Jump to content

Antivirus Pro 2009 Logs


Zoo72

Recommended Posts

I was "lucky" enough to get Antivirus Pro 2009 on election day and I've been fighting it ever since. I've run Spybot, Norton and Windows Defender which got rid of some of it. A friend suggested I uninstall Norton and get AVG which got rid of more of it. Finally someone suggested I uninstall AVG and download Malwarebytes Anti-Malware so here I am. If this doesn't work I'll probably reformat which I really don't want to do but I'm at my wits end. I "think" it's finally gone but I want to be sure as it seems that every program found something new and exciting that the other didn't. Here's hoping it's finally gone and you guys have the best product ever :huh:

Here are the logs you requested:

Malwarebytes Anti-Malware Log

Malwarebytes' Anti-Malware 1.30

Database version: 1452

Windows 5.1.2600 Service Pack 3

12/3/2008 1:40:29 AM

mbam-log-2008-12-03 (01-40-29).txt

Scan type: Quick Scan

Objects scanned: 54937

Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Panda Active Scan Logs

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-03 02:24:46

PROTECTIONS: 1

MALWARE: 2

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Windows Defender 1.1.4104.0 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00039204 adware/cws Adware No 0 Yes No c:\documents and settings\monica\favorites\health

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location y

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description y

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

HiJack This! Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:38:07 AM, on 12/3/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WordWeb\wweb32.exe

C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 8652 bytes

Thanks so much for all you help!

~Zoo

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  1. Please Read All Instructions Carefully

  2. If you don't understand something, stop and ask! Don't keep going on.

  3. Please do not run any other tools or scans whilst I am helping you

  4. Please continue to respond until I give you the "All Clear"

    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly laechel.gif

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.

Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following

Download and Run RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.

  • Click Continue at the disclaimer screen.

  • Once it has finished, two logs will open:

    • log.txt will be opened maximized.

    • info.txt will be opened minimized.

    [*]Please post the contents of both log.txt and info.txt.

Link to post
Share on other sites

Katana,

Thanks so much for your help! I see that the forum has been very active, I don't mind waiting :angry:

~Zoo

Here are the logs you requested:

Log - Notepad

Logfile of random's system information tool 1.04 (written by random/random)

Run by Monica at 2008-12-08 16:08:49

Microsoft Windows XP Professional Service Pack 3

System drive C: has 415 GB (87%) free of 477 GB

Total RAM: 3071 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:08:54 PM, on 12/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WordWeb\wweb32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe

C:\Documents and Settings\Monica\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Monica.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 8591 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-08 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-08 878352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [2006-04-05 122880]

"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-10 90112]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-02-23 81920]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-02-23 7774208]

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe [2002-06-04 188416]

"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-05-23 18944]

"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-05-23 17920]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-09-12 531272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Monica\Start Menu\Programs\Startup

WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]

C:\Program Files\AlienGUIse\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-08 16:08:49 ----D---- C:\rsit

2008-12-03 02:31:39 ----D---- C:\Program Files\Trend Micro

2008-12-03 01:49:53 ----D---- C:\Program Files\Panda Security

2008-12-03 01:35:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-03 01:06:59 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8

2008-12-01 15:22:34 ----D---- C:\Documents and Settings\Monica\Application Data\Malwarebytes

2008-12-01 15:22:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-11-11 22:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-11 22:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-11 22:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-08 16:08:19 ----D---- C:\WINDOWS\Prefetch

2008-12-08 16:05:41 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-08 16:05:39 ----SD---- C:\WINDOWS\Tasks

2008-12-08 16:04:49 ----D---- C:\WINDOWS\Temp

2008-12-08 07:01:29 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-07 01:23:21 ----HD---- C:\WINDOWS\inf

2008-12-07 01:23:21 ----D---- C:\WINDOWS\system32\drivers

2008-12-07 01:23:20 ----D---- C:\WINDOWS\system32

2008-12-03 12:38:09 ----D---- C:\WINDOWS

2008-12-03 02:31:39 ----D---- C:\Program Files

2008-12-03 01:49:42 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-03 01:24:21 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-12-03 01:23:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-03 01:03:37 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2008-12-03 01:03:33 ----D---- C:\Program Files\Lavasoft

2008-12-03 01:03:31 ----SHD---- C:\WINDOWS\Installer

2008-12-02 23:08:14 ----SHD---- C:\System Volume Information

2008-12-02 23:08:14 ----D---- C:\WINDOWS\system32\Restore

2008-11-19 13:12:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-11-15 22:24:56 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-13 22:07:58 ----D---- C:\WINDOWS\Help

2008-11-11 22:41:32 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-11 22:41:31 ----A---- C:\WINDOWS\imsins.BAK

2008-11-11 22:41:22 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-05-23 502272]

R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-05-23 499584]

R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-05-23 7168]

R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-05-23 143872]

R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-05-23 78336]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-23 1110016]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-02-23 5749472]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]

R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-05-23 116224]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]

S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-02-23 168004]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-20 167936]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-10-11 38912]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-07 136120]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-22 1245064]

-----------------EOF-----------------

Info - Notepad

info.txt logfile of random's system information tool 1.04 2008-12-08 16:08:55

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009

-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009

-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009

-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009

-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009

-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009

-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W

-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}

Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}

Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}

AlienGUIse Theme Manager-->C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise

Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe

Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Boilosft AVI to VCD SVCD DVD Converter 3.61-->"C:\Program Files\Boilsoft AVI Converter\unins000.exe"

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"

Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe

Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}

Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove

DAZ Studio-->C:\Program Files\DAZ\Studio\Remove-Studio.exe

Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat

EverQuest II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EE39B32-BA05-433C-BC0D-35797518A3A5}\ISInst.exe" -l0x9

EverQuest II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2ED6DAA-31AA-49E4-BFA1-AF3388D90F7D}\Setup.exe" -l0x9 -removeonly

EZ Tape Converter by MixMeister 1.0.5-->"C:\Program Files\MixMeister EZ Tape Converter\unins000.exe"

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

hp deskjet 6122-->MsiExec.exe /X{E1F4FB82-3EA6-46B6-A18A-9B3A62DA393E}

hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe

iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Memorex exPressit Label Design Studio-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Basic 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall BASICR /dll OSETUP.DLL

Microsoft Office Basic 2007-->MsiExec.exe /X{91120000-0013-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint 2007-->MsiExec.exe /X{91120000-0037-0000-0000-0000000FF1CE}

Microsoft Office PowerPoint Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall POWERPOINTHOMESTUDENTR /dll OSETUP.DLL

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher 2003-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Nero 7 Essentials-->MsiExec.exe /I{18039280-98B7-4C5E-AAC0-10EBC9731033}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe

Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"

PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Sketchpad-->C:\PROGRA~1\SKETCH~1\UNWISE.EXE C:\PROGRA~1\SKETCH~1\INSTALL.LOG

Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\setup.exe" -l0x9 /remove

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SQLXML 3.0 SP3-->MsiExec.exe /I{19ABFD8F-CB86-4965-9282-047FC27084F1}

Total Video Player 1.03-->"C:\Program Files\Total Video Player\unins000.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf

Windows Driver Package - AMD System (04/06/2006 1.0.1.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\amdaway_6BBB63755B7B133065E435E51557E416289081C4\amdaway.inf

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

WordWeb-->C:\Program Files\WordWeb\uninst.exe

World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL

Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE

Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

FW: Norton AntiVirus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD

"PROCESSOR_REVISION"=4303

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"lib"=C:\Program Files\SQLXML 3.0\bin\

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

Link to post
Share on other sites

Information

A friend suggested I uninstall Norton and get AVG which got rid of more of it. Finally someone suggested I uninstall AVG and download Malwarebytes Anti-Malware

MalwareBytes is an AntiSpyware Application, it isn't a replacement for your Antivirus

(OK, I admit that MBAM is a bit more than just Antispyware, but you still need AV :angry: )

Apart from that, your logs look good :angry:

----------------------------------------------------------- -----------------------------------------------------------

Step 1

No Antivirus

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.

This alone can save you a lot of trouble with malware in the future.

Free AV list ( Home users only)

Avira AntiVir

Avast

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.

If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST

----------------------------------------------------------- -----------------------------------------------------------

Step 2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now download and install Java Runtime Environment (JRE) .

(it comes with a toolbar pre-selected, so make sure you uncheck the box)

----------------------------------------------------------- -----------------------------------------------------------

Step 3

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.

If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

Adobe Acrobat 5.0

Adobe Reader 7.0.5

----------------------------------------------------------- -----------------------------------------------------------

Step 4

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

  • Are there any problems left ?
Link to post
Share on other sites

I am having a couple of new problems and I'm not sure what to make of them. Earlier, MS Word files were only opening in safe mode though the problem cleared up after reboot. Also, I selcted the text in your previous message and when I tried to 'print selected' my computer forced a reboot. This is the message I received after reboot:

System Error Message

The system has recovered from a serious error.

Error Signature:

BCCode: 4e BCP1: 00000099 BCP2: 000C2FA8 BCP3: 00000000 BCP4: 00000000 OSVer: 5_1_2600 SP: 3_0 Product: 256_1

The following files will be included in this error report:

C:\DOCUME~1\Monica\LOCALS~1\Temp\WER9ac5.dir00\Mini120808-01.dmp

C:\DOCUME~1\Monica\LOCALS~1\Temp\WER9ac5.dir00\sysdata.xml

After the reboot, every thing seems to be working fine again. I wasn't sure if this was a result of the initial virus, an issue with Windows, MS Word, the printer or something else all together.

I also downloaded, installed and updated Avira AntiVir Personal. I ran a scan which included 2 warnings.

Here is the log:

AV Scan Log

Avira AntiVir Personal

Report file date: Monday, December 08, 2008 22:02

Scanning for 1078022 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: MONICA1

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 15:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 14:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 19:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 14:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36

ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 12/7/2008 03:58:43

ANTIVIR2.VDF : 7.1.0.198 2048 Bytes 12/7/2008 03:58:44

ANTIVIR3.VDF : 7.1.0.205 28672 Bytes 12/8/2008 03:58:45

Engineversion : 8.2.0.43

AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 17:05:56

AESCRIPT.DLL : 8.1.1.18 336251 Bytes 12/9/2008 03:58:57

AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 22:06:41

AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 20:58:38

AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 16:41:39

AEOFFICE.DLL : 8.1.0.32 196987 Bytes 12/9/2008 03:58:56

AEHEUR.DLL : 8.1.0.74 1519990 Bytes 12/9/2008 03:58:55

AEHELP.DLL : 8.1.2.0 119159 Bytes 12/9/2008 03:58:50

AEGEN.DLL : 8.1.1.6 323955 Bytes 12/9/2008 03:58:49

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 17:05:56

AECORE.DLL : 8.1.5.2 172405 Bytes 12/9/2008 03:58:47

AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 17:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 15:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 16:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 19:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 18:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 19:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 19:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 20:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 20:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: Monday, December 08, 2008 22:02

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'RichVideo.exe' - '1' Module(s) have been scanned

Scan process 'wweb32.exe' - '1' Module(s) have been scanned

Scan process 'PSIService.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned

Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'Corel Photo Downloader.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned

Scan process 'CTXFISPI.EXE' - '1' Module(s) have been scanned

Scan process 'CTXFIHLP.EXE' - '1' Module(s) have been scanned

Scan process 'hpztsb06.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'VolPanel.exe' - '1' Module(s) have been scanned

Scan process 'MSASCui.exe' - '1' Module(s) have been scanned

Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

46 processes with 46 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '60' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

End of the scan: Monday, December 08, 2008 22:29

Used time: 26:38 Minute(s)

The scan has been done completely.

7356 Scanning directories

234832 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

234830 Files not concerned

2226 Archives were scanned

2 Warnings

0 Notes

I wasn't sure if this was something to worry about.

Thanks again for your help. It's very much appreciated!

~Zoo

Link to post
Share on other sites

I am having a couple of new problems and I'm not sure what to make of them.

After the reboot, every thing seems to be working fine again. I wasn't sure if this was a result of the initial virus, an issue with Windows, MS Word, the printer or something else all together.

Sounds like it was just a glitch, maybe the cache was full.

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

Nothing to worry about there, they are both system files that would be locked in use

Congratulations your logs look clean :angry:

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)

You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners

I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan

http://www.kaspersky.com/kos/eng/partner/7...kavwebscan.html

!!! Make sure that all your programs are updated !!!

Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.

    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.

    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.

    Most of the programs in this list have a free (for Home Users ) and paid versions,

    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.

  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection

    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

    [*] MalwareBytes Anti-malware <<< A New and effective program

    [*]a-squared Free <<< A good "realtime" or "on demand" scanner

    [*]superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

  • These programs don't detect malware, they help stop it getting on your machine in the first place.

    Each does a different job, so you can have more than one

  • Winpatrol
    • An excellent startup manager and then some !!

    • Notifies you if programs are added to startup

    • Allows delayed startup

    • A must have addition

    [*]SpywareBlaster 4.0

    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.

    [*]SpywareGuard 2.2

    • SpywareGuard provides real-time protection against spyware.

    • Not required if you have other "realtime" antispyware or Winpatrol

    [*]ZonedOut

    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.

    [*]MVPS HOSTS

    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

    • For information on how to download and install, please read this tutorial by WinHelp2002.

    • Not required if you are using other host file protections

Internet Browsers

  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.

    Using a different web browser can help stop malware getting on your machine.

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.

      2. Click once on the Security tab

      3. Click once on the Internet icon so it becomes highlighted.

      4. Click once on the Custom Level button.

        • Change the Download signed ActiveX controls to Prompt

        • Change the Download unsigned ActiveX controls to Disable

        • Change the Initialise and script ActiveX controls not marked as safe to Disable

        • Change the Installation of desktop items to Prompt

        • Change the Launching programs and files in an IFRAME to Prompt

        • Change the Navigate sub-frames across different domains to Prompt

        • When all these settings have been made, click on the OK button.

        • If it prompts you as to whether or not you want to save the settings, press the Yes button.

      [*]Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.

  • FireFox
    • With many addons available that make customization easy this is a very popular choice

    • NoScript and AdBlockPlus addons are essential

    [*]Opera

    • Another popular alternative

    [*]Netscape

    • Another popular alternative

    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.

    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.

    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.

    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.

    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program

  • ATF Cleaner
    • Free and very simple to use

    [*]CCleaner

    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.

If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.

Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :angry:

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Link to post
Share on other sites

Gah... I just got finished installing, updating and running all the AntiSpyware you reccomended and they found a Trojan downloader and Rogue XP AntiSpyware 2009.

Here are the logs:

A-Squared Free Scan

a-squared Free - Version 3.5

Last update: 12/9/2008 11:12:53 AM

Scan settings:

Objects: Memory, Traces, Cookies, C:\

Scan archives: On

Heuristics: On

ADS Scan: On

Scan start: 12/9/2008 11:21:22 AM

c:\program files\amazon detected: Trace.Directory.Berm.Amazon Toolbar!A2

C:\System Volume Information\_restore{46EA32C8-97C9-49BE-AF1E-2627291A1E63}\RP515\A0063894.exe detected: Trojan-Downloader.Win32.AutoIt.ib!A2

Scanned

Files: 136451

Traces: 580987

Cookies: 6

Processes: 48

Found

Files: 1

Traces: 1

Cookies: 0

Processes: 0

Registry keys: 0

Scan end: 12/9/2008 12:01:02 PM

Scan time: 0:39:40

SUPER AntiSpyware Scan

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/09/2008 at 01:57 PM

Application Version : 4.23.1006

Core Rules Database Version : 3668

Trace Rules Database Version: 1647

Scan type : Complete Scan

Total Scan Time : 00:15:10

Memory items scanned : 414

Memory threats detected : 0

Registry items scanned : 5677

Registry threats detected : 1

File items scanned : 18834

File threats detected : 16

Rogue.XP AntiSpyware 2009

HKU\S-1-5-21-2665394216-2656429781-3952574465-1005\Control Panel\don't load#wscui.cpl [ No ]

Adware.Tracking Cookie

C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt

C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt

C:\Documents and Settings\Owner\Cookies\owner@collective-media[2].txt

C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt

.cgm.adbureau.net [ C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt ]

.sonyonlineentertainment.112.2o7.net [ C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt ]

.cgm.adbureau.net [ C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt ]

.adopt.specificclick.net [ C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt ]

.specificclick.net [ C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt ]

.specificclick.net [ C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt ]

.specificclick.net [ C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt ]

.specificclick.net [ C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt ]

.specificclick.net [ C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt ]

.specificclick.net [ C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt ]

.specificclick.net [ C:\Program Files\Sony\EverQuest II\mozilla\cookies.txt ]

Spybot Info (Log was too long to post)

Win32.TDSS.rtk: [sBI $56C07B63] Settings (Registry value, fixed)

HKEY_USERS\S-1-5-21-2665394216-2656429781-3952574465-1005\Control Panel\don

Link to post
Share on other sites

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

Link to post
Share on other sites

Hi Katana,

I am having issues installing the windows recovery console. I tried to install from my Windows CD and received this message:

Setup cannot continue because the version of Windows on your computer is newer than the version on the CD. To erase the newer version, restart the computer, boot from this CD, and follow the instructions for a new installation.

I wasn't sure that I should do that so I exited out and got a message that asked if I wanted to isntall the recovery console. I did but when I try to sign in using the recovery console I get this message:

File viamraid.sys could not be found. Restart failed.

I also tried the boot disc download directly from Microsoft and dragging it over to Combofix but it sends me directly to ComboFix without rebooting to the recovery console or the option using the recovery console. I exited before it could start running the CopmboFix scan. I'm horribly confused. Should I just let the Windows CD overwrite the newer version of Windows and install that way?

Thanks so much.

~Zoo

Link to post
Share on other sites

Thanks for the info! I was about to pull my hair out :angry:

Here is the log you requested:

ComboFix Log

ComboFix 08-12-07.04 - Monica 2008-12-09 22:42:38.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2582 [GMT -6:00]

Running from: c:\documents and settings\Monica\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Monica\Local Settings\Temporary Internet Files\rofojiny._dl

c:\documents and settings\Monica\Local Settings\Temporary Internet Files\vaxupobitu.reg

c:\documents and settings\Monica\Local Settings\Temporary Internet Files\vibaxaxy.scr

c:\documents and settings\Monica\Local Settings\Temporary Internet Files\yriju.dll

.

((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))

.

2008-12-09 11:18 . 2008-12-09 11:18 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-12-09 11:18 . 2008-12-09 11:18 <DIR> d-------- c:\documents and settings\Monica\Application Data\SUPERAntiSpyware.com

2008-12-09 11:18 . 2008-12-09 11:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-12-09 11:08 . 2008-12-09 12:48 <DIR> d-------- c:\program files\a-squared Free

2008-12-08 22:59 . 2008-12-08 22:59 <DIR> d-------- c:\program files\Foxit Software

2008-12-08 22:59 . 2008-12-08 22:59 <DIR> d-------- c:\documents and settings\Monica\Application Data\Foxit

2008-12-08 22:55 . 2008-12-08 22:55 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-08 22:46 . 2008-12-08 22:53 <DIR> d-------- c:\documents and settings\Monica\.SunDownloadManager

2008-12-08 21:57 . 2008-12-08 21:57 <DIR> d-------- c:\program files\Avira

2008-12-08 21:57 . 2008-12-08 21:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2008-12-03 02:31 . 2008-12-03 02:31 <DIR> d-------- c:\program files\Trend Micro

2008-12-03 01:49 . 2008-12-03 01:49 <DIR> d-------- c:\program files\Panda Security

2008-12-03 01:49 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-03 01:35 . 2008-12-09 11:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-03 01:35 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-03 01:35 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-03 01:06 . 2008-12-03 01:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

2008-12-01 15:22 . 2008-12-01 15:22 <DIR> d-------- c:\documents and settings\Monica\Application Data\Malwarebytes

2008-12-01 15:22 . 2008-12-01 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-17 14:04 . 2008-11-17 14:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr

2008-11-11 22:22 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-11 22:22 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-10 04:29 --------- d-----w c:\program files\Xvid

2008-12-10 04:29 --------- d-----w c:\program files\CA Yahoo! Anti-Spy

2008-12-10 04:29 --------- d-----w c:\program files\AlienGUIse

2008-12-09 17:17 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-09 16:57 --------- d-----w c:\program files\Java

2008-12-09 04:56 --------- d-----w c:\program files\Common Files\Adobe

2008-12-03 07:24 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-12-03 07:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-03 07:03 --------- d-----w c:\program files\Lavasoft

2008-11-19 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-06 05:27 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2008-11-06 05:26 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)

2008-11-04 17:57 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-04 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-11-04 14:09 46,640 ----a-w c:\windows\system32\msln.exe

2008-11-04 13:21 19,571 ----a-w c:\windows\ovoka.dll

2008-11-04 13:21 18,110 ----a-w c:\windows\odan.exe

2008-11-04 13:21 17,617 ----a-w c:\windows\system32\sypykyraba.bin

2008-11-04 13:21 15,481 ----a-w c:\windows\tafa.scr

2008-11-04 13:21 15,407 ----a-w c:\windows\system32\xuwysor.pif

2008-11-04 13:21 14,435 ----a-w c:\documents and settings\Monica\Application Data\olynobupac.sys

2008-11-04 13:21 13,781 ----a-w c:\documents and settings\All Users\Application Data\hovudy.vbs

2008-11-04 13:21 13,030 ----a-w c:\windows\ludimiwe.exe

2008-11-04 13:21 11,875 ----a-w c:\windows\idopor.vbs

2008-11-04 13:21 10,997 ----a-w c:\program files\Common Files\coverequru.bin

2008-11-04 13:21 10,352 ----a-w c:\windows\ohol.sys

2008-11-04 13:15 --------- d-----w c:\program files\Common Files\Scanner

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 08:22 --------- d-----w c:\documents and settings\Monica\Application Data\Apple Computer

2008-10-16 08:08 --------- d-----w c:\program files\iTunes

2008-10-16 08:08 --------- d-----w c:\program files\iPod

2008-10-16 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-16 08:07 --------- d-----w c:\program files\QuickTime

2008-10-16 08:07 --------- d-----w c:\program files\Common Files\Apple

2008-10-16 08:07 --------- d-----w c:\program files\Bonjour

2008-10-16 08:04 --------- d-----w c:\program files\Apple Software Update

2008-10-16 06:27 --------- d-----w c:\documents and settings\Monica\Application Data\Yahoo!

2008-10-16 01:53 262,144 ----a-w C:\ntuser.dat

2008-10-11 04:36 --------- d-----w c:\program files\Common Files\DAZ

2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll

2008-07-08 23:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070820080709\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2006-04-05 122880]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-23 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-06-04 188416]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-09-12 531272]

"nwiz"="nwiz.exe" [2007-02-23 c:\windows\system32\nwiz.exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-23 c:\windows\system32\CTXFIHLP.EXE]

"CTHelper"="CTHELPER.EXE" [2006-05-23 c:\windows\CTHELPER.EXE]

c:\documents and settings\Monica\Start Menu\Programs\Startup\

WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-07-22 44384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 21:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-03 28544]

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]

R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-09 22:44:23

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\program files\AlienGUIse\fastload.dll

.

Completion time: 2008-12-09 22:45:03

ComboFix-quarantined-files.txt 2008-12-10 04:44:51

Pre-Run: 434,600,919,040 bytes free

Post-Run: 434,685,943,808 bytes free

178 --- E O F --- 2008-12-08 22:04:49

Link to post
Share on other sites

Step 1

Upload a File

Download suspicious file packer from here

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

c:\windows\system32\msln.exe

c:\windows\ovoka.dll

c:\windows\odan.exe

c:\windows\system32\sypykyraba.bin

c:\windows\tafa.scr

c:\windows\system32\xuwysor.pif

c:\documents and settings\Monica\Application Data\olynobupac.sys

c:\documents and settings\All Users\Application Data\hovudy.vbs

c:\windows\ludimiwe.exe

c:\windows\idopor.vbs

c:\Program Files\Common Files\coverequru.bin

c:\windows\ohol.sys

Go to spykiller

Please start a new thread Titled File/s for Katana and give the following information

  • Name:-- Your name
  • E-mail:-- Your E-mail (this is confidential and will not be displayed)
  • Subject:-- File for Katana

In the main text window please put the following link

http://www.malwarebytes.org/forums/index.php?showtopic=7989&st=0entry39255

you may also add any comments you wish

then press attach and upload the zip/cab file that was created.

Files can be uploaded by anybody but not downloaded at all except for those users that have been given special permissions.

You DO NOT need to be a member to upload, anybody can upload the files

You can now delete SFP (exe and Zip) along with the .cab file that was created

----------------------------------------------------------- -----------------------------------------------------------

Step 2

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform full scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------

Step 3

Custom CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    File::c:\windows\system32\msln.exec:\windows\ovoka.dllc:\windows\odan.exec:\windows\system32\sypykyraba.binc:\windows\tafa.scrc:\windows\system32\xuwysor.pifc:\documents and settings\Monica\Application Data\olynobupac.sysc:\documents and settings\All Users\Application Data\hovudy.vbsc:\windows\ludimiwe.exec:\windows\idopor.vbsc:\Program Files\Common Files\coverequru.binc:\windows\ohol.sysFolder::


  • Save this as CFScript.txt and place it on your desktop.
    CFScriptb.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

----------------------------------------------------------- -----------------------------------------------------------

Step 4

Kaspersky Online Scanner .

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal

NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Go Here http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Read the Requirements and limitations before you click Accept.

Once the database has downloaded, click My Computer in the left pane

Now go and put the kettle on !

When the scan has completed, click Save Report As...

Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)

Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------- -----------------------------------------------------------

Step 5

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

  • Link To your SpyKiller Topic
  • MalwareBytes Log
  • Combofix Log
  • Kaspersky Log
  • How are things running now ?
Link to post
Share on other sites

Hi Katana,

Here is the information you requested:

SpyKiller Topic Link

http://thespykiller.co.uk/index.php?PHPSES...mp;topic=7433.0

MalwareBytes Log

Malwarebytes' Anti-Malware 1.31

Database version: 1483

Windows 5.1.2600 Service Pack 3

12/10/2008 5:01:50 PM

mbam-log-2008-12-10 (17-01-50).txt

Scan type: Full Scan (C:\|)

Objects scanned: 123917

Time elapsed: 22 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix Log

ComboFix 08-12-09.03 - Monica 2008-12-10 17:14:03.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2530 [GMT -6:00]

Running from: c:\documents and settings\Monica\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))

.

2008-12-09 11:18 . 2008-12-09 11:18 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-12-09 11:18 . 2008-12-09 11:18 <DIR> d-------- c:\documents and settings\Monica\Application Data\SUPERAntiSpyware.com

2008-12-09 11:18 . 2008-12-09 11:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-12-09 11:08 . 2008-12-10 02:37 <DIR> d-------- c:\program files\a-squared Free

2008-12-08 22:59 . 2008-12-08 22:59 <DIR> d-------- c:\program files\Foxit Software

2008-12-08 22:59 . 2008-12-08 22:59 <DIR> d-------- c:\documents and settings\Monica\Application Data\Foxit

2008-12-08 22:55 . 2008-12-08 22:55 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-08 22:46 . 2008-12-08 22:53 <DIR> d-------- c:\documents and settings\Monica\.SunDownloadManager

2008-12-08 21:57 . 2008-12-08 21:57 <DIR> d-------- c:\program files\Avira

2008-12-08 21:57 . 2008-12-08 21:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2008-12-03 02:31 . 2008-12-03 02:31 <DIR> d-------- c:\program files\Trend Micro

2008-12-03 01:49 . 2008-12-03 01:49 <DIR> d-------- c:\program files\Panda Security

2008-12-03 01:49 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-03 01:35 . 2008-12-09 11:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-03 01:35 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-03 01:35 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-03 01:06 . 2008-12-03 01:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

2008-12-01 15:22 . 2008-12-01 15:22 <DIR> d-------- c:\documents and settings\Monica\Application Data\Malwarebytes

2008-12-01 15:22 . 2008-12-01 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-17 14:04 . 2008-11-17 14:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr

2008-11-11 22:22 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-11 22:22 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-10 04:29 --------- d-----w c:\program files\Xvid

2008-12-10 04:29 --------- d-----w c:\program files\CA Yahoo! Anti-Spy

2008-12-10 04:29 --------- d-----w c:\program files\AlienGUIse

2008-12-09 17:17 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-09 16:57 --------- d-----w c:\program files\Java

2008-12-09 04:56 --------- d-----w c:\program files\Common Files\Adobe

2008-12-03 07:24 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-12-03 07:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-03 07:03 --------- d-----w c:\program files\Lavasoft

2008-11-19 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-06 05:27 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2008-11-06 05:26 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)

2008-11-04 17:57 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-04 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-11-04 14:09 46,640 ----a-w c:\windows\system32\msln.exe

2008-11-04 13:21 19,571 ----a-w c:\windows\ovoka.dll

2008-11-04 13:21 18,110 ----a-w c:\windows\odan.exe

2008-11-04 13:21 17,617 ----a-w c:\windows\system32\sypykyraba.bin

2008-11-04 13:21 15,481 ----a-w c:\windows\tafa.scr

2008-11-04 13:21 15,407 ----a-w c:\windows\system32\xuwysor.pif

2008-11-04 13:21 14,435 ----a-w c:\documents and settings\Monica\Application Data\olynobupac.sys

2008-11-04 13:21 13,781 ----a-w c:\documents and settings\All Users\Application Data\hovudy.vbs

2008-11-04 13:21 13,030 ----a-w c:\windows\ludimiwe.exe

2008-11-04 13:21 11,875 ----a-w c:\windows\idopor.vbs

2008-11-04 13:21 10,997 ----a-w c:\program files\Common Files\coverequru.bin

2008-11-04 13:21 10,352 ----a-w c:\windows\ohol.sys

2008-11-04 13:15 --------- d-----w c:\program files\Common Files\Scanner

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 08:22 --------- d-----w c:\documents and settings\Monica\Application Data\Apple Computer

2008-10-16 08:08 --------- d-----w c:\program files\iTunes

2008-10-16 08:08 --------- d-----w c:\program files\iPod

2008-10-16 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-16 08:07 --------- d-----w c:\program files\QuickTime

2008-10-16 08:07 --------- d-----w c:\program files\Common Files\Apple

2008-10-16 08:07 --------- d-----w c:\program files\Bonjour

2008-10-16 08:04 --------- d-----w c:\program files\Apple Software Update

2008-10-16 06:27 --------- d-----w c:\documents and settings\Monica\Application Data\Yahoo!

2008-10-16 01:53 262,144 ----a-w C:\ntuser.dat

2008-10-11 04:36 --------- d-----w c:\program files\Common Files\DAZ

2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll

2008-07-08 23:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070820080709\index.dat

.

((((((((((((((((((((((((((((( snapshot@2008-12-09_22.44.40.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll

+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll

+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll

+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll

+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll

+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe

+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll

+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll

+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll

+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll

+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll

+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll

+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll

+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll

+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe

+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe

+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll

+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll

+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll

+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll

+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll

+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll

+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll

+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll

+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll

+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll

+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll

+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll

+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll

+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll

- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll

- 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

+ 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

- 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll

- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

+ 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

+ 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

+ 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe

+ 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe

- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

- 2004-10-11 15:20:30 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe

+ 2008-06-10 15:17:42 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe

- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2008-10-17 08:08:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

+ 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

- 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

+ 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll

+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll

- 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

+ 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

- 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll

- 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

+ 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

- 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

- 2004-10-11 15:20:32 1,026,048 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll

+ 2008-06-10 17:37:02 1,026,048 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll

- 2006-12-07 06:40:49 2,362,184 -c--a-w c:\windows\system32\dllcache\wmvcore.dll

+ 2008-06-10 17:57:40 2,364,472 -c--a-w c:\windows\system32\dllcache\WMVCore.dll

- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll

- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll

+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll

- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll

- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe

+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe

- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll

+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll

- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll

+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll

- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll

- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll

+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll

+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll

- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll

+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll

- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll

+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll

- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll

- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe

- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll

- 2004-10-11 15:20:30 96,768 ----a-w c:\windows\system32\logagent.exe

+ 2008-06-10 15:17:42 96,768 ----a-w c:\windows\system32\logagent.exe

- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll

+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll

- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2008-10-17 08:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll

- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll

- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll

+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll

- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll

+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll

- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll

+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll

- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll

- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll

+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll

- 2008-07-11 12:42:28 62,976 ------w c:\windows\system32\tzchange.exe

+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe

- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll

+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll

- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll

+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll

- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll

- 2004-10-11 15:20:32 1,026,048 ----a-w c:\windows\system32\wmnetmgr.dll

+ 2008-06-10 17:37:02 1,026,048 ----a-w c:\windows\system32\WMNetmgr.dll

- 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\system32\wmvcore.dll

+ 2008-06-10 17:57:40 2,364,472 ----a-w c:\windows\system32\WMVCore.dll

+ 2008-12-10 22:20:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_94.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2006-04-05 122880]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-23 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-06-04 188416]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-09-12 531272]

"nwiz"="nwiz.exe" [2007-02-23 c:\windows\system32\nwiz.exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-23 c:\windows\system32\CTXFIHLP.EXE]

"CTHelper"="CTHELPER.EXE" [2006-05-23 c:\windows\CTHELPER.EXE]

c:\documents and settings\Monica\Start Menu\Programs\Startup\

WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-07-22 44384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 21:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-03 28544]

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]

R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

.

Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-10 17:14:49

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\program files\AlienGUIse\fastload.dll

.

Completion time: 2008-12-10 17:15:32

ComboFix-quarantined-files.txt 2008-12-10 23:15:19

ComboFix2.txt 2008-12-10 04:45:04

Pre-Run: 434,459,377,664 bytes free

Post-Run: 434,446,667,776 bytes free

340 --- E O F --- 2008-12-10 12:04:40

Kapersky Log

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Wednesday, December 10, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Wednesday, December 10, 2008 21:03:38

Records in database: 1450448

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

Scan statistics:

Files scanned: 79572

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 00:47:07

No malware has been detected. The scan area is clean.

The selected area was scanned.

I did have some problems with ComboFix. I received a message that stated that there was a newer version of ComboFix and asked if I wanted to update. I selected yes and it failed and started running the current version on my computer. Then Avira popped up. I had turned it off for another scan and didn't realize it started automatically after reboot. I closed out ComboFix, turned off Avira and started ComboFix again. I wasn't sure if this would compromise the scan.

Everything seems to be working fine though that's one of the reasons I've been a bit paranoid. After getting rid of parts of the initial virus that blocked internet access to sites other than their fake program and the plethora of pop ups, the computer was running fine but I kept finding Spyware and viruses with each new anti-Spyware or virus program. I've been particularly worried about key loggers because I bank and pay bills online and don't want anyone to have my financial information. I also play EQII which is a MMORPG. This may sound silly, but as a senior guild officer with all kinds of access it would be bad if someone was able to hack my account.

Thanks for your help.

~Zoo

Link to post
Share on other sites

Download and Run ComboFix

Please delete the copy of ComboFix that you have and download an updated copy from one of the links below

ComboFix.exe 1
ComboFix.exe 2
ComboFix.exe 3
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Killall::File::c:\windows\system32\msln.exec:\windows\ovoka.dllc:\windows\odan.exec:\windows\system32\sypykyraba.binc:\windows\tafa.scrc:\windows\system32\xuwysor.pifc:\documents and settings\Monica\Application Data\olynobupac.sysc:\documents and settings\All Users\Application Data\hovudy.vbsc:\windows\ludimiwe.exec:\windows\idopor.vbsc:\Program Files\Common Files\coverequru.binc:\windows\ohol.sysFolder::


  • Save this as CFScript.txt and place it on your desktop.
    CFScriptb.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

How are things now, any problems still ?

Link to post
Share on other sites

Here is the log you requested:

ComboFix Log

ComboFix 08-12-09.03 - Monica 2008-12-11 6:34:44.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2527 [GMT -6:00]

Running from: c:\documents and settings\Monica\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Monica\Desktop\CFScript.txt

* Created a new restore point

FILE ::

c:\documents and settings\All Users\Application Data\hovudy.vbs

c:\documents and settings\Monica\Application Data\olynobupac.sys

c:\program files\Common Files\coverequru.bin

c:\windows\idopor.vbs

c:\windows\ludimiwe.exe

c:\windows\odan.exe

c:\windows\ohol.sys

c:\windows\ovoka.dll

c:\windows\system32\msln.exe

c:\windows\system32\sypykyraba.bin

c:\windows\system32\xuwysor.pif

c:\windows\tafa.scr

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\hovudy.vbs

c:\documents and settings\Monica\Application Data\olynobupac.sys

c:\program files\Common Files\coverequru.bin

c:\windows\idopor.vbs

c:\windows\ludimiwe.exe

c:\windows\odan.exe

c:\windows\ohol.sys

c:\windows\ovoka.dll

c:\windows\system32\msln.exe

c:\windows\system32\sypykyraba.bin

c:\windows\system32\xuwysor.pif

c:\windows\tafa.scr

.

((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))

.

2008-12-09 11:18 . 2008-12-09 11:18 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-12-09 11:18 . 2008-12-09 11:18 <DIR> d-------- c:\documents and settings\Monica\Application Data\SUPERAntiSpyware.com

2008-12-09 11:18 . 2008-12-09 11:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-12-09 11:08 . 2008-12-10 02:37 <DIR> d-------- c:\program files\a-squared Free

2008-12-08 22:59 . 2008-12-08 22:59 <DIR> d-------- c:\program files\Foxit Software

2008-12-08 22:59 . 2008-12-08 22:59 <DIR> d-------- c:\documents and settings\Monica\Application Data\Foxit

2008-12-08 22:55 . 2008-12-08 22:55 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-08 22:46 . 2008-12-08 22:53 <DIR> d-------- c:\documents and settings\Monica\.SunDownloadManager

2008-12-08 21:57 . 2008-12-08 21:57 <DIR> d-------- c:\program files\Avira

2008-12-08 21:57 . 2008-12-08 21:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2008-12-03 02:31 . 2008-12-03 02:31 <DIR> d-------- c:\program files\Trend Micro

2008-12-03 01:49 . 2008-12-03 01:49 <DIR> d-------- c:\program files\Panda Security

2008-12-03 01:49 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-03 01:35 . 2008-12-09 11:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-03 01:35 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-03 01:35 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-03 01:06 . 2008-12-03 01:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

2008-12-01 15:22 . 2008-12-01 15:22 <DIR> d-------- c:\documents and settings\Monica\Application Data\Malwarebytes

2008-12-01 15:22 . 2008-12-01 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-17 14:04 . 2008-11-17 14:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr

2008-11-11 22:22 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-11 22:22 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-10 04:29 --------- d-----w c:\program files\Xvid

2008-12-10 04:29 --------- d-----w c:\program files\CA Yahoo! Anti-Spy

2008-12-10 04:29 --------- d-----w c:\program files\AlienGUIse

2008-12-09 17:17 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-09 16:57 --------- d-----w c:\program files\Java

2008-12-09 04:56 --------- d-----w c:\program files\Common Files\Adobe

2008-12-03 07:24 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-12-03 07:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-03 07:03 --------- d-----w c:\program files\Lavasoft

2008-11-19 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-06 05:27 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2008-11-06 05:26 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)

2008-11-04 17:57 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-04 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-11-04 13:15 --------- d-----w c:\program files\Common Files\Scanner

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 08:22 --------- d-----w c:\documents and settings\Monica\Application Data\Apple Computer

2008-10-16 08:08 --------- d-----w c:\program files\iTunes

2008-10-16 08:08 --------- d-----w c:\program files\iPod

2008-10-16 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-16 08:07 --------- d-----w c:\program files\QuickTime

2008-10-16 08:07 --------- d-----w c:\program files\Common Files\Apple

2008-10-16 08:07 --------- d-----w c:\program files\Bonjour

2008-10-16 08:04 --------- d-----w c:\program files\Apple Software Update

2008-10-16 06:27 --------- d-----w c:\documents and settings\Monica\Application Data\Yahoo!

2008-10-16 01:53 262,144 ----a-w C:\ntuser.dat

2008-10-11 04:36 --------- d-----w c:\program files\Common Files\DAZ

2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-07-08 23:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070820080709\index.dat

.

((((((((((((((((((((((((((((( snapshot_2008-12-10_17.15.07.65 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe

+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe

+ 2008-12-11 12:37:29 16,384 ----atw c:\windows\temp\Perflib_Perfdata_154.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2006-04-05 122880]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-23 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-06-04 188416]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-09-12 531272]

"nwiz"="nwiz.exe" [2007-02-23 c:\windows\system32\nwiz.exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-23 c:\windows\system32\CTXFIHLP.EXE]

"CTHelper"="CTHELPER.EXE" [2006-05-23 c:\windows\CTHELPER.EXE]

c:\documents and settings\Monica\Start Menu\Programs\Startup\

WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-07-22 44384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 21:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-03 28544]

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]

R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

.

Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-11 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-11 06:37:33

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\program files\AlienGUIse\fastload.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\a-squared Free\a2service.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTSVCCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PSIService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\CTXFISPI.EXE

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2008-12-11 6:39:49 - machine was rebooted

ComboFix-quarantined-files.txt 2008-12-11 12:39:47

ComboFix2.txt 2008-12-10 23:15:33

ComboFix3.txt 2008-12-10 04:45:04

Pre-Run: 434,337,947,648 bytes free

Post-Run: 434,380,345,344 bytes free

217 --- E O F --- 2008-12-11 09:01:03

The system seems to be running fine.

Thanks so much :angry:

~Zoo

Link to post
Share on other sites

Congratulations your logs look clean :angry:

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)

You can also delete any logs we have produced, and empty your Recycle bin.

  • Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • CF_Cleanup.png
Link to post
Share on other sites

Hi Katana,

I uninstalled ComboFix. The other program had already been deleted from a previous post. Everything seems to be working fine and all the anti-spyware and antivirus scans came back clean.

Thanks for your help! All of your time and effort are much appreciated.

Cheers!

~Zoo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.