Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

CAnnot remove malicious hosts

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

CAnnot remove malicious hosts

Unread postby tezmanian » September 16th, 2009, 5:50 pm

Unable to use HiJack This or manual notepad method to remove O1 hosts (aprox 100 of them). You worked with me before when I incorrectly titled my post "Firefox Redirects." That post is closed, but reviewing it may help determine what the issue is. Here' the most current HJT log. Thanks in advance for your help.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:39 PM, on 9/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 206.53.61.77 google.com.jm
O1 - Hosts: 206.53.61.77 google.com.mx
O1 - Hosts: 206.53.61.77 google.com.my
O1 - Hosts: 206.53.61.77 google.com.na
O1 - Hosts: 206.53.61.77 google.com.nf
O1 - Hosts: 206.53.61.77 google.com.ng
O1 - Hosts: 206.53.61.77 google.ch
O1 - Hosts: 206.53.61.77 google.com.np
O1 - Hosts: 206.53.61.77 google.com.pr
O1 - Hosts: 206.53.61.77 google.com.qa
O1 - Hosts: 206.53.61.77 google.com.sg
O1 - Hosts: 206.53.61.77 google.com.tj
O1 - Hosts: 206.53.61.77 google.com.tw
O1 - Hosts: 206.53.61.77 google.dj
O1 - Hosts: 206.53.61.77 google.de
O1 - Hosts: 206.53.61.77 google.dk
O1 - Hosts: 206.53.61.77 google.dm
O1 - Hosts: 206.53.61.77 google.ee
O1 - Hosts: 206.53.61.77 google.fi
O1 - Hosts: 206.53.61.77 google.fm
O1 - Hosts: 206.53.61.77 google.fr
O1 - Hosts: 206.53.61.77 google.ge
O1 - Hosts: 206.53.61.77 google.gg
O1 - Hosts: 206.53.61.77 google.gm
O1 - Hosts: 206.53.61.77 google.gr
O1 - Hosts: 206.53.61.77 google.ht
O1 - Hosts: 206.53.61.77 google.ie
O1 - Hosts: 206.53.61.77 google.im
O1 - Hosts: 206.53.61.77 google.in
O1 - Hosts: 206.53.61.77 google.it
O1 - Hosts: 206.53.61.77 google.ki
O1 - Hosts: 206.53.61.77 google.la
O1 - Hosts: 206.53.61.77 google.li
O1 - Hosts: 206.53.61.77 google.lv
O1 - Hosts: 206.53.61.77 google.ma
O1 - Hosts: 206.53.61.77 google.ms
O1 - Hosts: 206.53.61.77 google.mu
O1 - Hosts: 206.53.61.77 google.mw
O1 - Hosts: 206.53.61.77 google.nl
O1 - Hosts: 206.53.61.77 google.no
O1 - Hosts: 206.53.61.77 google.nr
O1 - Hosts: 206.53.61.77 google.nu
O1 - Hosts: 206.53.61.77 google.pl
O1 - Hosts: 206.53.61.77 google.pn
O1 - Hosts: 206.53.61.77 google.pt
O1 - Hosts: 206.53.61.77 google.ro
O1 - Hosts: 206.53.61.77 google.ru
O1 - Hosts: 206.53.61.77 google.rw
O1 - Hosts: 206.53.61.77 google.sc
O1 - Hosts: 206.53.61.77 google.se
O1 - Hosts: 206.53.61.77 google.sh
O1 - Hosts: 206.53.61.77 google.si
O1 - Hosts: 206.53.61.77 google.sm
O1 - Hosts: 206.53.61.77 google.sn
O1 - Hosts: 206.53.61.77 google.st
O1 - Hosts: 206.53.61.77 google.tl
O1 - Hosts: 206.53.61.77 google.tm
O1 - Hosts: 206.53.61.77 google.tt
O1 - Hosts: 206.53.61.77 google.us
O1 - Hosts: 206.53.61.77 google.vu
O1 - Hosts: 206.53.61.77 google.ws
O1 - Hosts: 206.53.61.77 google.co.ck
O1 - Hosts: 206.53.61.77 google.co.id
O1 - Hosts: 206.53.61.77 google.co.il
O1 - Hosts: 206.53.61.77 google.co.in
O1 - Hosts: 206.53.61.77 google.co.jp
O1 - Hosts: 206.53.61.77 google.co.kr
O1 - Hosts: 206.53.61.77 google.co.ls
O1 - Hosts: 206.53.61.77 google.co.ma
O1 - Hosts: 206.53.61.77 google.co.nz
O1 - Hosts: 206.53.61.77 google.co.tz
O1 - Hosts: 206.53.61.77 google.co.ug
O1 - Hosts: 206.53.61.77 google.co.uk
O1 - Hosts: 206.53.61.77 google.co.za
O1 - Hosts: 206.53.61.77 google.co.zm
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 google.com.af
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Mimi\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Mimi\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mimi')
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Mimi')
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Mimi')
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Mimi')
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mimi')
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [Fast Antivirus 2009] "C:\Documents and Settings\All Users\Application Data\7d7ba9d\EX7d7b.exe" /s /d (User 'Mimi')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://reports.longandfoster.com/ScriptX/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27F3D5C7-9440-410F-AEDA-E37456121070} (eXcelerate.Synchronize) - http://x.longandfoster.com/Xcelerate/Ac ... lerate.CAB
O16 - DPF: {475E5A2B-6EAC-4EA3-880A-55207CB012B5} (CMA_X Class) - http://wucma.wyldfyre.com/xbin/CMAX.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4948905531
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.auctionplayer.com/members/I ... oader3.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c986402a70f1e6) (gupdate1c986402a70f1e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.naturalbodybuilding.com/pictures2/NO011.JPG

--
End of file - 16289 bytes
tezmanian
Regular Member
 
Posts: 38
Joined: July 28th, 2009, 10:20 am
Advertisement
Register to Remove

Re: CAnnot remove malicious hosts

Unread postby MWR 3 day Mod » September 20th, 2009, 4:52 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: CAnnot remove malicious hosts

Unread postby Dakeyras » September 20th, 2009, 3:57 pm

Hi tezmanian. :)

You left my esteemed colleague in the lurch so to speak here last time. If you really wish for assistance I suggest you see this thru otherwise it will be a complete waste of my time and yours. When I could be assisting other individuals.

I am willing to help you with the malware problems but only as aforementioned you do not waste my time. Please let myself know if you really want assistance, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: CAnnot remove malicious hosts

Unread postby tezmanian » September 21st, 2009, 8:06 pm

I meant no ill will to your esteemed colleague. I am undergoing a medical issue which keeps me from the computer for about 4 out of 7 days per week and sometimes I cannot really use proficiently during the other 3--but I am trying. Because the last medical procedure was lengthy, I was unable to follow up with your colleague within the 3 days of his offered help. I am now uncertain of the status of some Windows and security settings, so do not wish to proceed without help and guidance.

I will pay attention and follow instructions. If we are to be interrupted for any reason, I will do my best to so notify you.

Thank you for any help you can provide.
tezmanian
Regular Member
 
Posts: 38
Joined: July 28th, 2009, 10:20 am

Re: CAnnot remove malicious hosts

Unread postby Dakeyras » September 22nd, 2009, 6:46 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi tezmanian and welcome to Malware Removal :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Next:

OK your explanation is acceptable and I sincerely hope you make both a full and speedy recovery. In the light of what you have informed myself I will make allowances. When you know you are going to be unable to be online if you could inform myself prior it will be of assistance and I am prepared to leave the topic open longer if required.

Next:

Please download OTM to your Desktop.

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes
Explorer.EXE

[Purity]
[EmptyTemp]
[ResetHosts]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • OTM Log.
  • Malwarebytes' Anti-Malware Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: CAnnot remove malicious hosts

Unread postby tezmanian » September 22nd, 2009, 3:55 pm

Thank you very much for your willingness to continue to help me. I will be available today ; tomorrow belongs to doctors.

Computer is running as before--no change that I can detect. I will send by separate email a screenshot of the first RSIT message regarding hosts. I have been unable to manually delete the o1 hosts in all previous attempts.

All processes killed
========== PROCESSES ==========
No active process named Explorer.EXE was found!
No active process named [Purity] was found!
No active process named [EmptyTemp] was found!
No active process named [ResetHosts] was found!
No active process named [Start Explorer] was found!
No active process named [Reboot] was found!

OTM by OldTimer - Version 3.0.0.6 log created on 09222009_150123

Files moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.41
Database version: 2844
Windows 5.1.2600 Service Pack 3

9/22/2009 3:38:00 PM
mbam-log-2009-09-22 (15-38-00).txt

Scan type: Quick Scan
Objects scanned: 119422
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tez at 2009-09-22 15:41:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (50%) free of 73 GB
Total RAM: 2559 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:51 PM, on 9/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tez\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tez.exe
tezmanian
Regular Member
 
Posts: 38
Joined: July 28th, 2009, 10:20 am

Re: CAnnot remove malicious hosts

Unread postby tezmanian » September 22nd, 2009, 3:57 pm

info.txt logfile of random's system information tool 1.06 2009-09-22 15:46:54

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AirStrike II: Gulf Thunder DEMO-->"C:\Program Files\AirStrike II Gulf Thunder DEMO\uninstall.exe"
AirStrike3D II Demo-->"C:\Program Files\AirStrike3D II Demo\uninstall.exe"
Alien Stars-->"C:\Program Files\Alien Stars\uninstall.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aquitania-->"C:\Program Files\Aquitania\uninstall.exe"
Astro Avenger 1.55-->"C:\Program Files\Astro Avenger 1.55\uninstall.exe"
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BattleMan-->C:\Program Files\BattleMan\uninstall.exe
Bob the Builder - Bob Builds a Park Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49A8B3D9-71D7-4A8B-937C-ECB7DCE53A32}\SETUP.EXE" -l0x9
Bombardix-->"C:\Program Files\Bombardix\uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Citrix ICA Web Client-->C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
CosmoLines-->"C:\Program Files\CosmoLines\uninstall.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
EOL Universal Printer Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD4776A5-A39D-4208-AC34-AF4373C81967}\Setup.exe" /u
FormViewer-->C:\Program Files\InstallShield Installation Information\{58E6A969-8215-4ABC-BD73-FCB25EA6F544}\setup.exe -runfromtemp -l0x0409
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Driver Diagnostics-->MsiExec.exe /X{4CCC7F68-A437-4559-A840-F5E010934951}
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Luxor 3-->"C:\Program Files\Luxor 3\ReflexiveArcade\unins000.exe"
Luxor Quest For The Afterlife-->"C:\Program Files\Luxor Quest For The Afterlife\ReflexiveArcade\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Monster Truck Madness-->C:\Program Files\Microsoft Games\Monster Truck Madness\setup\setup.exe /Z customui.dll
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft PhotoDraw 2000-->"C:\Program Files\Microsoft Office\Office\Setup\PhotoDraw\setup.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyIdentityDefender Toolbar (CyberDefender Corporation)-->C:\Documents and Settings\Mimi\Local Settings\Application Data\CyberDefender\cdinstx.exe /u
Nero 7 Ultra Edition-->MsiExec.exe /I{E57D365C-BB31-4288-83EC-5F4EF2D11033}
Nero PhotoShow Express 4-->"C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\Uninstall.exe"
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
PacBoy-->C:\Program Files\PacBoy\uninstall.exe
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
SanDisk USB SSFDC Ver 1.01 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C4BCAD9-DFD8-11D3-A9EA-00C0F6410581}\setup.exe" -L0x9
Scholastic's I SPY Treasure Hunt-->C:\PROGRA~1\SCHOLA~1\ISPYTR~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYTR~1\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Defender 2-->"C:\Program Files\Star Defender 2\uninstall.exe"
Star Defender 3-->"C:\Program Files\Star Defender 3\uninstall.exe"
Star Defender 4-->"C:\Program Files\Star Defender 4\uninstall.exe"
Star Defender-->"C:\Program Files\Star Defender\uninstall.exe"
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Urban Strike-->"C:\Program Files\Urban Strike\unins000.exe"
USB Storage Driver-->DelUIDrv.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

=====HijackThis Backups=====

O1 - Hosts: 206.53.61.77 google.nu [2009-09-16]
O1 - Hosts: 74.125.45.100 www.getavplusnow.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.pr [2009-09-16]
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.id [2009-09-16]
O1 - Hosts: 74.125.45.100 test1112.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.gh [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.il [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ge [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gg [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.jp [2009-09-16]
O1 - Hosts: 206.53.61.77 google.vu [2009-09-16]
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.cd [2009-09-16]
O1 - Hosts: 74.125.45.100 test1111.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.tj [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ls [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pn [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ro [2009-09-16]
O1 - Hosts: 206.53.61.77 google.bg [2009-09-16]
O1 - Hosts: 206.53.61.77 google.us [2009-09-16]
O1 - Hosts: 206.53.61.77 google.im [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.nf [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gr [2009-09-16]
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ru [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.uk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sc [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ht [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.mw [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ee [2009-09-16]
O1 - Hosts: 206.53.61.77 google.no [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fi [2009-09-16]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ma [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ie [2009-09-16]
O1 - Hosts: 206.53.61.77 google.la [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.kr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.nz [2009-09-16]
O1 - Hosts: 206.53.61.77 google.li [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.jm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ms [2009-09-16]
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pt [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.my [2009-09-16]
O1 - Hosts: 206.53.61.77 google.se [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.qa [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ck [2009-09-16]
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.zm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.za [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sn [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.hk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ki [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.mx [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.tz [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.tw [2009-09-16]
O1 - Hosts: 206.53.61.77 google.at [2009-09-16]
O1 - Hosts: 206.53.61.77 google.nl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.nr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ws [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tt [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ba [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.ng [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ch [2009-09-16]
O1 - Hosts: 206.53.61.77 google.si [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ug [2009-09-16]
O1 - Hosts: 206.53.61.77 google.in [2009-09-16]
O1 - Hosts: 206.53.61.77 google.be [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ae [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.mu [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sh [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.in [2009-09-16]
O1 - Hosts: 206.53.61.77 google.rw [2009-09-16]
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.af [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ma [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ca [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.sg [2009-09-16]
O1 - Hosts: 206.53.61.77 google.de [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.lv [2009-09-16]
O1 - Hosts: 206.53.61.77 google.it [2009-09-16]
O1 - Hosts: 206.53.61.77 google.st [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.np [2009-09-16]
O1 - Hosts: 74.125.45.100 4-open-davinci.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.na [2009-09-16]
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.az [2009-09-16]
O1 - Hosts: 206.53.61.77 google.as [2009-09-16]
O1 - Hosts: 206.53.61.77 google.bs [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dj [2009-09-16]
O1 - Hosts: 206.53.61.77 google.rw [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fr [2009-09-16]
O1 - Hosts: 74.125.45.100 test1112.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.qa [2009-09-16]
O1 - Hosts: 206.53.61.77 google.mw [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ki [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.il [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tt [2009-09-16]
O1 - Hosts: 206.53.61.77 google.nr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.za [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ws [2009-09-16]
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.no [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.jp [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sm [2009-09-16]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ug [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ge [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.zm [2009-09-16]
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com [2009-09-16]
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com [2009-09-16]
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ls [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sn [2009-09-16]
O1 - Hosts: 206.53.61.77 google.cd [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.hk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ca [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ma [2009-09-16]
O1 - Hosts: 206.53.61.77 google.bg [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.sg [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ae [2009-09-16]
O1 - Hosts: 206.53.61.77 google.az [2009-09-16]
O1 - Hosts: 206.53.61.77 google.de [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.mx [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sh [2009-09-16]
O1 - Hosts: 206.53.61.77 google.si [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.na [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.in [2009-09-16]
O1 - Hosts: 74.125.45.100 www.getavplusnow.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.im [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.uk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.nz [2009-09-16]
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fi [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.jm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.us [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.kr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ro [2009-09-16]
O1 - Hosts: 206.53.61.77 google.li [2009-09-16]
O1 - Hosts: 206.53.61.77 google.st [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ba [2009-09-16]
O1 - Hosts: 206.53.61.77 google.mu [2009-09-16]
O1 - Hosts: 206.53.61.77 google.la [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.ng [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gg [2009-09-16]
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.tj [2009-09-16]
O1 - Hosts: 206.53.61.77 google.in [2009-09-16]
O1 - Hosts: 206.53.61.77 google.nl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.tz [2009-09-16]
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ht [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ma [2009-09-16]
O1 - Hosts: 206.53.61.77 google.se [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sc [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.id [2009-09-16]
O1 - Hosts: 206.53.61.77 google.bs [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ms [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pt [2009-09-16]
O1 - Hosts: 206.53.61.77 google.it [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.tw [2009-09-16]
O1 - Hosts: 206.53.61.77 google.nu [2009-09-16]
O1 - Hosts: 74.125.45.100 test1111.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.af [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ie [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dj [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.my [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ch [2009-09-16]
O1 - Hosts: 206.53.61.77 google.be [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.gh [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.pr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ru [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ck [2009-09-16]
O1 - Hosts: 206.53.61.77 google.lv [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.as [2009-09-16]
O1 - Hosts: 206.53.61.77 google.at [2009-09-16]
O1 - Hosts: 206.53.61.77 google.vu [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.nf [2009-09-16]
O1 - Hosts: 74.125.45.100 4-open-davinci.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.np [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ee [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pn [2009-09-16]
O1 - Hosts: 74.125.45.100 test1111.com [2009-09-16]

======Hosts File======

74.125.45.100 test1111.com
74.125.45.100 test1112.com
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com

======Security center information======

AV: Fast Antivirus 2009
AV: avast! antivirus 4.8.1351 [VPS 090921-0]
AV: Sunbelt VIPRE (disabled) (outdated)
FW: Fast Antivirus 2009

======System event log======

Computer Name: DDNMQG51
Event Code: 10001
Message: Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%233"
Happened while starting this command:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

Record Number: 11069
Source Name: DCOM
Time Written: 20090109135621.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DDNMQG51
Event Code: 10001
Message: Unable to start a DCOM Server: {6A972E27-93E2-4F98-8367-4101B2073814} as /.
The error:
"%233"
Happened while starting this command:
"c:\PROGRA~1\mcafee\msc\mcuimgr.exe" -Embedding

Record Number: 11068
Source Name: DCOM
Time Written: 20090109135619.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DDNMQG51
Event Code: 10001
Message: Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%233"
Happened while starting this command:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

Record Number: 11067
Source Name: DCOM
Time Written: 20090109135609.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DDNMQG51
Event Code: 10001
Message: Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%233"
Happened while starting this command:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

Record Number: 11066
Source Name: DCOM
Time Written: 20090109135558.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DDNMQG51
Event Code: 10001
Message: Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%233"
Happened while starting this command:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

Record Number: 11064
Source Name: DCOM
Time Written: 20090109135537.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: DDNMQG51
Event Code: 1000
Message: Faulting application stardefender.exe, version 0.0.0.0, faulting module stardefender.exe, version 0.0.0.0, fault address 0x00029a9e.

Record Number: 20
Source Name: Application Error
Time Written: 20090223111305.000000-300
Event Type: error
User:

Computer Name: DDNMQG51
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.
Record Number: 17
Source Name: EventSystem
Time Written: 20090223094155.000000-300
Event Type: warning
User:

Computer Name: DDNMQG51
Event Code: 1517
Message: Windows saved user DDNMQG51\Tez registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 10
Source Name: Userenv
Time Written: 20090222193432.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DDNMQG51
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 9
Source Name: Userenv
Time Written: 20090222193431.000000-300
Event Type: warning
User: DDNMQG51\Tez

Computer Name: DDNMQG51
Event Code: 1000
Message: Faulting application stardefender.exe, version 0.0.0.0, faulting module stardefender.exe, version 0.0.0.0, fault address 0x00029a9e.

Record Number: 8
Source Name: Application Error
Time Written: 20090222133532.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=3.0.3.002
"SESSIONID"=1107634070006htx69311e9eb:101fa6b6c4f:-31f1
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-11
"UPDATEDIR"=C:\DOCUME~1\Mimi\LOCALS~1\Temp\rad32941.tmp
"TOOLPATH"=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1pro.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.22.20030804
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
tezmanian
Regular Member
 
Posts: 38
Joined: July 28th, 2009, 10:20 am

Re: CAnnot remove malicious hosts

Unread postby tezmanian » September 22nd, 2009, 4:03 pm

Here's the message regarding o1 hosts. So far, no joy in all attempts to delete (neither HJT nor manual deletion is permitted). Is it possible that we made the hosts file a read only at some point in earlier repair attempts, and, if so, is there an easy way to check setting?

Thanks.
tezmanian
Regular Member
 
Posts: 38
Joined: July 28th, 2009, 10:20 am

Re: CAnnot remove malicious hosts

Unread postby Dakeyras » September 23rd, 2009, 8:56 am

Hi. :)

Thank you very much for your willingness to continue to help me. I will be available today ; tomorrow belongs to doctors.
You're welcome and hope all goes well at the doctors.

Here's the message regarding o1 hosts. So far, no joy in all attempts to delete (neither HJT nor manual deletion is permitted). Is it possible that we made the hosts file a read only at some point in earlier repair attempts, and, if so, is there an easy way to check setting?
Not a problem we can address this in due course.

The RSIT log.txt posted is incomplete and it is not on the Desktop. It is currently residing in this location:
C:\Documents and Settings\Tez\My Documents\Downloads\RSIT.exe
Please move RSIT.exe to the desktop. Reason being, it needs to be on the desktop is so no inaccurate logs are created.

Next:

Please make sure that RSIT.exe on the Desktop.(if not inform myself straight away please)

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
"%userprofile%\desktop\rsit.exe" /info
and click on OK

  • Click on Run and RSIT will start.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: CAnnot remove malicious hosts

Unread postby tezmanian » September 23rd, 2009, 9:26 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tez at 2009-09-23 09:22:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (50%) free of 73 GB
Total RAM: 2559 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:19 AM, on 9/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Tez\desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\Tez.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 206.53.61.77 google.com.jm
O1 - Hosts: 206.53.61.77 google.com.mx
O1 - Hosts: 206.53.61.77 google.com.my
O1 - Hosts: 206.53.61.77 google.com.na
O1 - Hosts: 206.53.61.77 google.com.nf
O1 - Hosts: 206.53.61.77 google.com.ng
O1 - Hosts: 206.53.61.77 google.ch
O1 - Hosts: 206.53.61.77 google.com.np
O1 - Hosts: 206.53.61.77 google.com.pr
O1 - Hosts: 206.53.61.77 google.com.qa
O1 - Hosts: 206.53.61.77 google.com.sg
O1 - Hosts: 206.53.61.77 google.com.tj
O1 - Hosts: 206.53.61.77 google.com.tw
O1 - Hosts: 206.53.61.77 google.dj
O1 - Hosts: 206.53.61.77 google.de
O1 - Hosts: 206.53.61.77 google.dk
O1 - Hosts: 206.53.61.77 google.dm
O1 - Hosts: 206.53.61.77 google.ee
O1 - Hosts: 206.53.61.77 google.fi
O1 - Hosts: 206.53.61.77 google.fm
O1 - Hosts: 206.53.61.77 google.fr
O1 - Hosts: 206.53.61.77 google.ge
O1 - Hosts: 206.53.61.77 google.gg
O1 - Hosts: 206.53.61.77 google.gm
O1 - Hosts: 206.53.61.77 google.gr
O1 - Hosts: 206.53.61.77 google.ht
O1 - Hosts: 206.53.61.77 google.ie
O1 - Hosts: 206.53.61.77 google.im
O1 - Hosts: 206.53.61.77 google.in
O1 - Hosts: 206.53.61.77 google.it
O1 - Hosts: 206.53.61.77 google.ki
O1 - Hosts: 206.53.61.77 google.la
O1 - Hosts: 206.53.61.77 google.li
O1 - Hosts: 206.53.61.77 google.lv
O1 - Hosts: 206.53.61.77 google.ma
O1 - Hosts: 206.53.61.77 google.ms
O1 - Hosts: 206.53.61.77 google.mu
O1 - Hosts: 206.53.61.77 google.mw
O1 - Hosts: 206.53.61.77 google.nl
O1 - Hosts: 206.53.61.77 google.no
O1 - Hosts: 206.53.61.77 google.nr
O1 - Hosts: 206.53.61.77 google.nu
O1 - Hosts: 206.53.61.77 google.pl
O1 - Hosts: 206.53.61.77 google.pn
O1 - Hosts: 206.53.61.77 google.pt
O1 - Hosts: 206.53.61.77 google.ro
O1 - Hosts: 206.53.61.77 google.ru
O1 - Hosts: 206.53.61.77 google.rw
O1 - Hosts: 206.53.61.77 google.sc
O1 - Hosts: 206.53.61.77 google.se
O1 - Hosts: 206.53.61.77 google.sh
O1 - Hosts: 206.53.61.77 google.si
O1 - Hosts: 206.53.61.77 google.sm
O1 - Hosts: 206.53.61.77 google.sn
O1 - Hosts: 206.53.61.77 google.st
O1 - Hosts: 206.53.61.77 google.tl
O1 - Hosts: 206.53.61.77 google.tm
O1 - Hosts: 206.53.61.77 google.tt
O1 - Hosts: 206.53.61.77 google.us
O1 - Hosts: 206.53.61.77 google.vu
O1 - Hosts: 206.53.61.77 google.ws
O1 - Hosts: 206.53.61.77 google.co.ck
O1 - Hosts: 206.53.61.77 google.co.id
O1 - Hosts: 206.53.61.77 google.co.il
O1 - Hosts: 206.53.61.77 google.co.in
O1 - Hosts: 206.53.61.77 google.co.jp
O1 - Hosts: 206.53.61.77 google.co.kr
O1 - Hosts: 206.53.61.77 google.co.ls
O1 - Hosts: 206.53.61.77 google.co.ma
O1 - Hosts: 206.53.61.77 google.co.nz
O1 - Hosts: 206.53.61.77 google.co.tz
O1 - Hosts: 206.53.61.77 google.co.ug
O1 - Hosts: 206.53.61.77 google.co.uk
O1 - Hosts: 206.53.61.77 google.co.za
O1 - Hosts: 206.53.61.77 google.co.zm
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 google.com.af
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Mimi\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Mimi\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mimi')
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Mimi')
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Mimi')
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Mimi')
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mimi')
O4 - HKUS\S-1-5-21-2520482917-3548735554-3948835242-1006\..\Run: [Fast Antivirus 2009] "C:\Documents and Settings\All Users\Application Data\7d7ba9d\EX7d7b.exe" /s /d (User 'Mimi')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://reports.longandfoster.com/ScriptX/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27F3D5C7-9440-410F-AEDA-E37456121070} (eXcelerate.Synchronize) - http://x.longandfoster.com/Xcelerate/Ac ... lerate.CAB
O16 - DPF: {475E5A2B-6EAC-4EA3-880A-55207CB012B5} (CMA_X Class) - http://wucma.wyldfyre.com/xbin/CMAX.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4948905531
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.auctionplayer.com/members/I ... oader3.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c986402a70f1e6) (gupdate1c986402a70f1e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.naturalbodybuilding.com/pictures2/NO011.JPG

--
End of file - 16330 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{4502CF49-98B6-4E80-9F21-66A63EFE8936}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
MyIdentityDefender - C:\Documents and Settings\Mimi\Local Settings\Application Data\CyberDefender\cdmyidd.dll [2009-06-26 3962184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-20 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-11 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-20 251504]
{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - MyIdentityDefender - C:\Documents and Settings\Mimi\Local Settings\Application Data\CyberDefender\cdmyidd.dll [2009-06-26 3962184]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-11-03 4800512]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Nero PhotoShow Media Manager"=C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-08-30 139264]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-20 68856]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-22 15:41:15 ----D---- C:\rsit
2009-09-22 15:01:23 ----D---- C:\_OTM
2009-09-19 20:40:45 ----D---- C:\Program Files\iPod
2009-09-19 20:40:38 ----D---- C:\Program Files\iTunes
2009-09-19 20:40:38 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-09 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 03:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-01 03:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-01 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-24 13:59:52 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-24 13:59:46 ----D---- C:\Program Files\MSBuild
2009-08-24 13:59:32 ----D---- C:\Program Files\Reference Assemblies
2009-08-24 13:58:59 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-24 13:58:59 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-24 13:58:59 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-24 13:58:59 ----D---- C:\fa8d3836133b45520c02e9

======List of files/folders modified in the last 1 months======

2009-09-23 09:22:46 ----D---- C:\WINDOWS\Prefetch
2009-09-23 07:26:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-23 07:18:19 ----D---- C:\WINDOWS\Temp
2009-09-23 07:12:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-22 16:50:09 ----D---- C:\Program Files\Star Defender 3
2009-09-22 16:29:53 ----D---- C:\Program Files\Star Defender 4
2009-09-22 16:24:47 ----D---- C:\Program Files\Mozilla Firefox
2009-09-22 16:23:58 ----D---- C:\WINDOWS
2009-09-22 15:08:44 ----D---- C:\Documents and Settings\Tez\Application Data\Apple Computer
2009-09-22 15:07:21 ----SD---- C:\WINDOWS\Tasks
2009-09-22 15:04:37 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2009-09-22 12:31:04 ----D---- C:\WINDOWS\system32\FxsTmp
2009-09-19 20:42:33 ----SHD---- C:\WINDOWS\Installer
2009-09-19 20:42:32 ----HD---- C:\Config.Msi
2009-09-19 20:41:47 ----HD---- C:\WINDOWS\INF
2009-09-19 20:41:47 ----D---- C:\WINDOWS\system32\DRIVERS
2009-09-19 20:41:47 ----D---- C:\WINDOWS\SYSTEM32
2009-09-19 20:41:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-19 20:40:45 ----D---- C:\Program Files
2009-09-19 20:40:43 ----D---- C:\Program Files\Common Files\Apple
2009-09-19 20:38:33 ----D---- C:\Program Files\QuickTime
2009-09-15 21:13:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-15 18:05:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-14 14:46:03 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-09 03:01:31 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-09-09 03:01:27 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 03:01:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-09 03:01:13 ----D---- C:\WINDOWS\ie8updates
2009-09-02 03:02:24 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-01 03:02:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-31 07:17:09 ----RSD---- C:\WINDOWS\assembly
2009-08-28 17:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-24 14:03:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-24 14:03:08 ----D---- C:\WINDOWS\WinSxS
2009-08-24 13:59:43 ----D---- C:\WINDOWS\system32\en-US
2009-08-24 13:59:41 ----RSD---- C:\WINDOWS\Fonts
2009-08-24 13:59:12 ----D---- C:\WINDOWS\system32\SPOOL
2009-08-24 13:56:34 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 Stltrk2k;Stltrk2k; C:\WINDOWS\system32\drivers\Stltrk2k.sys [2000-06-02 13806]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-01-07 166016]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-07-07 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-07-07 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-07-07 21744]
R3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-11-03 1330940]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-11-03 73728]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2007-08-09 73728]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-01-23 1251720]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c986402a70f1e6;Google Update Service (gupdate1c986402a70f1e6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-23 724992]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
tezmanian
Regular Member
 
Posts: 38
Joined: July 28th, 2009, 10:20 am

Re: CAnnot remove malicious hosts

Unread postby tezmanian » September 23rd, 2009, 9:35 am

info.txt logfile of random's system information tool 1.06 2009-09-23 09:23:22

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AirStrike II: Gulf Thunder DEMO-->"C:\Program Files\AirStrike II Gulf Thunder DEMO\uninstall.exe"
AirStrike3D II Demo-->"C:\Program Files\AirStrike3D II Demo\uninstall.exe"
Alien Stars-->"C:\Program Files\Alien Stars\uninstall.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aquitania-->"C:\Program Files\Aquitania\uninstall.exe"
Astro Avenger 1.55-->"C:\Program Files\Astro Avenger 1.55\uninstall.exe"
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BattleMan-->C:\Program Files\BattleMan\uninstall.exe
Bob the Builder - Bob Builds a Park Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49A8B3D9-71D7-4A8B-937C-ECB7DCE53A32}\SETUP.EXE" -l0x9
Bombardix-->"C:\Program Files\Bombardix\uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Citrix ICA Web Client-->C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
CosmoLines-->"C:\Program Files\CosmoLines\uninstall.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
EOL Universal Printer Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD4776A5-A39D-4208-AC34-AF4373C81967}\Setup.exe" /u
FormViewer-->C:\Program Files\InstallShield Installation Information\{58E6A969-8215-4ABC-BD73-FCB25EA6F544}\setup.exe -runfromtemp -l0x0409
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Driver Diagnostics-->MsiExec.exe /X{4CCC7F68-A437-4559-A840-F5E010934951}
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Luxor 3-->"C:\Program Files\Luxor 3\ReflexiveArcade\unins000.exe"
Luxor Quest For The Afterlife-->"C:\Program Files\Luxor Quest For The Afterlife\ReflexiveArcade\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Monster Truck Madness-->C:\Program Files\Microsoft Games\Monster Truck Madness\setup\setup.exe /Z customui.dll
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft PhotoDraw 2000-->"C:\Program Files\Microsoft Office\Office\Setup\PhotoDraw\setup.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyIdentityDefender Toolbar (CyberDefender Corporation)-->C:\Documents and Settings\Mimi\Local Settings\Application Data\CyberDefender\cdinstx.exe /u
Nero 7 Ultra Edition-->MsiExec.exe /I{E57D365C-BB31-4288-83EC-5F4EF2D11033}
Nero PhotoShow Express 4-->"C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\Uninstall.exe"
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
PacBoy-->C:\Program Files\PacBoy\uninstall.exe
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
SanDisk USB SSFDC Ver 1.01 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C4BCAD9-DFD8-11D3-A9EA-00C0F6410581}\setup.exe" -L0x9
Scholastic's I SPY Treasure Hunt-->C:\PROGRA~1\SCHOLA~1\ISPYTR~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYTR~1\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Defender 2-->"C:\Program Files\Star Defender 2\uninstall.exe"
Star Defender 3-->"C:\Program Files\Star Defender 3\uninstall.exe"
Star Defender 4-->"C:\Program Files\Star Defender 4\uninstall.exe"
Star Defender-->"C:\Program Files\Star Defender\uninstall.exe"
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Urban Strike-->"C:\Program Files\Urban Strike\unins000.exe"
USB Storage Driver-->DelUIDrv.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

=====HijackThis Backups=====

O1 - Hosts: 206.53.61.77 google.nu [2009-09-16]
O1 - Hosts: 74.125.45.100 www.getavplusnow.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.pr [2009-09-16]
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.id [2009-09-16]
O1 - Hosts: 74.125.45.100 test1112.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.gh [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.il [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ge [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gg [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.jp [2009-09-16]
O1 - Hosts: 206.53.61.77 google.vu [2009-09-16]
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.cd [2009-09-16]
O1 - Hosts: 74.125.45.100 test1111.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.tj [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ls [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pn [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ro [2009-09-16]
O1 - Hosts: 206.53.61.77 google.bg [2009-09-16]
O1 - Hosts: 206.53.61.77 google.us [2009-09-16]
O1 - Hosts: 206.53.61.77 google.im [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.nf [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gr [2009-09-16]
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ru [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.uk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sc [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ht [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.mw [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ee [2009-09-16]
O1 - Hosts: 206.53.61.77 google.no [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fi [2009-09-16]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ma [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ie [2009-09-16]
O1 - Hosts: 206.53.61.77 google.la [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.kr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.nz [2009-09-16]
O1 - Hosts: 206.53.61.77 google.li [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.jm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ms [2009-09-16]
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pt [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.my [2009-09-16]
O1 - Hosts: 206.53.61.77 google.se [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.qa [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ck [2009-09-16]
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.zm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.za [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sn [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.hk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ki [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.mx [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.tz [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.tw [2009-09-16]
O1 - Hosts: 206.53.61.77 google.at [2009-09-16]
O1 - Hosts: 206.53.61.77 google.nl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.nr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ws [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tt [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ba [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.ng [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ch [2009-09-16]
O1 - Hosts: 206.53.61.77 google.si [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ug [2009-09-16]
O1 - Hosts: 206.53.61.77 google.in [2009-09-16]
O1 - Hosts: 206.53.61.77 google.be [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ae [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.mu [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sh [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.in [2009-09-16]
O1 - Hosts: 206.53.61.77 google.rw [2009-09-16]
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.af [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ma [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ca [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.sg [2009-09-16]
O1 - Hosts: 206.53.61.77 google.de [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.lv [2009-09-16]
O1 - Hosts: 206.53.61.77 google.it [2009-09-16]
O1 - Hosts: 206.53.61.77 google.st [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.np [2009-09-16]
O1 - Hosts: 74.125.45.100 4-open-davinci.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.na [2009-09-16]
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.az [2009-09-16]
O1 - Hosts: 206.53.61.77 google.as [2009-09-16]
O1 - Hosts: 206.53.61.77 google.bs [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dj [2009-09-16]
O1 - Hosts: 206.53.61.77 google.rw [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fr [2009-09-16]
O1 - Hosts: 74.125.45.100 test1112.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.qa [2009-09-16]
O1 - Hosts: 206.53.61.77 google.mw [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ki [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.il [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tt [2009-09-16]
O1 - Hosts: 206.53.61.77 google.nr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.za [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ws [2009-09-16]
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.no [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.jp [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sm [2009-09-16]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ug [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ge [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.zm [2009-09-16]
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com [2009-09-16]
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com [2009-09-16]
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ls [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sn [2009-09-16]
O1 - Hosts: 206.53.61.77 google.cd [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.hk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ca [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ma [2009-09-16]
O1 - Hosts: 206.53.61.77 google.bg [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.sg [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ae [2009-09-16]
O1 - Hosts: 206.53.61.77 google.az [2009-09-16]
O1 - Hosts: 206.53.61.77 google.de [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.mx [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sh [2009-09-16]
O1 - Hosts: 206.53.61.77 google.si [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.na [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.in [2009-09-16]
O1 - Hosts: 74.125.45.100 www.getavplusnow.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.im [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.uk [2009-09-16]
O1 - Hosts: 206.53.61.77 google.tm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.nz [2009-09-16]
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fi [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.jm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.us [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.kr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ro [2009-09-16]
O1 - Hosts: 206.53.61.77 google.li [2009-09-16]
O1 - Hosts: 206.53.61.77 google.st [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ba [2009-09-16]
O1 - Hosts: 206.53.61.77 google.mu [2009-09-16]
O1 - Hosts: 206.53.61.77 google.la [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.ng [2009-09-16]
O1 - Hosts: 206.53.61.77 google.gg [2009-09-16]
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.tj [2009-09-16]
O1 - Hosts: 206.53.61.77 google.in [2009-09-16]
O1 - Hosts: 206.53.61.77 google.nl [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.tz [2009-09-16]
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.fm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ht [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ma [2009-09-16]
O1 - Hosts: 206.53.61.77 google.se [2009-09-16]
O1 - Hosts: 206.53.61.77 google.sc [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.id [2009-09-16]
O1 - Hosts: 206.53.61.77 google.bs [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ms [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pt [2009-09-16]
O1 - Hosts: 206.53.61.77 google.it [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.tw [2009-09-16]
O1 - Hosts: 206.53.61.77 google.nu [2009-09-16]
O1 - Hosts: 74.125.45.100 test1111.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.af [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ie [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dj [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.my [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ch [2009-09-16]
O1 - Hosts: 206.53.61.77 google.be [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.gh [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.pr [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ru [2009-09-16]
O1 - Hosts: 206.53.61.77 google.co.ck [2009-09-16]
O1 - Hosts: 206.53.61.77 google.lv [2009-09-16]
O1 - Hosts: 206.53.61.77 google.dm [2009-09-16]
O1 - Hosts: 206.53.61.77 google.as [2009-09-16]
O1 - Hosts: 206.53.61.77 google.at [2009-09-16]
O1 - Hosts: 206.53.61.77 google.vu [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.nf [2009-09-16]
O1 - Hosts: 74.125.45.100 4-open-davinci.com [2009-09-16]
O1 - Hosts: 206.53.61.77 google.com.np [2009-09-16]
O1 - Hosts: 206.53.61.77 google.ee [2009-09-16]
O1 - Hosts: 206.53.61.77 google.pn [2009-09-16]
O1 - Hosts: 74.125.45.100 test1111.com [2009-09-16]

======Hosts File======

74.125.45.100 test1111.com
74.125.45.100 test1112.com
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com

======Security center information======

AV: Fast Antivirus 2009
AV: avast! antivirus 4.8.1351 [VPS 090922-0]
AV: Sunbelt VIPRE (disabled) (outdated)
FW: Fast Antivirus 2009

======System event log======

Computer Name: DDNMQG51
Event Code: 10001
Message: Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%233"
Happened while starting this command:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

Record Number: 11069
Source Name: DCOM
Time Written: 20090109135621.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DDNMQG51
Event Code: 10001
Message: Unable to start a DCOM Server: {6A972E27-93E2-4F98-8367-4101B2073814} as /.
The error:
"%233"
Happened while starting this command:
"c:\PROGRA~1\mcafee\msc\mcuimgr.exe" -Embedding

Record Number: 11068
Source Name: DCOM
Time Written: 20090109135619.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DDNMQG51
Event Code: 10001
Message: Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%233"
Happened while starting this command:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

Record Number: 11067
Source Name: DCOM
Time Written: 20090109135609.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DDNMQG51
Event Code: 10001
Message: Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%233"
Happened while starting this command:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

Record Number: 11066
Source Name: DCOM
Time Written: 20090109135558.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DDNMQG51
Event Code: 10001
Message: Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /.
The error:
"%233"
Happened while starting this command:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

Record Number: 11064
Source Name: DCOM
Time Written: 20090109135537.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: DDNMQG51
Event Code: 1000
Message: Faulting application stardefender.exe, version 0.0.0.0, faulting module stardefender.exe, version 0.0.0.0, fault address 0x00029a9e.

Record Number: 20
Source Name: Application Error
Time Written: 20090223111305.000000-300
Event Type: error
User:

Computer Name: DDNMQG51
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.
Record Number: 17
Source Name: EventSystem
Time Written: 20090223094155.000000-300
Event Type: warning
User:

Computer Name: DDNMQG51
Event Code: 1517
Message: Windows saved user DDNMQG51\Tez registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 10
Source Name: Userenv
Time Written: 20090222193432.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DDNMQG51
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 9
Source Name: Userenv
Time Written: 20090222193431.000000-300
Event Type: warning
User: DDNMQG51\Tez

Computer Name: DDNMQG51
Event Code: 1000
Message: Faulting application stardefender.exe, version 0.0.0.0, faulting module stardefender.exe, version 0.0.0.0, fault address 0x00029a9e.

Record Number: 8
Source Name: Application Error
Time Written: 20090222133532.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=3.0.3.002
"SESSIONID"=1107634070006htx69311e9eb:101fa6b6c4f:-31f1
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-11
"UPDATEDIR"=C:\DOCUME~1\Mimi\LOCALS~1\Temp\rad32941.tmp
"TOOLPATH"=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1pro.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.22.20030804
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
tezmanian
Regular Member
 
Posts: 38
Joined: July 28th, 2009, 10:20 am

Re: CAnnot remove malicious hosts

Unread postby Dakeyras » September 23rd, 2009, 5:11 pm

Hi. :)

Remove Symantec(Norton) remnants:

Please click here and follow the instructions to download and run the norton removal tool for the version you have had installed in the past.

Next:

Go to Start >> Control Panel >> Display (Display properties) >> Desktop >> Customize Desktop... >> Web tab

Uncheck and delete everything you find in there. (except for "My current home page")

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

The other applications are best to be uninstalled also as they will apart from hindering the malware removal process cause a system conflict at some point. Which will actually lesson overall online protection.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 8.1.2
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
MyIdentityDefender Toolbar
Windows Defender
Windows Live OneCare safety scanner


To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Next click Start >> Run and type cleanmgr in the box and press OK.

  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Yes.
  • Now Reboot(restart) your computer.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper


When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: CAnnot remove malicious hosts

Unread postby tezmanian » September 27th, 2009, 1:50 pm

Computer seems to be operating the same.

Here are the logs.

Thank you for your help...and patience.
You do not have the required permissions to view the files attached to this post.
tezmanian
Regular Member
 
Posts: 38
Joined: July 28th, 2009, 10:20 am

Re: CAnnot remove malicious hosts

Unread postby Dakeyras » September 27th, 2009, 1:53 pm

tezmanian wrote:Computer seems to be operating the same.

Here are the logs.

Thank you for your help...and patience.
Please do not attach logs but rather post them unless I otherwise request so. Primarily because this is a teaching forum and the trainees need to be able to the view logs also, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: CAnnot remove malicious hosts

Unread postby Dakeyras » September 27th, 2009, 2:18 pm

Hi. :)

Please remove/uninstall Sunbelt VIPRE, it will cause a system conflict with the presently installed avast! antivirus.

Next:

Please Download HostsXpert and unzip it to your computer, somewhere where you can find it.

The root of the system drive would be a ideal location EG: C:\

Note: Do not use this yet!

Custom ComboFix-Script:

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code: Select all
    File::
    c:\documents and settings\Mimi\Application Data\netstat.bat
    C:\WINDOWS\system32\drivers\etc\hosts
    
    Folder::
    c:\program files\Common Files\Symantec Shared
    c:\program files\Windows Live Safety Center
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Next:

  • Double click on HostsXpert.exe to launch the programme.
  • When prompted with:
    HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.
  • Select OK.
  • Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  • Exit the programme.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
  • A new HijackThis Log. <-- Make sure you post a log this time, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware