pdukey Posted November 27, 2009 Author ID:162979 Share Posted November 27, 2009 ComboFix 09-11-26.02 - Thomas Family 11/27/2009 10:14.4.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.222 [GMT -5:00]Running from: c:\documents and settings\Thomas Family\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Thomas Family\Desktop\CFScript.txtAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..--------------- FCopy ---------------c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys.((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 ))))))))))))))))))))))))))))))).2009-11-26 14:06 . 2009-11-06 13:28 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll2009-11-26 14:06 . 2009-11-03 14:15 3513624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe2009-11-26 14:06 . 2009-11-03 14:15 2028312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe2009-11-25 14:44 . 2009-11-25 14:44 411368 ----a-w- c:\windows\system32\deploytk.dll2009-11-25 14:05 . 2009-11-25 14:05 -------- d-sh--w- c:\documents and settings\Thomas Family\PrivacIE2009-11-25 14:05 . 2009-11-25 14:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2009-11-25 14:01 . 2009-11-25 14:01 -------- d-sh--w- c:\documents and settings\Thomas Family\IETldCache2009-11-25 13:57 . 2009-11-26 08:04 -------- d-----w- c:\windows\ie8updates2009-11-25 13:52 . 2009-11-25 13:54 -------- dc-h--w- c:\windows\ie82009-11-25 13:48 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll2009-11-25 13:47 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll2009-11-25 13:47 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2009-11-25 13:47 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2009-11-25 13:47 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll2009-11-25 13:47 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll2009-11-25 13:47 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll2009-11-22 23:19 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll2009-11-22 23:19 . 2008-04-14 00:11 56320 ------w- c:\windows\system32\eventlog.dll2009-11-21 01:04 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe2009-11-21 01:04 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe2009-11-17 13:40 . 2009-11-17 13:41 -------- d-----w- C:\rsit2009-10-30 20:08 . 2009-10-30 20:08 -------- d-----w- c:\program files\Trend Micro2009-10-30 18:58 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-10-30 18:58 . 2009-10-30 19:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-10-30 18:58 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-10-28 21:31 . 2009-10-28 21:31 -------- d-----w- c:\program files\Enigma Software Group.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-11-26 21:54 . 2007-01-10 20:30 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000007-00001102-00000002-80221102}.dat2009-11-26 21:54 . 2007-01-10 20:30 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000007-00001102-00000002-80221102}.dat2009-11-25 14:44 . 2007-07-18 01:31 -------- d-----w- c:\program files\Java2009-11-25 14:39 . 2007-01-17 12:28 -------- d-----w- c:\program files\Common Files\Adobe2009-10-28 11:01 . 2009-07-29 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg82009-10-16 11:51 . 2009-10-16 11:51 -------- d-----w- c:\documents and settings\Thomas Family\Application Data\Amazon2009-10-16 11:50 . 2009-10-16 11:50 -------- d-----w- c:\program files\Amazon2009-10-04 15:24 . 2007-01-08 17:58 46896 -c--a-w- c:\documents and settings\Thomas Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-09-25 19:35 . 2009-09-25 19:35 131072 ----a-w- c:\documents and settings\Thomas Family\Application Data\Netscape\Plugins\npPxPlay.dll2009-09-25 19:35 . 2009-09-25 19:35 131072 ----a-w- c:\documents and settings\Thomas Family\Application Data\Mozilla\Plugins\npPxPlay.dll2009-09-11 14:18 . 2002-09-03 16:46 136192 ----a-w- c:\windows\system32\msv1_0.dll2009-09-11 12:11 . 2007-01-08 17:10 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat2009-09-04 21:03 . 2002-09-03 16:44 58880 ----a-w- c:\windows\system32\msasn1.dll2006-05-03 09:06 . 2007-08-29 15:51 163328 --sh--r- c:\windows\system32\flvDX.dll2007-02-21 10:47 . 2007-08-29 15:51 31232 -csh--r- c:\windows\system32\msfDX.dll.((((((((((((((((((((((((((((( SnapShot@2009-11-21_01.30.22 ))))))))))))))))))))))))))))))))))))))))).+ 2009-11-27 01:41 . 2009-11-27 01:41 16384 c:\windows\temp\Perflib_Perfdata_7b0.dat- 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe+ 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe+ 2007-01-08 17:43 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe+ 2009-07-04 07:01 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll+ 2002-09-03 16:52 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll- 2002-09-03 16:51 . 2009-11-21 01:29 71060 c:\windows\system32\perfc009.dat+ 2002-09-03 16:51 . 2009-11-27 01:45 71060 c:\windows\system32\perfc009.dat+ 2009-01-07 23:20 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll+ 2009-01-07 23:20 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll+ 2002-09-03 16:44 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll+ 2002-09-03 16:44 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll+ 2002-09-03 16:44 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe+ 2009-03-08 09:31 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe+ 2009-03-08 09:31 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll+ 2002-09-03 16:39 . 2009-03-08 09:34 43008 c:\windows\system32\licmgr10.dll+ 2002-09-03 16:37 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll+ 2002-09-03 16:35 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll+ 2002-09-03 16:35 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll+ 2009-03-08 09:32 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe+ 2002-09-03 16:35 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll+ 2002-09-03 16:35 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll+ 2009-01-07 23:20 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll+ 2009-03-08 09:31 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll+ 2009-03-08 09:31 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll+ 2009-03-08 09:31 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll+ 2009-03-08 09:31 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll+ 2009-03-08 09:31 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe+ 2009-03-08 09:34 . 2009-03-08 09:34 43008 c:\windows\system32\dllcache\licmgr10.dll+ 2009-03-08 09:33 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll+ 2009-03-08 09:32 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll+ 2009-03-08 09:31 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll+ 2009-03-08 09:32 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll+ 2009-03-08 09:32 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll+ 2009-03-08 09:24 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll+ 2009-03-08 09:33 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll+ 2002-09-03 16:27 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys+ 2009-03-08 09:32 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll+ 2002-09-03 16:29 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll- 2007-01-08 17:13 . 2009-11-21 01:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat+ 2007-01-08 17:13 . 2009-11-27 01:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat+ 2007-01-08 17:13 . 2009-11-27 01:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat- 2007-01-08 17:13 . 2009-11-21 01:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat+ 2007-01-08 17:13 . 2009-11-27 01:40 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat- 2007-01-08 17:13 . 2009-11-21 01:14 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat+ 2002-09-03 16:26 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll+ 2009-11-25 08:01 . 2009-11-25 08:01 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe- 2009-10-20 07:02 . 2009-10-20 07:02 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe+ 2009-11-21 08:07 . 2009-11-21 08:07 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe+ 2009-11-25 13:57 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB974455-IE8\xpshims.dll+ 2009-11-25 13:57 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll+ 2009-11-25 13:57 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll+ 2009-11-25 13:52 . 2008-04-14 00:12 37888 c:\windows\ie8\url.dll+ 2009-11-25 13:54 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll+ 2009-11-25 13:52 . 2008-04-14 00:12 39424 c:\windows\ie8\pngfilt.dll+ 2009-11-25 13:52 . 2008-04-14 00:12 96256 c:\windows\ie8\occache.dll+ 2009-11-25 13:52 . 2008-04-13 16:26 56832 c:\windows\ie8\mshtmler.dll+ 2009-11-25 13:52 . 2008-04-14 00:12 29184 c:\windows\ie8\mshta.exe+ 2009-11-25 13:52 . 2008-04-14 00:11 22016 c:\windows\ie8\licmgr10.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 15872 c:\windows\ie8\jsproxy.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 96256 c:\windows\ie8\inseng.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 35840 c:\windows\ie8\imgutil.dll+ 2009-11-25 13:52 . 2008-04-14 00:12 93184 c:\windows\ie8\iexplore.exe+ 2009-11-25 13:52 . 2008-04-14 00:11 62976 c:\windows\ie8\iesetup.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 48640 c:\windows\ie8\iernonce.dll+ 2009-11-25 13:52 . 2009-09-25 05:37 81920 c:\windows\ie8\ieencode.dll+ 2009-11-25 13:52 . 2008-04-14 00:12 34304 c:\windows\ie8\ie4uinit.exe+ 2009-11-25 13:52 . 2008-04-14 00:11 38912 c:\windows\ie8\hmmapi.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 99840 c:\windows\ie8\advpack.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 61440 c:\windows\ie8\admparse.dll+ 2009-11-25 13:58 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB975364-IE8\iecompat.dll- 2008-08-27 20:59 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll+ 2008-08-27 20:59 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll+ 2002-09-03 17:12 . 2009-08-29 08:08 916480 c:\windows\system32\wininet.dll+ 2009-03-08 09:34 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe+ 2002-09-03 17:11 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll+ 2002-09-03 17:09 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll+ 2002-09-03 17:08 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll+ 2002-09-03 16:52 . 2009-11-27 01:45 441124 c:\windows\system32\perfh009.dat- 2002-09-03 16:52 . 2009-11-21 01:29 441124 c:\windows\system32\perfh009.dat+ 2002-09-03 16:50 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll+ 2002-09-03 16:46 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll+ 2002-09-03 16:46 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll+ 2002-09-03 16:45 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll+ 2009-03-08 09:32 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll+ 2002-09-03 16:37 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll+ 2009-11-25 14:44 . 2009-11-25 14:44 149280 c:\windows\system32\javaws.exe+ 2009-11-25 14:44 . 2009-11-25 14:44 145184 c:\windows\system32\javaw.exe+ 2009-11-25 14:44 . 2009-11-25 14:44 145184 c:\windows\system32\java.exe+ 2009-03-08 09:22 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll+ 2002-09-03 16:35 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll+ 2002-09-03 16:34 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll+ 2009-03-08 09:11 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll+ 2002-09-03 16:34 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll+ 2002-09-03 16:34 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll+ 2002-09-03 16:34 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll+ 2002-09-03 16:34 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe+ 2007-01-08 11:59 . 2009-11-21 08:25 186608 c:\windows\system32\FNTCACHE.DAT- 2007-01-08 11:59 . 2009-10-07 11:44 186608 c:\windows\system32\FNTCACHE.DAT+ 2002-09-03 16:32 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll+ 2002-09-03 16:32 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll+ 2008-04-21 06:44 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll+ 2009-03-08 09:34 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll+ 2009-03-08 09:33 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\VGX.dll+ 2008-05-09 10:53 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll+ 2009-03-08 09:34 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll+ 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll+ 2009-01-07 23:20 . 2009-01-07 23:20 474112 c:\windows\system32\dllcache\shlwapi.dll+ 2009-03-08 09:34 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll+ 2009-03-08 09:32 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll+ 2009-03-08 09:34 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll+ 2002-09-03 16:45 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll+ 2009-09-11 20:38 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll+ 2009-03-08 19:09 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe+ 2009-03-08 09:31 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll+ 2009-03-08 19:09 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll+ 2002-09-03 16:34 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll+ 2009-03-08 09:33 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll+ 2009-03-08 09:33 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll+ 2009-03-08 09:32 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe+ 2009-03-08 09:31 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll+ 2009-03-08 09:31 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll+ 2009-03-08 09:32 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll+ 2009-11-25 14:05 . 2009-11-27 01:40 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat+ 2002-09-03 16:27 . 2009-03-08 09:32 128512 c:\windows\system32\advpack.dll+ 2009-11-25 08:01 . 2009-11-25 08:01 429568 c:\windows\Installer\4f6138e.msi+ 2006-10-27 00:49 . 2006-10-27 00:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CVR.DLL+ 2009-11-26 08:04 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll+ 2009-11-26 08:04 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe+ 2009-11-25 13:58 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB975364-IE8\spuninst\updspapi.dll+ 2009-11-25 13:58 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB975364-IE8\spuninst\spuninst.exe+ 2009-11-25 13:57 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB974455-IE8\wininet.dll+ 2009-11-25 13:57 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll+ 2009-11-25 13:57 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe+ 2009-11-25 13:57 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB974455-IE8\occache.dll+ 2009-11-25 13:57 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll+ 2009-11-25 13:57 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll+ 2009-11-25 13:57 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB974455-IE8\iepeers.dll+ 2009-11-25 13:57 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll+ 2009-11-25 13:57 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe+ 2009-11-26 08:03 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll+ 2009-11-26 08:03 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe+ 2009-11-26 08:03 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll+ 2009-11-25 13:52 . 2009-09-25 05:37 667136 c:\windows\ie8\wininet.dll+ 2009-11-25 13:52 . 2008-04-14 00:12 276480 c:\windows\ie8\webcheck.dll+ 2009-11-25 13:52 . 2008-04-14 00:12 851968 c:\windows\ie8\vgx.dll+ 2009-11-25 13:52 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll+ 2009-11-25 13:52 . 2009-09-25 05:37 627712 c:\windows\ie8\urlmon.dll+ 2009-11-25 13:54 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll+ 2009-11-25 13:54 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe+ 2009-11-25 13:52 . 2008-04-14 00:12 532480 c:\windows\ie8\mstime.dll+ 2009-11-25 13:52 . 2008-04-14 00:12 146432 c:\windows\ie8\msrating.dll+ 2009-11-25 13:52 . 2002-09-03 16:45 146432 c:\windows\ie8\msls31.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 449024 c:\windows\ie8\mshtmled.dll+ 2009-11-25 13:52 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 251904 c:\windows\ie8\iepeers.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 323584 c:\windows\ie8\iedkcs32.dll+ 2009-11-25 13:52 . 2002-09-03 16:34 221184 c:\windows\ie8\ieakui.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 216576 c:\windows\ie8\ieaksie.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 143360 c:\windows\ie8\ieakeng.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 205312 c:\windows\ie8\dxtrans.dll+ 2009-11-25 13:52 . 2008-04-14 00:11 357888 c:\windows\ie8\dxtmsft.dll+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll+ 2002-09-03 17:11 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys+ 2002-09-03 17:08 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll+ 2008-08-30 00:06 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\system32\msxml4.dll+ 2002-09-03 16:46 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll+ 2002-09-03 16:44 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll+ 2009-03-08 09:32 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll+ 2009-02-07 02:07 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat+ 2008-10-15 02:23 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys+ 2008-06-26 08:15 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll+ 2008-08-27 20:58 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll+ 2006-09-13 05:01 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll+ 2008-04-21 06:44 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll+ 2009-01-07 23:20 . 2009-01-07 23:20 1022976 c:\windows\system32\dllcache\browseui.dll+ 2009-08-18 17:58 . 2009-08-18 17:58 8301056 c:\windows\Installer\1771fb1.msp+ 2009-11-25 14:44 . 2009-11-25 14:44 1757696 c:\windows\Installer\173b66.msi+ 2009-11-25 14:40 . 2009-11-25 14:40 3940352 c:\windows\Installer\173b5f.msi+ 2009-11-26 08:04 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll+ 2009-11-25 13:57 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB974455-IE8\urlmon.dll+ 2009-11-25 13:57 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll+ 2009-11-25 13:57 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB974455-IE8\iertutil.dll+ 2009-11-25 13:52 . 2009-10-19 23:53 3070976 c:\windows\ie8\mshtml.dll+ 2009-11-21 08:04 . 2009-11-05 14:36 26768832 c:\windows\system32\MRT.exe+ 2009-03-08 09:39 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll+ 2009-04-04 12:35 . 2009-04-04 12:35 38325760 c:\windows\Installer\1771fa8.msp+ 2009-11-25 13:57 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB974455-IE8\ieframe.dll.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Ulead Quick-Drop"="c:\program files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe WINDOWCALL" [X]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]"Ulead AutoDetector"="c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]"Ulead Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-25 149280]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-02 24576]c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2009-08-22 13:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Photodex\\ProShowGold\\proshow.exe"=R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/11/2009 5:16 PM 28544]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/29/2009 12:19 PM 335240]R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/29/2009 12:18 PM 297752]..------- Supplementary Scan -------.uStart Page = www.hotmail.com/uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.htmlIE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.htmlDPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-11-27 10:39Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.netdevice: opened successfullyuser: MBR read successfullycalled modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x82BA1E07]<< kernel: MBR read successfullydetected MBR rootkit hooks:\Driver\Disk -> CLASSPNP.SYS @ 0xf85baf28\Driver\ACPI -> ACPI.sys @ 0xf852dcb8\Driver\atapi -> atapi.sys @ 0xf84e5852IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15NDIS: CNet PRO200WL PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf83dfbd4 PacketIndicateHandler -> NDIS.sys @ 0xf83eba21 SendHandler -> NDIS.sys @ 0xf83dfd44user & kernel MBR OK **************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(492)c:\windows\system32\WININET.dll- - - - - - - > 'lsass.exe'(552)c:\windows\system32\WININET.dll- - - - - - - > 'explorer.exe'(2396)c:\windows\system32\WININET.dllc:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2009-11-27 10:53ComboFix-quarantined-files.txt 2009-11-27 15:53ComboFix2.txt 2009-11-24 00:29ComboFix3.txt 2009-11-23 12:50ComboFix4.txt 2009-11-21 01:44Pre-Run: 5,619,855,360 bytes freePost-Run: 5,676,503,040 bytes free- - End Of File - - 705C7C458548644D5C97B50D480F71F6 Link to post Share on other sites More sharing options...
pdukey Posted November 27, 2009 Author ID:163020 Share Posted November 27, 2009 problem is still presentMalwarebytes' Anti-Malware 1.41Database version: 3243Windows 5.1.2600 Service Pack 311/27/2009 12:29:02 PMmbam-log-2009-11-27 (12-29-02).txtScan type: Quick ScanObjects scanned: 101367Time elapsed: 7 minute(s), 51 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
melboy Posted November 28, 2009 ID:163310 Share Posted November 28, 2009 Hi pdukeySysProt AntiRootkit Link to post Share on other sites More sharing options...
melboy Posted November 29, 2009 ID:163754 Share Posted November 29, 2009 HiPlease post the SysProt log as per my PM and then complete the instructions below. Thanks.You seemed to indicate getting re-directed to two sites in particular, which are they? TDSSKillerClick here to download TDSSKiller to your desktop.Extract TDSSKiller.rar to your desktop.NOTE: Close all running programs as a reboot may be necessaryDouble-click TDSSKiller_2.0.0 RC3.exe to run the tool.Once it is finished, click any key to continue and allow reboot as necessary.After the tool has run and any necessary reboot has occurred, copy the text in the codebox belowcmd /c mbr.exe -t >log.txt&start log.txtClick Start, click Run... and paste the text above into the Open: line and click OK.A log will open, please include the log in your next reply.RSIT (Random's System Information Tool) Ensure rsit.exe is on your desktopClick Start > RunCopy/paste the following into the run box & click OK"%userprofile%\desktop\rsit.exe" /infoClick Continue at the disclaimer screenOnce it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)Copy & paste the contents of both logs in your next replyIn your next reply:SysProt logMBR log (created from the run command)RSIT log.txtRSIT info.txt Link to post Share on other sites More sharing options...
pdukey Posted November 29, 2009 Author ID:163803 Share Posted November 29, 2009 I am being redirected from search engines randomly to different webites I have not seen any repeats or patterns.I will run above shortly.ThanksSysProt AntiRootkit v1.0.1.0by swatkat************************************************************************************************************************************************************************************No Hidden Processes found************************************************************************************************************************************************************************************Kernel Modules:Module Name: \SystemRoot\System32\Drivers\dump_atapi.sysService Name: ---Module Base: F5944000Module End: F595C000Hidden: YesModule Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYSService Name: ---Module Base: F8AE4000Module End: F8AE6000Hidden: Yes************************************************************************************************************************************************************************************No SSDT Hooks found************************************************************************************************************************************************************************************No Kernel Hooks found************************************************************************************************************************************************************************************No IRP Hooks found************************************************************************************************************************************************************************************Ports:Local Address: THEKUBBAMACHINE.MYHOME.WESTELL.COM:NETBIOS-SSNRemote Address: 0.0.0.0:0Type: TCPProcess: SystemState: LISTENINGLocal Address: THEKUBBAMACHINE:5152Remote Address: LOCALHOST:3393Type: TCPProcess: C:\Program Files\Java\jre6\bin\jqs.exeState: CLOSE_WAITLocal Address: THEKUBBAMACHINE:5152Remote Address: 0.0.0.0:0Type: TCPProcess: C:\Program Files\Java\jre6\bin\jqs.exeState: LISTENINGLocal Address: THEKUBBAMACHINE:1025Remote Address: 0.0.0.0:0Type: TCPProcess: C:\WINDOWS\system32\alg.exeState: LISTENINGLocal Address: THEKUBBAMACHINE:MICROSOFT-DSRemote Address: 0.0.0.0:0Type: TCPProcess: SystemState: LISTENINGLocal Address: THEKUBBAMACHINE:EPMAPRemote Address: 0.0.0.0:0Type: TCPProcess: C:\WINDOWS\system32\svchost.exeState: LISTENINGLocal Address: THEKUBBAMACHINE.MYHOME.WESTELL.COM:1900Remote Address: NAType: UDPProcess: C:\WINDOWS\system32\svchost.exeState: NALocal Address: THEKUBBAMACHINE.MYHOME.WESTELL.COM:138Remote Address: NAType: UDPProcess: SystemState: NALocal Address: THEKUBBAMACHINE.MYHOME.WESTELL.COM:NETBIOS-NSRemote Address: NAType: UDPProcess: SystemState: NALocal Address: THEKUBBAMACHINE.MYHOME.WESTELL.COM:123Remote Address: NAType: UDPProcess: C:\WINDOWS\system32\svchost.exeState: NALocal Address: THEKUBBAMACHINE:1900Remote Address: NAType: UDPProcess: C:\WINDOWS\system32\svchost.exeState: NALocal Address: THEKUBBAMACHINE:123Remote Address: NAType: UDPProcess: C:\WINDOWS\system32\svchost.exeState: NALocal Address: THEKUBBAMACHINE:4500Remote Address: NAType: UDPProcess: C:\WINDOWS\system32\lsass.exeState: NALocal Address: THEKUBBAMACHINE:500Remote Address: NAType: UDPProcess: C:\WINDOWS\system32\lsass.exeState: NALocal Address: THEKUBBAMACHINE:MICROSOFT-DSRemote Address: NAType: UDPProcess: SystemState: NA************************************************************************************************************************************************************************************No hidden files/folders found Link to post Share on other sites More sharing options...
pdukey Posted November 29, 2009 Author ID:163810 Share Posted November 29, 2009 Logfile of random's system information tool 1.06 (written by random/random)Run by Thomas Family at 2009-11-29 13:06:18Microsoft Windows XP Home Edition Service Pack 3System drive C: has 5 GB (14%) free of 38 GBTotal RAM: 511 MB (35% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:06:23 PM, on 11/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Photodex\ProShowGold\ScsiAccess.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEc:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Thomas Family\desktop\rsit.exeC:\Program Files\Trend Micro\HijackThis\Thomas Family.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exeO4 - HKLM\..\Run: [ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exeO4 - HKLM\..\Run: [ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALLO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.htmlO8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.htmlO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169328104353O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cabO16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cabO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe--End of file - 7398 bytes======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-25 41760][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-25 73728][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]"nwiz"=nwiz.exe /install []"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]"Share-to-Web Namespace Daemon"=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]"Ulead AutoDetector"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [2005-07-28 94208]"Ulead Calendar Checker"=C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe [2005-08-22 69632]"Ulead Quick-Drop"=C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe [2006-07-20 118784]"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-26 2029336]"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-25 149280]"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]C:\Documents and Settings\All Users\Start Menu\Programs\StartupHP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeMicrosoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]C:\WINDOWS\system32\avgrsstx.dll [2009-08-22 11952][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=323"NoDriveAutoRun"=67108863"NoDrives"=0[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"="NoDriveAutoRun"="NoDriveTypeAutoRun"="NoDrives"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe""C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Photodex\ProShowGold\proshow.exe"="C:\Program Files\Photodex\ProShowGold\proshow.exe:*:Disabled:proshow.exe"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"======List of files/folders created in the last 1 months======2009-11-27 10:54:03 ----A---- C:\ComboFix.txt2009-11-25 09:44:52 ----A---- C:\WINDOWS\system32\javaws.exe2009-11-25 09:44:52 ----A---- C:\WINDOWS\system32\deploytk.dll2009-11-25 09:44:51 ----A---- C:\WINDOWS\system32\javaw.exe2009-11-25 09:44:51 ----A---- C:\WINDOWS\system32\java.exe2009-11-25 08:57:23 ----D---- C:\WINDOWS\ie8updates2009-11-25 08:54:36 ----D---- C:\WINDOWS\WBEM2009-11-25 08:52:40 ----HDC---- C:\WINDOWS\ie82009-11-25 03:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$2009-11-25 03:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$2009-11-23 19:30:02 ----D---- C:\WINDOWS\temp2009-11-22 18:19:39 ----N---- C:\WINDOWS\system32\eventlog.dll2009-11-21 03:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$2009-11-21 03:04:20 ----A---- C:\WINDOWS\system32\MRT.exe2009-11-21 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$2009-11-20 20:04:25 ----A---- C:\WINDOWS\system32\proquota.exe2009-11-20 19:37:35 ----A---- C:\Boot.bak2009-11-20 19:37:23 ----RASHD---- C:\cmdcons2009-11-20 19:18:45 ----A---- C:\WINDOWS\zip.exe2009-11-20 19:18:45 ----A---- C:\WINDOWS\SWXCACLS.exe2009-11-20 19:18:45 ----A---- C:\WINDOWS\SWSC.exe2009-11-20 19:18:45 ----A---- C:\WINDOWS\SWREG.exe2009-11-20 19:18:45 ----A---- C:\WINDOWS\sed.exe2009-11-20 19:18:45 ----A---- C:\WINDOWS\PEV.exe2009-11-20 19:18:45 ----A---- C:\WINDOWS\NIRCMD.exe2009-11-20 19:18:45 ----A---- C:\WINDOWS\MBR.exe2009-11-20 19:18:45 ----A---- C:\WINDOWS\grep.exe2009-11-20 18:31:44 ----D---- C:\WINDOWS\ERDNT2009-11-20 18:31:01 ----D---- C:\Qoobox2009-11-17 08:40:35 ----D---- C:\rsit2009-10-30 15:08:13 ----D---- C:\Program Files\Trend Micro2009-10-30 13:58:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware======List of files/folders modified in the last 1 months======2009-11-29 13:05:18 ----D---- C:\WINDOWS\Prefetch2009-11-29 13:03:30 ----D---- C:\WINDOWS\system32\drivers2009-11-29 07:59:35 ----D---- C:\My Downloads2009-11-29 03:31:32 ----D---- C:\$AVG8.VAULT$2009-11-27 19:24:49 ----D---- C:\WINDOWS\system322009-11-27 19:24:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI2009-11-27 19:24:01 ----A---- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000002-80221102}.BAK2009-11-27 10:40:55 ----D---- C:\WINDOWS2009-11-27 10:40:55 ----A---- C:\WINDOWS\system.ini2009-11-27 10:28:20 ----D---- C:\WINDOWS\AppPatch2009-11-27 10:28:15 ----D---- C:\Program Files\Common Files2009-11-27 10:13:57 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-11-27 10:10:55 ----D---- C:\WINDOWS\system32\CatRoot22009-11-27 10:08:50 ----A---- C:\WINDOWS\SchedLgU.Txt2009-11-26 03:04:21 ----HD---- C:\WINDOWS\inf2009-11-26 03:04:02 ----HD---- C:\WINDOWS\$hf_mig$2009-11-26 03:03:52 ----A---- C:\WINDOWS\imsins.BAK2009-11-25 20:20:15 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe2009-11-25 10:11:09 ----D---- C:\Config.Msi2009-11-25 09:45:02 ----SHD---- C:\WINDOWS\Installer2009-11-25 09:44:17 ----D---- C:\Program Files\Java2009-11-25 09:39:46 ----D---- C:\Program Files\Common Files\Adobe2009-11-25 09:38:53 ----D---- C:\Program Files\Adobe2009-11-25 09:27:17 ----D---- C:\WINDOWS\WinSxS2009-11-25 08:59:59 ----D---- C:\WINDOWS\Help2009-11-25 08:59:59 ----D---- C:\Program Files\Internet Explorer2009-11-25 08:54:36 ----D---- C:\WINDOWS\system32\en-US2009-11-25 08:54:25 ----D---- C:\WINDOWS\Media2009-11-24 03:02:29 ----D---- C:\WINDOWS\system32\CatRoot2009-11-23 18:57:56 ----D---- C:\WINDOWS\system32\config2009-11-22 18:38:36 ----RD---- C:\Program Files2009-11-20 21:11:30 ----A---- C:\WINDOWS\NeroDigital.ini2009-11-20 19:37:36 ----RASH---- C:\boot.ini2009-11-12 18:33:47 ----SD---- C:\WINDOWS\Downloaded Program Files2009-11-04 07:37:04 ----D---- C:\WINDOWS\system32\wbem======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-22 335240]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-22 27784]R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-07 47360]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]S3 ADSEXPB;ADS DVD Express B; C:\WINDOWS\System32\Drivers\adsexpb.SYS [2005-04-06 34240]S3 catchme;catchme; \??\C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\catchme.sys []S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]S3 mbr;mbr; \??\C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\mbr.sys []S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-22 297752]R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-25 153376]R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [2009-09-25 181312]R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]-----------------EOF-----------------info.txt logfile of random's system information tool 1.06 2009-11-29 13:06:30======Uninstall list======-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S -->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87616DD3-61A7-46FB-8AE3-927D5BC4D268}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BEC3D0E-B569-4998-BFB0-17D00E266854}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdobe Digital Editions-->"C:\Program Files\Adobe\Adobe Digital Editions\uninstall.exe"Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.logADS Tech Master Installer V3.6-->C:\PROGRA~1\ADSTech\UNWISE.EXE C:\PROGRA~1\ADSTech\INSTALL.LOGAGEIA PhysX v2.4.4-->"C:\Program Files\AGEIA Technologies\uninstall.exe"Amazon MP3 Downloader 1.0.5-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exeAudacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALLAviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"Click'N Design 3D (V5)-->C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOGCompatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODECDivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADERDivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTERDivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYERDivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGINDVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.2-->"C:\Program Files\DVDFab 5\unins000.exe"EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\SETUP.EXE" -l0x9 UNINSTALLffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\ffdshow\unins000.exe"FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"Garmin City Navigator Mexico NT 2010 Update-->MsiExec.exe /X{30AD6AC7-EB40-4C70-9C2B-8D0CA1D92655}Garmin Communicator Plugin-->MsiExec.exe /X{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}Garmin MapSource-->MsiExec.exe /X{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}GeoPDF Toolbar-->MsiExec.exe /X{A58686F6-2ADD-4BCC-996D-311F0A39BF65}Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"HP Imaging Device Functions 7.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dathp instant support-->C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeSHP Photo and Imaging 2.1 - Scanjet 2400 Series-->MsiExec.exe /I{6F7ECD56-E224-4263-9B7E-158E5CECC43B}HP Photosmart and Deskjet 7.0.A-->C:\Program Files\Hewlett-Packard\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.datHP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}HP Solution Center 7.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.datHP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exeMicrosoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}MP3 Player Utilities 4.00-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALLNeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALLOCR Software by I.R.I.S 7.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.datPanda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exePhotodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exeProShow Gold-->C:\Program Files\Photodex\ProShowGold\uninst.exeQuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.infSecurity Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"Sound Blaster Live! Web 2K/XP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9 SUPER Link to post Share on other sites More sharing options...
pdukey Posted November 29, 2009 Author ID:163812 Share Posted November 29, 2009 Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.netdevice: opened successfullyuser: MBR read successfullycalled modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS kernel: MBR read successfullyuser & kernel MBR OK Link to post Share on other sites More sharing options...
pdukey Posted November 29, 2009 Author ID:163836 Share Posted November 29, 2009 I am no longer being redirected, even after rebooting. I checked my AVG logs and found:Sat, Morning AVG scan with update found:"C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir";"Trojan horse Rootkit-Pakes.U";"Moved to Virus Vault" Link to post Share on other sites More sharing options...
melboy Posted November 29, 2009 ID:163887 Share Posted November 29, 2009 Hi pdukeyGreat news! That particular file that AVG found was already quarantined by combofix.We replaced it earlier with a back up copy (post #25) after I had you upload it to Virustotal, so the detection by AVG reinforces the decision to replace it.ESET Online ScannerNote: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.Please go here then click on: Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.[*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first![*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.[*]Copy and paste that log as a reply to this topic.Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Link to post Share on other sites More sharing options...
pdukey Posted December 1, 2009 Author ID:164563 Share Posted December 1, 2009 i.e. is working well no more redirects. I will not be able to be on this pc again until late Weds.thanksESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6211# api_version=3.0.2# EOSSerial=f59c6551dac66b489788b033d104e13f# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2009-12-01 03:11:43# local_time=2009-11-30 10:11:43 (-0500, Eastern Standard Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=512 16777215 100 0 2611091 2611091 0 0# compatibility_mode=1024 16777191 100 0 9821281 9821281 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=113179# found=1# cleaned=0# scan_time=6322C:\System Volume Information\_restore{498103B2-0F54-4F78-9C2B-CF360A3DF4B5}\RP1011\A0058896.dll a variant of Win32/Kryptik.BAC trojan 00000000000000000000000000000000 I Link to post Share on other sites More sharing options...
melboy Posted December 2, 2009 ID:165072 Share Posted December 2, 2009 Hi pdukeyWe're nearly done, you've done well!ROOTKITOne or more of the identified infections you had was related to a rootkit component.Rootkits are very dangerous because they use advanced techniques as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker.Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install.Remote attackers use rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.To help you understand more, please take some time to read the following articles:Rootkits: What They Are and How to Cope with Them What are rootkits from WikipediaShould you have any questions please feel free to ask.Malwarebytes' Anti-MalwareAs you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:Open Malwarebytes' Anti-MalwareSelect the Update tabClick Check for UpdatesAfter the update have been completed, Select the Scanner tab. Select Perform quick scan, then click on ScanLeave the default options as it is and click on Start ScanWhen done, you will be prompted. Click OK, then click on Show ResultsCheck all items then click on Remove SelectedAfter it has removed the items, Notepad will open. Please post this log in your next reply.The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtOr via the Logs tab when the application is started.Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Link to post Share on other sites More sharing options...
pdukey Posted December 2, 2009 Author ID:165129 Share Posted December 2, 2009 Thank you Melboy for all of the help!should I cahnge my passwords? if so use this pc or another one?thanks againMalwarebytes' Anti-Malware 1.41Database version: 3277Windows 5.1.2600 Service Pack 312/2/2009 10:37:48 AMmbam-log-2009-12-02 (10-37-48).txtScan type: Quick ScanObjects scanned: 112788Time elapsed: 16 minute(s), 58 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
melboy Posted December 4, 2009 ID:166315 Share Posted December 4, 2009 Hi pdukeyWhilst this PC is as clean as we can tell from the logs, we have no real way of knowing what was done whilst your PC was compromised.It would be prudent to change your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password), If you have used your PC for financial transactions, call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.How do I respond to a possible identity theft and how do I prevent it=========================================Uninstall CombofixWe Need to Remove ComboFixPlease go to Start -> RunEnter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.Press OK (Or hit enter).Allow ComboFix to remove itself.OTC by OldTimerDownload OTC by Old Timer and save it to your Desktop.Double-click OTC.exeClick the CleanUp! buttonSelect Yes when the Begin cleanup Process? Prompt appearsIf you are prompted to Reboot during the cleanup, select YesThe tool will delete itself once it finishes, if not delete it by yourselfYou can also delete the SysProt folder and SysProt.zip and also TDSSKiller.rar and the TDSSKiller folder.Your log now appears to be clean. Congratulations!This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.-----------------------------------------------------------------------------------General Security and Computer HealthBelow are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.Make sure that you keep your antivirus updatedNew viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.Uninstall Tools for Major Antivirus ProductsSecurity Updates for Windows, Internet Explorer & Microsoft OfficeWhenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.Update Non-Microsoft ProgramsMicrosoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.Make Internet Explorer More SecureInternet Explorer 8 <<< Recommended VersionFor older versions please read and follow the recommendations at this siteInternet Explorer7 Internet Explorer6Recommended ProgramsI would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.WinPatrolAs a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.Malwarebytes' Anti-MalwareAs you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.) Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.Hosts FileFor added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.Use an alternative Internet BrowserMany of the exploits are directed to users of Internet Explorer. Try using a different browser instead:FirefoxOperaInstall and use a firewall with outbound protectionThe Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.Suggestions:Online Armor Free PcTools Firewall (Free)Outpost Firewall Free[Please note that trial pay is not needed to get any product for free.] Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.Also please read this great article by Tony Klein So How Did I Get Infected In First PlaceI'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.Happy surfing and stay clean! Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 8, 2009 ID:168240 Share Posted December 8, 2009 The procedures & tools used here were only for this system, and not to be used on any other.This case is resolved and now closed. Link to post Share on other sites More sharing options...
Recommended Posts