Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help Me Please!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help Me Please!

Unread postby rcasey » May 19th, 2010, 8:37 pm

My computer has been acting crazy for the past 48 hrs. I disabled my anti-virus for about 30 minutes, next thing I have anti-malware doctor loading up and my cpu at 100%. I shutdown the internet and turned the anti virus back on. I ran a scan and found many infections, dealt with them ran another scan found more and so on. I had issues loging on to the internet first because internet explorer would only open a phising screen asking me to buy anti-malware software, then because my lan settings were chaged to look for a proxy server. Here is my Hijackthis and unistall log.

Thank you for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:02 PM, on 5/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
E:\PROGRA~1\MICROS~4\rapimgr.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: E:\WINDOWS\system32\e3skhez.dll - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - E:\WINDOWS\system32\e3skhez.dll (file missing)
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1014010036
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://libertytax.webex.com/client/T27 ... eatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A5BC355-4F88-4273-8C82-D422CDA60DC3}: NameServer = 93.188.164.135,93.188.166.179
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.135,93.188.166.179
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.135,93.188.166.179
O22 - SharedTaskScheduler: har98fefiesjfs93s8i9sejsdf - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - E:\WINDOWS\system32\e3skhez.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5192 bytes


Acrobat.com
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe MPEG Encoder
Adobe Premiere 6.5
Adobe Reader 9.1.3
Advanced RealMedia Export Plug-in for Premiere 6.0
Advertisement Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
avast! Antivirus
Batch PSD to JPG
Bonjour
Browntech Image Plugin 2.02
CCScore
C-Media WDM Audio Driver
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.8
Dell Digital Jukebox Driver
Dell File Manager
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DVD Shrink 3.2
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Free FTP
getPlus(R) for Adobe
GIMP 2.6.6
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
IKEA Home Planner
IMS Web Dwarf V2
iTunes
Java(TM) 6 Update 13
JPEG to PDF 1.0
K-Lite Mega Codec Pack 5.0.5
Kodak EasyShare software
Linksys WMP110 RangePlus Wireless PCI Adapter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Essentials
netbrdg
OfotoXMI
OGA Notifier 2.0.0048.0
OmniFormat
PageBreeze Free HTML Editor
Pdf995
Picasa 3
QuickTime
Revo Uninstaller 1.80
Risk II
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SFR
SHASTA
skin0001
SKINXSDK
Sony Picture Utility
staticcr
TC Native Essentials 2.02
Trellian WebPage
Universal Document Converter
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Winamp
Winamp Remote
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip
WIRELESS
Zinkzo 1.0 build 110
rcasey
Active Member
 
Posts: 9
Joined: May 19th, 2010, 8:13 pm
Advertisement
Register to Remove

Re: Help Me Please!

Unread postby Cypher » May 21st, 2010, 12:50 pm

Hi and welcome to Malware Removal Forums.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files

please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

  • If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.



Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook



Next.

Fix HijackThis entries

Run HijackThis

  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: E:\WINDOWS\system32\e3skhez.dll - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - E:\WINDOWS\system32\e3skhez.dll (file missing)
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7A5BC355-4F88-4273-8C82-D422CDA60DC3}: NameServer = 93.188.164.135,93.188.166.179
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.135,93.188.166.179
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.135,93.188.166.179
    O22 - SharedTaskScheduler: har98fefiesjfs93s8i9sejsdf - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - E:\WINDOWS\system32\e3skhez.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.


Next.

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Next.

Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • When finished, Notepad will open with a log called, "rkill.log".
  • Please copy and paste the contents of the rkill.log in your next reply.
  • The file is automatically saved... located at C:\rkill.log.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.


Next.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)



Logs/Information to Post in your Next Reply

  • Rkill log.
  • Malwarebytes log.
  • RSIT log.txt and info.txt contents.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help Me Please!

Unread postby rcasey » May 23rd, 2010, 8:02 pm

Thank you for guiding me through this process. Below are the logs you requested. My computers performance is somewhat better since my original post. Before you responded I installed Registry Mechanic and that found a number of errors. I also removed a program called zinkzo that was installed on the day my computer started acting up. From this point forward I’ll follow your instructions and not add or delete anything.

This log file is located at E:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Jaime on 05/23/2010 at 11:51:40.


Processes terminated by Rkill or while it was running:


E:\Documents and Settings\Jaime\Desktop\malware programs\rkill.exe


Rkill completed on 05/23/2010 at 11:51:53.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4133

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/23/2010 12:28:22 PM
mbam-log-2010-05-23 (12-28-22).txt

Scan type: Quick scan
Objects scanned: 123094
Time elapsed: 20 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_MSI (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows MSI (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
E:\WINDOWS\system32\msihost.exe (Trojan.Dropper) -> Not selected for removal.
rcasey
Active Member
 
Posts: 9
Joined: May 19th, 2010, 8:13 pm

Re: Help Me Please!

Unread postby rcasey » May 23rd, 2010, 8:03 pm

Logfile of random's system information tool 1.07 (written by random/random)
Run by Jaime at 2010-05-23 12:34:00
Microsoft Windows XP Professional Service Pack 3
System drive E: has 134 GB (88%) free of 153 GB
Total RAM: 991 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:15 PM, on 5/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\MICROS~4\rapimgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Jaime\Desktop\malware programs\RSIT.exe
E:\Program Files\trend micro\Jaime.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1014010036
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://libertytax.webex.com/client/T27 ... eatgpc.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 4855 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
E:\WINDOWS\tasks\AppleSoftwareUpdate.job
E:\WINDOWS\tasks\EasyShare Registration Task.job
E:\WINDOWS\tasks\OGALogon.job
E:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"RegistryMechanic"= []
"QuickTime Task"=E:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=E:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\25836]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ckumjhyi]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
E:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
E:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
E:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
E:\Program Files\Java\jre6\bin\jusched.exe [2009-05-07 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC Integration]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
E:\WINDOWS\system32\VTPreset.exe [2004-02-24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMP110]
E:\Program Files\Linksys\WMP110\WMP110.exe [2008-02-27 962560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
E:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2009-10-16 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"WLSng Service"=2
"ose"=3
"odserv"=3
"MDM"=2
"jswpsapi"=3
"JavaQuickStarterService"=2
"iPod Service"=3
"idsvc"=3
"gusvc"=3
"GTWPSService"=2
"getPlus(R) Helper"=3
"Bonjour Service"=2
"Apple Mobile Device"=2
"Zinkzo Service"=2
"Windows MSI"=2
"dmadmin"=3
"ACDaemon"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
E:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe"="E:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\Autorun.exe /run
shell\Shell00\command - G:\Autorun.exe /run
shell\Shell01\command - G:\Autorun.exe /action
shell\Shell02\command - G:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11246407-724a-11de-aa59-001ee5a86ad5}]
shell\AutoRun\command - H:\system\viewer\FlipVideoforPC.exe
shell\Flip Video for PC\command - H:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c121a00-03a5-11de-aa22-00e04caf53b4}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-05-23 12:34:00 ----D---- E:\rsit
2010-05-23 12:28:53 ----A---- E:\mbam-log-2010-05-23 (12-28-22).txt
2010-05-23 12:28:12 ----A---- E:\mbam-log-2010-05-23 (12-28-00).txt
2010-05-23 11:55:26 ----D---- E:\Documents and Settings\Jaime\Application Data\Malwarebytes
2010-05-23 11:55:13 ----D---- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-23 11:55:12 ----D---- E:\Program Files\Malwarebytes' Anti-Malware
2010-05-23 11:29:59 ----SHD---- E:\Config.Msi
2010-05-23 11:29:30 ----D---- E:\WINDOWS\SxsCaPendDel
2010-05-20 15:07:42 ----A---- E:\WINDOWS\system32\STKIT432.DLL
2010-05-20 15:07:37 ----D---- E:\Program Files\Registry Mechanic
2010-05-20 15:07:16 ----A---- E:\WINDOWS\encore_launcher.ini
2010-05-19 16:34:38 ----D---- E:\Program Files\Trend Micro
2010-05-19 15:09:05 ----D---- E:\Documents and Settings\All Users\Application Data\Lavasoft
2010-05-17 21:28:07 ----D---- E:\Documents and Settings\Jaime\Application Data\A603ECCD9B8A36FE3DBBE389BA4BCF0F
2010-05-12 03:02:30 ----HDC---- E:\WINDOWS\$NtUninstallKB978542$
2010-05-05 11:04:31 ----D---- E:\Documents and Settings\Jaime\Application Data\ISIS Drivers
2010-05-05 11:02:26 ----D---- E:\WINDOWS\PIXTRAN
2010-05-05 11:02:26 ----D---- E:\Program Files\BrownTech
2010-05-02 03:00:26 ----HDC---- E:\WINDOWS\$NtUninstallKB954156_WM9L$
2010-04-30 15:26:42 ----D---- E:\WINDOWS\system32\windows media
2010-04-30 15:26:18 ----D---- E:\Program Files\Windows Media Components

======List of files/folders modified in the last 1 months======

2010-05-23 12:34:11 ----D---- E:\WINDOWS\Prefetch
2010-05-23 12:32:39 ----D---- E:\WINDOWS\Temp
2010-05-23 12:29:59 ----D---- E:\WINDOWS\system32\drivers
2010-05-23 12:29:31 ----A---- E:\WINDOWS\SchedLgU.Txt
2010-05-23 12:29:30 ----D---- E:\WINDOWS\system32\CatRoot2
2010-05-23 12:01:53 ----D---- E:\WINDOWS\system32
2010-05-23 11:55:12 ----RD---- E:\Program Files
2010-05-23 11:30:09 ----SHD---- E:\WINDOWS\Installer
2010-05-23 11:29:48 ----DC---- E:\WINDOWS\system32\DRVSTORE
2010-05-23 11:29:30 ----D---- E:\WINDOWS
2010-05-20 20:38:49 ----SD---- E:\WINDOWS\Tasks
2010-05-20 20:34:12 ----RD---- E:\UDC Output Files
2010-05-20 20:31:19 ----D---- E:\Program Files\Common Files\ArcSoft
2010-05-20 20:31:05 ----D---- E:\Program Files\ArcSoft
2010-05-20 20:31:04 ----HD---- E:\Program Files\InstallShield Installation Information
2010-05-19 15:10:51 ----HD---- E:\WINDOWS\inf
2010-05-19 15:10:03 ----D---- E:\WINDOWS\WinSxS
2010-05-19 14:28:43 ----D---- E:\WINDOWS\network diagnostic
2010-05-18 16:54:20 ----A---- E:\WINDOWS\win.ini
2010-05-18 16:54:20 ----A---- E:\WINDOWS\system.ini
2010-05-18 16:16:34 ----HDC---- E:\WINDOWS\$NtServicePackUninstall$
2010-05-18 15:56:02 ----D---- E:\WINDOWS\pss
2010-05-17 22:07:05 ----A---- E:\WINDOWS\ntbtlog.txt
2010-05-17 21:58:45 ----SHD---- E:\System Volume Information
2010-05-17 21:58:45 ----D---- E:\WINDOWS\system32\Restore
2010-05-17 21:57:22 ----SHD---- E:\WINDOWS\CSC
2010-05-17 21:29:50 ----RSHDC---- E:\WINDOWS\system32\dllcache
2010-05-15 23:34:14 ----A---- E:\WINDOWS\NeroDigital.ini
2010-05-12 03:03:43 ----D---- E:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-12 03:02:33 ----D---- E:\Program Files\Outlook Express
2010-05-12 00:11:03 ----HD---- E:\WINDOWS\$hf_mig$
2010-05-04 06:49:08 ----D---- E:\WINDOWS\system32\LogFiles
2010-05-02 03:00:36 ----A---- E:\WINDOWS\imsins.BAK
2010-04-30 15:27:19 ----SD---- E:\Documents and Settings\Jaime\Application Data\Microsoft
2010-04-30 15:26:41 ----D---- E:\WINDOWS\RegisteredPackages
2010-04-30 14:51:06 ----A---- E:\WINDOWS\system32\MRT.exe
2010-04-29 17:25:33 ----D---- E:\Documents and Settings\Jaime\Application Data\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; E:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 aswSP;avast! Self Protection; E:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; E:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 intelppm;Intel Processor Driver; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.7.0; E:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-27 21035]
R2 aswFsBlk;aswFsBlk; E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMon2;avast! Standard Shield Support; E:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
R3 Arp1394;1394 ARP Client Protocol; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 cmuda;C-Media WDM Audio Interface; E:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 JSWSCIMD;jswscimd Service; E:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; E:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 S3Psddr;S3Psddr; E:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-03-02 167040]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service; E:\WINDOWS\system32\DRIVERS\WMP110.sys [2007-10-17 1299520]
S3 61883;61883 Unit Device; E:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; E:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; E:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\E:\PROGRA~1\Linksys\WMP110\GTNDIS5.SYS []
S3 Jukebox;Jukebox; E:\WINDOWS\system32\DRIVERS\ctpdusb2.sys [2003-08-29 16816]
S3 MSDV;Microsoft DV Camera and VCR; E:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 S3SavageNB;S3SavageNB; E:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-03-02 167040]
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; E:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; E:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext Codec; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; E:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; E:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R3 avast! Mail Scanner;avast! Mail Scanner; E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; E:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
S3 ACDaemon;ArcSoft Connect Daemon; E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S4 Bonjour Service;Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 getPlus(R) Helper;getPlus(R) Helper; E:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S4 GTWPSService;GTWPSSRV; E:\Program Files\Linksys\WMP110\gtwpssrv.exe [2008-01-30 34816]
S4 gusvc;Google Updater Service; E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S4 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 iPod Service;iPod Service; E:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S4 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2009-05-07 152984]
S4 jswpsapi;Jumpstart Wifi Protected Setup; E:\Program Files\Linksys\WMP110\jswpsapi.exe [2007-10-29 352338]
S4 MDM;Machine Debug Manager; E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 WLSng Service;WLSng Service; E:\Program Files\Linksys\WMP110\WLSngS.exe [2007-07-30 233472]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
rcasey
Active Member
 
Posts: 9
Joined: May 19th, 2010, 8:13 pm

Re: Help Me Please!

Unread postby rcasey » May 23rd, 2010, 8:04 pm

info.txt logfile of random's system information tool 1.06 2010-05-23 12:34:24

======Uninstall list======

-->E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->E:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->E:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0009 -removeonly
-->E:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->E:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->E:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->E:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->E:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->e:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe MPEG Encoder-->MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Premiere 6.5-->E:\WINDOWS\UNINST.EXE -f"E:\Program Files\Adobe\Premiere 6.5\DeIsL1.isu" -c"E:\Program Files\Adobe\Premiere 6.5\Uninst.dll"
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Advanced RealMedia Export Plug-in for Premiere 6.0-->E:\Program Files\Adobe\Premiere 6.5\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->E:\Program Files\Alwil Software\Avast4\aswRunDll.exe "E:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Batch PSD to JPG-->"E:\Program Files\Design-Lib Creations\Batch PSD to JPG\uninstall.exe" "/U:E:\Program Files\Design-Lib Creations\Batch PSD to JPG\Uninstall\uninstall.xml"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browntech Image Plugin 2.02-->MsiExec.exe /X{68658FCB-01BB-4980-A7C3-6ADB1E4E0C66}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
C-Media WDM Audio Driver-->E:\WINDOWS\system32\cmirmdrv.exe
Critical Update for Windows Media Player 11 (KB959772)-->"E:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CutePDF Writer 2.8-->E:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
Dell Digital Jukebox Driver-->E:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell File Manager-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9 /remove
DivX Converter-->E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->E:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->E:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->E:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"E:\Program Files\DVD Shrink\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Free FTP-->RunDll32 syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 E:\WINDOWS\INF\freeftp.inf
getPlus(R) for Adobe-->"E:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
GIMP 2.6.6-->"E:\Program Files\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2-->"E:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"E:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"E:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"E:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"E:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"E:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"E:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"E:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"E:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"E:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
IKEA Home Planner-->MsiExec.exe /I{B3276CB1-20B6-4AF9-AAEC-E72C83816495}
IMS Web Dwarf V2-->E:\WINDOWS\uninst.exe -f"E:\Program Files\Virtual Mechanics\IMS Web Dwarf V2\DeIsL1.isu" -c"E:\Program Files\Virtual Mechanics\IMS Web Dwarf V2\_ISREG32.DLL"
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
JPEG to PDF 1.0-->"E:\Program Files\JPEG to PDF\unins000.exe"
K-Lite Mega Codec Pack 5.0.5-->"E:\Program Files\K-Lite Codec Pack\unins000.exe"
Kodak EasyShare software-->E:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_105ec680\Setup.exe /APR-REMOVE
Linksys WMP110 RangePlus Wireless PCI Adapter-->E:\Program Files\InstallShield Installation Information\{8CBDD204-BF4E-4284-B117-465A02883B81}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"E:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->E:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"E:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"E:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher 2007 Trial-->"E:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PUBLISHERR /dll OSETUP.DLL
Microsoft Office Publisher 2007-->MsiExec.exe /X{91120000-0019-0000-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"E:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B0-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Essentials-->MsiExec.exe /I{F17F7703-1E72-40C1-A0DD-E5B365661033}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OmniFormat-->E:\Program Files\omniformat\thinsetup.exe - uninstall
PageBreeze Free HTML Editor-->E:\PROGRA~1\PAGEBR~1\UNWISE.EXE E:\PROGRA~1\PAGEBR~1\INSTALL.LOG
Pdf995-->E:\Program Files\pdf995\setup.exe uninstall
Picasa 3-->"E:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Registry Mechanic 5.1-->"E:\Program Files\Registry Mechanic\unins000.exe"
Revo Uninstaller 1.80-->E:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Risk II-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0EE11800-A1BD-11D3-BFEB-005004AF2D32}\setup.exe" -l0x0009
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"E:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"E:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"E:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"E:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"E:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"E:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"E:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"E:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"E:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"E:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"E:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"E:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"E:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"E:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"E:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"E:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"E:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"E:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"E:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"E:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->E:\WINDOWS\system32\MacroMed\Flash\genuinst.exe E:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"E:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"E:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"E:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"E:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"E:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"E:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"E:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"E:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"E:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"E:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"E:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"E:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"E:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"E:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"E:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"E:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"E:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"E:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"E:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"E:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"E:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"E:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"E:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"E:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"E:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"E:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"E:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"E:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"E:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"E:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"E:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"E:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"E:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"E:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"E:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"E:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"E:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"E:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"E:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"E:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"E:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"E:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"E:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"E:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"E:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"E:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"E:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"E:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"E:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"E:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"E:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"E:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"E:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"E:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"E:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"E:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"E:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"E:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"E:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"E:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"E:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"E:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"E:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"E:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"E:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"E:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"E:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"E:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"E:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"E:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"E:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"E:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"E:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"E:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"E:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"E:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"E:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sony Picture Utility-->E:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
TC Native Essentials 2.02-->E:\PROGRA~1\TCWorks\TCNativeEssentials202\UninstallTCEssentials.exe E:\PROGRA~1\TCWorks\TCNativeEssentials202\INSTALL.LOG
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb981726)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {2C69BACE-1151-41C0-8C8D-F6026D510BD4}
Update for Windows Internet Explorer 8 (KB972636)-->"E:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"E:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"E:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"E:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"E:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"E:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"E:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"E:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"E:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"E:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"E:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"E:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"E:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"E:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->E:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Winamp Remote-->"E:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"E:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"E:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"E:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"E:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"E:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"E:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"E:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"E:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 100523-0]

======System event log======

Computer Name: CANDC01
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 18515
Source Name: Disk
Time Written: 20100413092146.000000-240
Event Type: warning
User:

Computer Name: CANDC01
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 18514
Source Name: Disk
Time Written: 20100413082146.000000-240
Event Type: warning
User:

Computer Name: CANDC01
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 18513
Source Name: Disk
Time Written: 20100413072146.000000-240
Event Type: warning
User:

Computer Name: CANDC01
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 18512
Source Name: Disk
Time Written: 20100413071435.000000-240
Event Type: warning
User:

Computer Name: CANDC01
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 18511
Source Name: Disk
Time Written: 20100413062146.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: CANDC01
Event Code: 11316
Message: Product: Microsoft ActiveSync -- Error.A network error occurred while attempting to read from the file D:\ACTIVESYNC\WWE\setup[1].msi

Record Number: 2145
Source Name: MsiInstaller
Time Written: 20090802184544.000000-240
Event Type: error
User: CANDC01\Jaime

Computer Name: CANDC01
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16850, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1965
Source Name: Application Hang
Time Written: 20090710102418.000000-240
Event Type: error
User:

Computer Name: CANDC01
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16850, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1964
Source Name: Application Hang
Time Written: 20090710102414.000000-240
Event Type: error
User:

Computer Name: CANDC01
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16850, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1963
Source Name: Application Hang
Time Written: 20090710102413.000000-240
Event Type: error
User:

Computer Name: CANDC01
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16850, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1874
Source Name: Application Hang
Time Written: 20090701102639.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;E:\Program Files\Common Files\DivX Shared\;E:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;E:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=E:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
rcasey
Active Member
 
Posts: 9
Joined: May 19th, 2010, 8:13 pm

Re: Help Me Please!

Unread postby rcasey » May 23rd, 2010, 8:09 pm

One more thing...

While most of the major symptoms have not popped back up in a few days, there are popups. When usaing google a new window opens with a different search engine and results for the same term. Nothing like this hapened before.
rcasey
Active Member
 
Posts: 9
Joined: May 19th, 2010, 8:13 pm

Re: Help Me Please!

Unread postby Cypher » May 24th, 2010, 5:59 am

Hi rcasey.

Registry Cleaners

Re. Registry Mechanic

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


This post by Bill Castner is veryinformative: WhatTheTech Forum

Files Infected:
E:\WINDOWS\system32\msihost.exe (Trojan.Dropper) -> Not selected for removal.
Please run Malwarebytes' Anti-Malware again and remove everything it finds.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • Gmer.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help Me Please!

Unread postby rcasey » May 24th, 2010, 6:14 pm

Hi Cypher,

My computer is still giving me pop-ups any time a do a google search. The anti-virus alarm has gone off a few times and I have followed the instructions it gives me, usualy moving the item to the chest.
Here are the logs you requested.

Thanks

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-24 18:07:20
Windows 5.1.2600 Service Pack 3
Running: 76l7l0ob.exe; Driver: E:\DOCUME~1\Jaime\LOCALS~1\Temp\pxtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF4D786B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF4D78574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF4D78A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF4D7814C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF4D7864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF4D7808C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF4D780F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF4D7876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF4D7872E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF4D788AE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc E:\WINDOWS\system32\DRIVERS\rasacd.sys entry point in ".rsrc" section [0xF7C57C14]

---- User code sections - GMER 1.0.15 ----

.text E:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text E:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text E:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text E:\WINDOWS\System32\svchost.exe[1112] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F6000A
.text E:\WINDOWS\System32\svchost.exe[1112] ole32.dll!CoCreateInstance 7750057E 3 Bytes JMP 00DC000A
.text E:\WINDOWS\System32\svchost.exe[1112] ole32.dll!CoCreateInstance + 4 77500582 1 Byte [89]
.text E:\WINDOWS\Explorer.EXE[1560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text E:\WINDOWS\Explorer.EXE[1560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text E:\WINDOWS\Explorer.EXE[1560] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 854FDCEC

---- Files - GMER 1.0.15 ----

File E:\WINDOWS\system32\DRIVERS\rasacd.sys suspicious modification
File E:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4133

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/24/2010 8:48:59 AM
mbam-log-2010-05-24 (08-48-59).txt

Scan type: Quick scan
Objects scanned: 124462
Time elapsed: 16 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
rcasey
Active Member
 
Posts: 9
Joined: May 19th, 2010, 8:13 pm

Re: Help Me Please!

Unread postby Cypher » May 25th, 2010, 6:09 am

Hi rcasey.

Your computer was infected with a ROOTKIT. In particular, the TDL3/TDSS rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore it may be prudent once you're PC is clean to:

  1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

What are rootkits from Wikipedia

How do I respond to a possible identity theft and how do I prevent it


This can prove difficult to remove so we will try the easiest way first.
Let me know if you're searches are still being redirected after this fix.



TDSSKiller
  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy the text in the codebox below, Do not include the word Code:
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • A log file should be created on your desktop called tdskiller.txt, Please post the contents of that log in your next reply.



Logs/Information to Post in your Next Reply

  • TDSSKiller log
  • Please give me an update on your computers performance, are you're searches still redirected?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help Me Please!

Unread postby rcasey » May 25th, 2010, 10:22 am

Hi Cypher,

I have two logs for TDSSkiller. The reason is because when first downloaded and extracted I ran the program by double clicking the exe. I then re-read your instructions and ran using the code you provided. On the first scan the program found an infection, but when I ran the program using the code it found none. I restarted my computer and tried a search, this time no pop-ups.

Thanks

09:49:43:750 2936 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
09:49:43:750 2936 ================================================================================
09:49:43:750 2936 SystemInfo:

09:49:43:750 2936 OS Version: 5.1.2600 ServicePack: 3.0
09:49:43:750 2936 Product type: Workstation
09:49:43:750 2936 ComputerName: CANDC01
09:49:43:750 2936 UserName: Jaime
09:49:43:750 2936 Windows directory: E:\WINDOWS
09:49:43:750 2936 Processor architecture: Intel x86
09:49:43:750 2936 Number of processors: 1
09:49:43:750 2936 Page size: 0x1000
09:49:43:765 2936 Boot type: Normal boot
09:49:43:765 2936 ================================================================================
09:49:44:328 2936 Initialize success
09:49:44:328 2936
09:49:44:328 2936 Scanning Services ...
09:49:44:687 2936 Raw services enum returned 346 services
09:49:44:718 2936
09:49:44:718 2936 Scanning Drivers ...
09:49:45:312 2936 61883 (914a9709fc3bf419ad2f85547f2a4832) E:\WINDOWS\system32\DRIVERS\61883.sys
09:49:45:359 2936 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) E:\WINDOWS\system32\drivers\Aavmker4.sys
09:49:45:437 2936 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys
09:49:45:484 2936 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys
09:49:45:531 2936 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
09:49:45:578 2936 AegisP (accd563bf09c4659b54143fde633b57d) E:\WINDOWS\system32\DRIVERS\AegisP.sys
09:49:45:625 2936 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys
09:49:45:750 2936 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys
09:49:45:828 2936 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
09:49:45:859 2936 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) E:\WINDOWS\system32\drivers\aswMon2.sys
09:49:45:890 2936 aswRdr (8080d683489c99cbace813f6fa4069cc) E:\WINDOWS\system32\drivers\aswRdr.sys
09:49:45:921 2936 aswSP (2e5a2ad5004b55df39b7606130a88142) E:\WINDOWS\system32\drivers\aswSP.sys
09:49:45:937 2936 aswTdi (d4c83a37efadfa2c398362e0776e3773) E:\WINDOWS\system32\drivers\aswTdi.sys
09:49:45:968 2936 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:49:46:000 2936 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
09:49:46:031 2936 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:49:46:078 2936 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
09:49:46:109 2936 Avc (f8e6956a614f15a0860474c5e2a7de6b) E:\WINDOWS\system32\DRIVERS\avc.sys
09:49:46:140 2936 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
09:49:46:171 2936 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
09:49:46:203 2936 CCDECODE (0be5aef125be881c4f854c554f2b025c) E:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:49:46:250 2936 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
09:49:46:281 2936 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
09:49:46:312 2936 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) E:\WINDOWS\system32\DRIVERS\cdrom.sys
09:49:46:437 2936 cmuda (297cc8a257cbd3c46bbd675ec5e35cc2) E:\WINDOWS\system32\drivers\cmuda.sys
09:49:46:546 2936 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
09:49:46:609 2936 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys
09:49:46:671 2936 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys
09:49:46:703 2936 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
09:49:46:734 2936 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
09:49:46:765 2936 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
09:49:46:796 2936 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
09:49:46:828 2936 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys
09:49:46:843 2936 FETNDIS (e9648254056bce81a85380c0c3647dc4) E:\WINDOWS\system32\DRIVERS\fetnd5.sys
09:49:46:890 2936 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys
09:49:46:921 2936 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:49:46:968 2936 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
09:49:46:984 2936 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
09:49:47:015 2936 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:49:47:046 2936 gameenum (065639773d8b03f33577f6cdaea21063) E:\WINDOWS\system32\DRIVERS\gameenum.sys
09:49:47:093 2936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:49:47:140 2936 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
09:49:47:203 2936 GTNDIS5 (fc80052194d5708254a346568f0e77c0) E:\PROGRA~1\Linksys\WMP110\GTNDIS5.SYS
09:49:47:250 2936 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
09:49:47:312 2936 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
09:49:47:375 2936 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:49:47:406 2936 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
09:49:47:468 2936 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys
09:49:47:500 2936 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
09:49:47:531 2936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:49:47:562 2936 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
09:49:47:593 2936 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
09:49:47:625 2936 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
09:49:47:656 2936 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
09:49:47:687 2936 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys
09:49:47:750 2936 JSWSCIMD (20e5e4d1c055f36d341d7cda92b99dc8) E:\WINDOWS\system32\DRIVERS\jswscimd.sys
09:49:47:781 2936 Jukebox (0091655048a36a46cb76def1e236a630) E:\WINDOWS\system32\DRIVERS\ctpdusb2.sys
09:49:47:812 2936 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:49:47:890 2936 klmd23 (0b06b0a25e08df0d536402bce3bde61e) E:\WINDOWS\system32\drivers\klmd.sys
09:49:47:921 2936 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
09:49:47:953 2936 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
09:49:48:015 2936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
09:49:48:046 2936 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys
09:49:48:078 2936 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys
09:49:48:125 2936 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys
09:49:48:140 2936 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
09:49:48:187 2936 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:49:48:234 2936 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:49:48:281 2936 MSDV (1477849772712bac69c144dcf2c9ce81) E:\WINDOWS\system32\DRIVERS\msdv.sys
09:49:48:296 2936 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
09:49:48:328 2936 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
09:49:48:359 2936 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:49:48:375 2936 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
09:49:48:406 2936 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:49:48:421 2936 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) E:\WINDOWS\system32\drivers\MSTEE.sys
09:49:48:468 2936 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) E:\WINDOWS\system32\drivers\msmpu401.sys
09:49:48:500 2936 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys
09:49:48:515 2936 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:49:48:546 2936 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
09:49:48:562 2936 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) E:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:49:48:593 2936 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:49:48:625 2936 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:49:48:656 2936 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:49:48:671 2936 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys
09:49:48:703 2936 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
09:49:48:734 2936 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
09:49:48:765 2936 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys
09:49:48:781 2936 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
09:49:48:828 2936 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
09:49:48:937 2936 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
09:49:49:109 2936 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:49:49:140 2936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:49:49:156 2936 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:49:49:187 2936 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys
09:49:49:218 2936 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
09:49:49:234 2936 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys
09:49:49:265 2936 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys
09:49:49:328 2936 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys
09:49:49:437 2936 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
09:49:49:453 2936 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
09:49:49:500 2936 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
09:49:49:531 2936 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) E:\WINDOWS\system32\Drivers\PxHelp20.sys
09:49:49:625 2936 RasAcd (d487dd07d437072d336ecedfa8c7bbb8) E:\WINDOWS\system32\DRIVERS\rasacd.sys
09:49:49:640 2936 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: d487dd07d437072d336ecedfa8c7bbb8, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
09:49:49:640 2936 File "E:\WINDOWS\system32\DRIVERS\rasacd.sys" infected by TDSS rootkit ... 09:49:52:187 2936 Backup copy found, using it..
09:49:52:218 2936 will be cured on next reboot
09:49:52:265 2936 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:49:52:296 2936 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:49:52:328 2936 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
09:49:52:375 2936 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
09:49:52:406 2936 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:49:52:437 2936 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:49:52:484 2936 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys
09:49:52:531 2936 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys
09:49:52:578 2936 S3Psddr (f5c5903c601a193e659485cd8258fcb3) E:\WINDOWS\system32\DRIVERS\s3gnbm.sys
09:49:52:593 2936 S3SavageNB (f5c5903c601a193e659485cd8258fcb3) E:\WINDOWS\system32\DRIVERS\s3gnbm.sys
09:49:52:640 2936 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
09:49:52:687 2936 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
09:49:52:718 2936 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys
09:49:52:750 2936 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
09:49:52:796 2936 SLIP (866d538ebe33709a5c9f5c62b73b7d14) E:\WINDOWS\system32\DRIVERS\SLIP.sys
09:49:52:843 2936 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
09:49:52:890 2936 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys
09:49:52:953 2936 Srv (89220b427890aa1dffd1a02648ae51c3) E:\WINDOWS\system32\DRIVERS\srv.sys
09:49:53:015 2936 streamip (77813007ba6265c4b6098187e6ed79d2) E:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:49:53:046 2936 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
09:49:53:062 2936 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
09:49:53:171 2936 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
09:49:53:218 2936 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
09:49:53:281 2936 !dthrs6
09:49:53:312 2936 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
09:49:53:343 2936 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
09:49:53:390 2936 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
09:49:53:437 2936 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
09:49:53:500 2936 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
09:49:53:562 2936 USBAAPL (1df89c499bf45d878b87ebd4421d462d) E:\WINDOWS\system32\Drivers\usbaapl.sys
09:49:53:609 2936 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
09:49:53:625 2936 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
09:49:53:671 2936 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
09:49:53:734 2936 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:49:53:781 2936 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:49:53:796 2936 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
09:49:53:843 2936 viaagp (754292ce5848b3738281b4f3607eaef4) E:\WINDOWS\system32\DRIVERS\viaagp.sys
09:49:53:859 2936 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) E:\WINDOWS\system32\DRIVERS\viaide.sys
09:49:53:875 2936 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys
09:49:53:921 2936 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
09:49:53:953 2936 wceusbsh (46a247f6617526afe38b6f12f5512120) E:\WINDOWS\system32\DRIVERS\wceusbsh.sys
09:49:54:015 2936 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
09:49:54:093 2936 WMP110 (818219f72de8b8c43fda09af882e2737) E:\WINDOWS\system32\DRIVERS\WMP110.sys
09:49:54:171 2936 WSTCODEC (c98b39829c2bbd34e454150633c62c78) E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:49:54:218 2936 WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:49:54:250 2936 WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:49:54:265 2936 Reboot required for cure complete..
09:49:54:562 2936 Cure on reboot scheduled successfully
09:49:54:562 2936
09:49:54:562 2936 Completed
09:49:54:562 2936
09:49:54:562 2936 Results:
09:49:54:562 2936 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:49:54:562 2936 File objects infected / cured / cured on reboot: 1 / 0 / 1
09:49:54:562 2936
09:49:54:578 2936 KLMD(ARK) unloaded successfully


NEXT IS THE SCAN USING YOUR CODE

09:51:04:484 0236 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
09:51:04:484 0236 ================================================================================
09:51:04:484 0236 SystemInfo:

09:51:04:484 0236 OS Version: 5.1.2600 ServicePack: 3.0
09:51:04:484 0236 Product type: Workstation
09:51:04:484 0236 ComputerName: CANDC01
09:51:04:484 0236 UserName: Jaime
09:51:04:484 0236 Windows directory: E:\WINDOWS
09:51:04:484 0236 Processor architecture: Intel x86
09:51:04:484 0236 Number of processors: 1
09:51:04:484 0236 Page size: 0x1000
09:51:04:515 0236 Boot type: Normal boot
09:51:04:515 0236 ================================================================================
09:51:04:578 0236 Raw disk subsystem init failed!
09:51:04:578 0236 Initialize success
09:51:04:578 0236
09:51:04:578 0236 Scanning Services ...
09:51:04:937 0236 Raw services enum returned 347 services
09:51:04:984 0236 !dthrs1
09:51:04:984 0236 DetectCureTDL3 failed
09:51:04:984 0236
09:51:04:984 0236 Completed
09:51:04:984 0236
09:51:04:984 0236 Results:
09:51:04:984 0236 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:51:04:984 0236 File objects infected / cured / cured on reboot: 0 / 0 / 0
09:51:04:984 0236
09:51:05:000 0236 KLMD(ARK) unloaded successfully
rcasey
Active Member
 
Posts: 9
Joined: May 19th, 2010, 8:13 pm

Re: Help Me Please!

Unread postby Cypher » May 25th, 2010, 11:03 am

Hi rcasey.
Any more search redirects?

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 20.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Please run ATF Cleaner again it should still be on your desktop.


Next.

Disable Avast

  • Right click on the avast! icon in system tray (looks like this: Image) and choose (Stop On-Access Protection)
  • Note: Don't forget to re-enable it after the scan.



Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help Me Please!

Unread postby Dakeyras » May 28th, 2010, 11:54 am

Re-opened at OP's request. Problems with Wireless connection etc.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Help Me Please!

Unread postby Cypher » May 28th, 2010, 12:37 pm

Thank you Dakeyras.

Are you're searches still being redirected rcasey?
Please post the results of the ESET scan.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help Me Please!

Unread postby rcasey » May 28th, 2010, 12:46 pm

Hi Cypher,

My searches are no longer being redirected. It stopped after TDSSkiller was run. Here is the log from ESET. So you know it was during the scan that my wireless stopped, I do not know if that will make a difference.

Thanks,
rcasey

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7a3e98b276395642b1d6a291ec736d75
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-05-26 02:56:24
# local_time=2010-05-26 10:56:24 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 92 0 210248449 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=92
# found=0
# cleaned=0
# scan_time=494
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7a3e98b276395642b1d6a291ec736d75
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-05-26 05:41:56
# local_time=2010-05-26 01:41:56 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 92 0 210249063 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63384
# found=0
# cleaned=0
# scan_time=9818
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7a3e98b276395642b1d6a291ec736d75
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-05-27 12:13:17
# local_time=2010-05-26 08:13:17 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 92 0 210273610 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=56832
# found=0
# cleaned=0
# scan_time=8747
rcasey
Active Member
 
Posts: 9
Joined: May 19th, 2010, 8:13 pm

Re: Help Me Please!

Unread postby Cypher » May 28th, 2010, 1:02 pm

Hi rcasey.
So you know it was during the scan that my wireless stopped, I do not know if that will make a difference.
Please run the scan again and post the new log in you're next reply :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware