008-10-28 04:56:31 ----D---- C:\Program Files\Winamp 2008-10-28 04:56:31 ----D---- C:\Program Files\Waves 2008-10-28 04:56:31 ----D---- C:\Program Files\Wal-Mart Music Downloads Store 2008-10-28 04:56:28 ----D---- C:\Program Files\PC Inspector File Recovery 2008-10-28 04:56:27 ----D---- C:\Program Files\Movie Maker 2008-10-28 04:56:21 ----D---- C:\Program Files\Cerberus 2008-10-28 04:56:21 ----D---- C:\Program Files\Bass Chorus 2008-10-28 04:56:21 ----D---- C:\Program Files\AIM 2008-10-28 04:56:20 ----D---- C:\Program Files\DivX 2008-10-28 04:56:19 ----D---- C:\Program Files\Direct Connect 2008-10-28 04:56:18 ----D---- C:\Program Files\Drumagog40 2008-10-28 04:56:17 ----D---- C:\Program Files\Fx ReSound 2008-10-28 04:56:16 ----D---- C:\Program Files\FLAC 2008-10-28 04:56:14 ----D---- C:\Program Files\Kazaa Lite Revolution 2008-10-28 04:56:13 ----D---- C:\Program Files\MicModDX 2008-10-28 04:56:13 ----D---- C:\Program Files\Messenger 2008-10-28 04:56:13 ----D---- C:\Program Files\LiveUpdate 2008-10-28 04:56:13 ----D---- C:\Program Files\LimeWire 2008-10-28 04:56:12 ----D---- C:\Program Files\mobile PhoneTools 2008-10-28 04:56:12 ----D---- C:\Program Files\MKVtoolnix 2008-10-28 04:56:12 ----D---- C:\Program Files\ICQ 2008-10-28 04:56:09 ----AD---- C:\Program Files\ACM 2008-10-26 02:36:02 ----D---- C:\WINDOWS\system32\config 2008-10-26 02:07:09 ----RASH---- C:\boot.ini 2008-10-25 04:20:03 ----D---- C:\Program Files\Soulseek 2008-10-25 02:00:25 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-21 15:24:35 ----A---- C:\WINDOWS\win.ini 2008-10-18 01:13:17 ----D---- C:\Documents and Settings\Deege\Application Data\Vso 2008-10-17 03:03:08 ----D---- C:\Program Files\mIRC 2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll 2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll 2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll 2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll 2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe 2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll 2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui 2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui 2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll 2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll 2008-10-16 02:46:19 ----D---- C:\Program Files\Internet Explorer 2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-09 22:16:58 ----D---- C:\My Music ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760] R1 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512] R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 75925] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 36423] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 10005] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ews88mt;EWS88 WDM Audio; C:\WINDOWS\system32\drivers\ews88wdm.sys [2002-06-13 149256] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-05 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368] R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VIAudio;VIA AC'97 Enhanced Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2001-09-10 42880] R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912] R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-05-24 11392] S1 HWIONT;HWIONT; \??\C:\DOCUME~1\Deege\LOCALS~1\Temp\Rar$EX00.016\HWIONT.sys [] S1 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Sandra.sys [] S1 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\DScaler\DSDrv4.sys [] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-25 85969] S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\5.tmp [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648] S3 pae_1394;pae_1394; C:\WINDOWS\System32\Drivers\pae_1394.sys [2005-06-09 111616] S3 pae_avs;pae_avs; C:\WINDOWS\System32\Drivers\pae_avs.sys [2005-06-09 27136] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672] S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248] S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-06 152984] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-22 170640] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-08-10 26488] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-15 72704] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] S4 BNNQWP;BNNQWP; C:\DOCUME~1\Deege\LOCALS~1\Temp\BNNQWP.exe [2008-11-06 498560] S4 BTDZ;BTDZ; C:\DOCUME~1\Deege\LOCALS~1\Temp\BTDZ.exe [] S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S4 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-03-15 3069512] S4 NFSTE;NFSTE; C:\DOCUME~1\Deege\LOCALS~1\Temp\NFSTE.exe [] S4 QBQKRDDKN;QBQKRDDKN; C:\DOCUME~1\Deege\LOCALS~1\Temp\QBQKRDDKN.exe [] S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-10-29 86016] S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] -----------------EOF----------------- info.txt logfile of random's system information tool 1.04 2008-11-08 14:35:32 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ac3Tool (remove only)-->"C:\Program Files\BlackSunSoft.net\Ac3Tool\uninstall-Ac3Tool.EXE" Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Audition 1.0-->MsiExec.exe /I{81E76DE9-BBCB-449C-91BB-6E4E5436D496} Adobe Audition 2.0-->msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC} Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102} Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE} Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Ahead Nero Burning ROM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL AMP Font Viewer-->"C:\Program Files\AMP Font Viewer\uninstall.exe" AmpegSVX-->C:\Program Files\InstallShield Installation Information\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly AmpliTube2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB6691DA-66D3-412E-9853-641CF7D0C35A}\Setup.exe" -l0x9 uninstall Antares Autotune DX v4.12-->C:\PROGRA~1\Antares\AUTOTU~1\ANTARE~1\UNWISE.EXE C:\PROGRA~1\Antares\AUTOTU~1\ANTARE~1\INSTALL.LOG Antares Microphone Modeler 1.31 DirectX-->C:\PROGRA~1\MicModDX\UNWISE.EXE C:\PROGRA~1\MicModDX\INSTALL.LOG AOL HI-Q Video-->C:\Program Files\Kontiki\HiQUninstaller.exe AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Axialis AX CDPlayer 2.6-->C:\Program Files\Axialis\AXCDPlayer\UnInstall.exe "AXCDPlayer" "AXCDPlay.exe" BadCopy Pro-->C:\PROGRA~1\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~1\Jufsoft\BadCopy\INSTALL.LOG BBE Sonic Maximizer Plugin-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BBE\BBE Sonic Maximizer Plugin\Uninst.isu" BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe Canon IXY 300a, PowerShot S330, IXUS 330 WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EC801A21-7DDA-4730-ADCF-ADD403C405A7} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe" Cerberus FTP Server-->MsiExec.exe /I{5C635813-A908-4F35-9699-A30F34DCF7A9} Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe CoreFLAC Audio Decoder+Source Filter (remove only)-->"C:\WINDOWS\system32\CoreFLACDecoder-uninstall.exe" Corel Business Applications-->E:\Corel\AppMan\Setup\remove.exe Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B} coverXP (remove only)-->"C:\Program Files\coverXP\cxp-uninst.exe" CuteFTP 8 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9 DeadAIM-->MsiExec.exe /I{0F8F3415-CB0A-49A6-A23A-D8390444B127} Digital Media Converter 2.57-->"C:\Program Files\Deskshare\Digital Media Converter\unins000.exe" Direct Connect 2.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Direct Connect\irunin.ini" DiscWizard for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}\Setup.exe" DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Drumagog 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Drumagog40\irunin.ini" DScaler 4.1.10-->"C:\Program Files\DScaler\unins000.exe" DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe" DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe" DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0-->"C:\Program Files\DVDFab 5\unins000.exe" DVDFab Platinum 3.0.5.0-->"C:\Program Files\DVDFab Platinum 3\unins000.exe" Easy AVI/VCD/DVD/MPEG Converter-->"C:\Program Files\Easy AVI VCD DVD MPEG Converter\unins000.exe" EasyRecovery Professional-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1033 eMule-->"C:\Program Files\eMule\Uninstall.exe" ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe EWS88 MT/D ControlPanel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70FED6A0-574B-11D4-8398-0800096F616B}\Setup.exe" -uninst EZdrummer-->MsiExec.exe /I{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7} FLAC Installer 1.1.3b (remove only)-->C:\Program Files\FLAC\uninstall.exe FontFrenzy-->MsiExec.exe /X{A52ACD6B-238E-44C8-90B5-C57BA8926C57} Fx ReSound-->C:\PROGRA~1\FXRESO~1\UNWISE.EXE C:\PROGRA~1\FXRESO~1\INSTALL.LOG GetRight-->C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HxD Hex Editor version 1.7.6.3-->"C:\Program Files\HxD\unins000.exe" ICQ-->C:\PROGRA~1\ICQ\ICQUninstall.EXE ieSpell 2.2.0 (build 647)-->"C:\Program Files\ieSpell\uninst.exe" IK Multimedia Amplitube DX/VST/RTAS v2.0-->C:\PROGRA~1\IKMULT~1\AMPLIT~1\UNWISE.EXE C:\PROGRA~1\IKMULT~1\AMPLIT~1\INSTALL.LOG ImgBurn (Remove Only)-->"C:\Program Files\ImgBurn\uninstall.exe" InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe InterVideo WinDVR 3-->"C:\Program Files\InstallShield Installation Information\{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}\setup.exe" REMOVEALL IsoBuster 2.0-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} iZotope Ozone DX v2.0.1-->C:\PROGRA~1\iZotope\OzoneDX2\UNWISE.EXE C:\PROGRA~1\iZotope\OzoneDX2\INSTALL.LOG Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Kazaa Lite Revolution 2.6 English-->"C:\Program Files\Kazaa Lite Revolution\unins000.exe" K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG LimeWire PRO 4.10.0-->"C:\Program Files\LimeWire\uninstall.exe" LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9 Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB} Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MediaPortal-->MsiExec.exe /I{E95FD367-B0A7-420B-A95A-E8888D3C0C99} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall MKVtoolnix 2.2.0-->C:\Program Files\MKVtoolnix\uninst.exe mobile PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9 Motorola Handset USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44B3522B-195C-488D-84AC-9526FA99CB73}\Setup.exe" Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Deege\Application Data\Move Networks\ie_bin\unins000.exe" Mozilla Firefox (2.0.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mpeg2Decoder 1.1-->"C:\Program Files\Mpeg2Decoder\unins000.exe" MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Netscape (7.1)-->C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)" Nomad Factory Rock Amp Legends VST v1.0-->C:\PROGRA~1\STEINB~1\VSTPLU~1\NOMADF~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\NOMADF~1\INSTALL.LOG Paint Shop Pro 7 Try And Buy-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A} PayPal Plug-In-->C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9 PE Builder 3.1.10-->"c:\pebuilder3110a\unins000.exe" PHASE 88 ControlPanel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEF82C7B-A738-4EE2-9600-39895B21506F}\setup.exe" -l0x9 PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" PreSonus 1394 Audio Driver V2.14.25 (FIREPOD)-->C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\uninst.exe Software\PreSonus\1394AudioDriver_FIREPOD\Setup PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7} PrimoPDF-->"C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml" PSP VintageWarmer 2.0.0-->"C:\Program Files\PSPaudioware\PSP VintageWarmer 2.0.0\uninstall.exe" "/U:C:\Program Files\PSPaudioware\PSP VintageWarmer 2.0.0\irunin.xml" QuickTime Alternative 2.7.0-->"C:\Program Files\QuickTime Alternative\unins000.exe" RapidLeecher-->MsiExec.exe /I{B3940EA5-7872-487E-AF15-CF20DBD65F1B} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Renamer (remove only)-->"C:\Program Files\Renamer\UnInstall.exe" ReValver-->C:\Audio\ReValver\UNWISE.EXE C:\Audio\ReValver\INSTALL.LOG RichFX Player-->RunDll32 C:\PROGRA~1\COMMON~1\RichFX\npvpg004.dll,Uninstall_Player Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe" Riva Producer Lite-->"C:\Program Files\Riva\Riva Producer Lite\unins000.exe" River Past Audio Converter-->C:\WINDOWS\Audio Converter Uninstaller.exe SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872} Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" SmartFTP-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1} Sophos Anti-Rootkit 1.3.1-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove Sothink SWF Decompiler-->"C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe" Soulseek Client 152-->C:\WINDOWS\UnGins.exe "C:\Program Files\Soulseek\install.log" SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe" Sowedoo Easy PDF Converter 6.0-->MsiExec.exe /I{91C6161E-1F6E-4907-B37A-27D520BDC070} SpinAudio VSTDX Wrapper 1.0 Demo-->C:\Program Files\Spin Audio\VSTDX Wrapper\wruninst.exe SpinAudio VST-DX Wrapper Lite-->C:\Program Files\Spin Audio\VSTDX Wrapper Lite\wluninst.exe Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins001.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" Steinberg Cubase LE-->"C:\Program Files\Steinberg\Cubase LE\Uninstall.exe" "C:\Program Files\Steinberg\Cubase LE\Install.log" Steinberg Freefilter v1.2-->C:\PROGRA~1\SPECTR~1\FREEFI~1\UNWISE.EXE C:\PROGRA~1\SPECTR~1\FREEFI~1\INSTALL.LOG Streambox Vcr Suite 2-->"C:\Program Files\StreamboxVcrSuite2\unins000.exe" SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} SurfOffline (remove only)-->"C:\Program Files\SurfOffline\uninstall.exe" The FilmMachine 1.5.4-->"C:\Program Files\The FilmMachine\unins000.exe" TMPGEnc 4.0 XPress-->MsiExec.exe /I{FC5495CB-CDA5-4DCE-99DF-D1567DAF5A86} T-RackS 24 Demo-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IK Multimedia\T-RackS 24 Demo\Uninst.isu" T-RackS 24 v2.0.1-->C:\Audio\IKMULT~1\T-RACK~1\UNWISE.EXE C:\Audio\IKMULT~1\T-RACK~1\INSTALL.LOG Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" Ulead Straight-to-Disc SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2C1E44-7685-4D05-8342-B0DC6422FA47}\Setup.exe" -l0x9 Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" URL Snooper v2.03.08-->"C:\Program Files\URLSnooper2\unins000.exe" V CAST Music Manager -->C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0 VB:FFX-4 Rack-->C:\Program Files\VB\FFX4\uninst.exe C:\Program Files\VB\FFX4 VideoLAN VLC media player 0.8.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe VOB2MPG 2.3-->MsiExec.exe /I{78EFA95D-3310-4035-815B-A46BA4D0C6FA} VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe" Wal-Mart Music Downloads Store-->MsiExec.exe /I{DC9E2F1C-CC14-41B0-AFF5-2AFE87B76A1F} Warp VST V1.0-->C:\WARPVS~1.0\UNWISE.EXE C:\WARPVS~1.0\INSTALL.LOG Waves Diamond Bundle v5.0-->C:\PROGRA~1\Waves\UNINST~1\UNWISE.EXE C:\PROGRA~1\Waves\UNINST~1\INSTALL.LOG Waves Vocal Bundle v1.1-->C:\PROGRA~1\Waves\AIRLOG~1\WAVESV~1\UNWISE.EXE C:\PROGRA~1\Waves\AIRLOG~1\WAVESV~1\INSTALL.LOG Web Album Generator 1.6.5-->"C:\Program Files\Web Album Generator\unins000.exe" Web Image Guru, version 5.5.7-->C:\PROGRA~1\VIMAS\WEBIMA~1\UNWISE.EXE C:\PROGRA~1\VIMAS\WEBIMA~1\INSTALL.LOG Winamp-->"C:\Program Files\Winamp\UninstWA.exe" WinAVIVideoConverter-->"C:\Program Files\WinAVIVideoConverter\unins000.exe" Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Support Tools-->MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA} Windows Vista Upgrade Advisor-->MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinFast Entertainment Center(WDM Driver)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE4AA694-815A-4045-BD49-C94F2BED7458}\setup.exe" WinFast PVR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}\setup.exe" WinFast TV USB II(Driver)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F3D1B82-82EE-410B-8BD3-38671F6B64F8}\Setup.exe" -l0x9 -removeonly WinPcap 3.1 beta4-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Xara Dreamweaver Extension 1.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4498655A-94A6-4F12-929B-D8D6DCA5E0AF}\setup.exe" -l0x9 Xara Menu Maker 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{123D74B2-4F4F-4056-8313-5F1C9FEE332E}\setup.exe" Xara Webstyle 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1656A3E-2744-48B2-95EA-52C4A316551B}\setup.exe" -l0x9 Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Photos Print-at-Home Tool-->C:\WINDOWS\unins000.exe ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Support Tools;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF-----------------
  11. I actually somehow managed to get rid of it - Malwarebytes never finds it. I ran a program called Avenger which finds rootkits, and can delete files - it found no rootkits and couldnt remove the file since it didn't exist (Though it did restart in the middle of checking). Avenger said it didnt' do anything - but then everytime after that, Malwarebytes no longer finds the problem. Not sure why if Avenger didn't do anything - but somehow, the file is gone!
  12. So for awhile now, Mbam has been finding this one problem, saying I have Rootkit.Agent.H in this one file mrxdavv.sys, and it's always unable to delete the file - it says it will on reboot, but it always finds it again when I rescan. When I search for the file myself, it has never existed. There's a file with one V in the file name, but the file it finds always has 2 V's before the .sys extension. I saw a few other threads that got closed (and never fully solved) in the past with people with similar problems, but I've never seen a solution. Was this ever figured out whether or not it was a false positive? Malwarebytes' Anti-Malware 1.30 Database version: 1367 Windows 5.1.2600 Service Pack 3 11/7/2008 7:41:10 AM mbam-log-2008-11-07 (07-41-10).txt Scan type: Quick Scan Objects scanned: 65512 Time elapsed: 9 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot. Here's a Hijackthis log: Logfile of HijackThis v1.99.0 Scan saved at 8:16:25 AM, on 11/7/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe C:\Program Files\Cerberus\Cerberus.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Deege\Desktop\Deege's Stuff\Programs\tools\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mms.beer.com/ N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop"); user_pref("browser.search.defaultengine", "http://www.google.com/"); user_pref("browser.startup.homepage", "http://home.netscape.com/"); user_pref("browser.startup.homepage_override.mstone", "rv:1.4"); user_pref("browser.turbo.showDialog", true); user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\DEEGE\\APPLICATION DATA\\Mozilla\\Profiles\\default\\ivskorpv.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\Deege\\Desktop"); user_pref("browser.search.defaultengine", "http://www.google.com/"); user_pref("browser.startup.homepage", "http://home.netscape.com/"); user_pref("browser.startup.homepage_override.mstone", "rv:1.4"); user_pref("browser.turbo.showDialog", true); user_pref("editor.history_title_0", "www.SDMFworldwide.com ~ View topic - T O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - Startup: Shortcut to Cerberus.exe.lnk = C:\Program Files\Cerberus\Cerberus.exe O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FIREPOD\FIREPOD.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163579087109 O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.