Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

iexplore.exe & svchost.exe Producing A Virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

iexplore.exe & svchost.exe Producing A Virus?

Unread postby Jon14 » April 22nd, 2010, 1:49 pm

These past couple of days Norton has been popping up nonstop every few minutes or any time the internet is being used. It says it is blocking an intruder from attacking me, everytime coming from iexplore.exe or svchost.exe in my computer. I am guessing that it is coming from somewhere else and is not actually those files, but absolutely NO spyware programs, online scans, malware removal programs, etc. have been able to even find anything. At one point it produced the Antivirus XP trojan, but I was able to easily remove that with Norton. i have no idea what to do now so I came here. I have posted the log below, and thanks to anyone who can help.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:02 PM, on 4/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ontarioweather.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ui.skype.com/ui/0/3.6.0.248/en/exitsurvey
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-27010852-2672116680-4028477541-501\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Guest')
O4 - HKUS\S-1-5-21-27010852-2672116680-4028477541-501\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Guest')
O4 - HKUS\S-1-5-21-27010852-2672116680-4028477541-501\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Guest')
O4 - HKUS\S-1-5-21-27010852-2672116680-4028477541-501\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-21-27010852-2672116680-4028477541-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security. (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11641 bytes








__________________
UNINSTALL LIST
__________________


Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
AIM 7
AIM Search
AIM Toolbar
AnalogX Vocal Remover
AnalogX Vocal Remover (WinAmp)
Asus ACPI Driver
ASUSUpdate for Eee PC
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Audacity 1.2.6
Azurewave Wireless LAN
CCleaner (remove only)
Critical Update for Windows Media Player 11 (KB959772)
Download Updater (AOL LLC)
ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
FLV Player 2.0 (build 25)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotspot_Shield Toolbar
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
Java(TM) 6 Update 16
Junk Mail filter update
K-Lite Codec Pack 5.0.0 (Standard)
LightScribe System Software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MixPad Audio Mixer
MSVCRT
Nero 7 Essentials
Norton Internet Security
RealPlayer
Realtek High Definition Audio Driver
Registry Mechanic 8.0
Replay Media Catcher 3.02
Replay Video Capture
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
Skype web features
Skype™ 4.1
Spyware Doctor 6.1
Super Hybrid Engine
SUPERAntiSpyware Free Edition
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
URL Snooper v2.23.01
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Resource Kit Tools
WinPcap 4.1 beta5
WinRAR archiver
WinZip
WM Recorder
Xilisoft Video Converter Ultimate
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm
Advertisement
Register to Remove

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby MWR 3 day Mod » April 26th, 2010, 1:44 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby askey127 » April 26th, 2010, 7:35 pm

Hi Jon14,
"Conduit" Toolbars like Hotspot Shield can contain spyware. Your choice to keep or remove.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Ad-Aware 2007
Adobe Reader 8.1.1
Java(TM) 6 Update 16
Registry Mechanic 8.0

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Older versions of Java have been vulnerable to malware infections in the past. It is important to install the newest version and make sure all older ones have been removed.
Download the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 20 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
--------------------------------------------------------
You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE and click on AdbeRdr930_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

----------------------------------------------
Run Temp File Cleaner
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and Run as Administrator in Vista)
If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Doubleclick the RSIT icon.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Both files will be saved here -> C:\rsit\ )

Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby Jon14 » April 27th, 2010, 11:34 pm

Thanks a lot for the help. I have done everything asked, and here are the logs:

LOG



Logfile of random's system information tool 1.06 (written by random/random)
Run by pc3 at 2010-04-27 23:27:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (7%) free of 82 GB
Total RAM: 1015 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:37 PM, on 4/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\pc3\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\pc3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ontarioweather.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ui.skype.com/ui/0/3.6.0.248/en/exitsurvey
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security. (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 10388 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\mixpadSevenDaysInit.job
C:\WINDOWS\tasks\mixpadShakeIcon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-11-30 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2009-12-01 111976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll [2010-03-25 394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL [2010-02-03 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-31 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-10 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-08-28 1303912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\tbHots.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-26 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll [2010-03-25 394608]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-08-28 1303912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-31 279664]
{c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\tbHots.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-20 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-20 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-20 131072]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-09-03 335872]
"ETDWareDetect"=C:\Program Files\Elantech\ETDDect.exe [2008-08-22 204800]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-09-02 106496]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-09-02 593920]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-05-04 161328]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-30 198160]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-04 149040]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-06-26 25604904]
"Aim"=C:\Program Files\AIM\aim.exe [2010-03-08 3972440]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-06-26 25604904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-20 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d42902c-e0d0-11dd-8a62-00224356071d}]
shell\AutoRun\command - F:\setupSNK.exe


======List of files/folders created in the last 1 months======

2010-04-27 23:11:16 ----D---- C:\rsit
2010-04-27 22:50:34 ----SHD---- C:\Config.Msi
2010-04-26 22:45:30 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-04-26 22:45:27 ----D---- C:\Program Files\Common Files\Java
2010-04-26 22:43:39 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-26 22:43:39 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-26 22:43:39 ----A---- C:\WINDOWS\system32\java.exe
2010-04-26 22:43:39 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-04-22 13:44:06 ----D---- C:\Program Files\Trend Micro
2010-04-22 11:15:01 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-22 00:32:02 ----D---- C:\WINDOWS\BDOSCAN8
2010-04-21 19:03:15 ----A---- C:\WINDOWS\wininit.ini
2010-04-16 19:11:38 ----D---- C:\Program Files\Common Files\LightScribe
2010-04-16 18:38:28 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2010-04-14 21:44:11 ----D---- C:\Rocky Fontaine & Kidd Domination - Every Man 4 Himself-2010-MIXFIEND
2010-04-14 21:43:48 ----D---- C:\DJ Aaries & Blood Raw - Goon Music 2.0-2010-MIXFIEND
2010-04-14 21:43:27 ----D---- C:\Trap-A-Holics & Trillville - 1000 Deep-2010-MIXFIEND
2010-04-14 21:42:46 ----D---- C:\DJ 5150 & E-Pistol - Boy Vs Machine-2010-MIXFIEND
2010-04-14 21:42:29 ----D---- C:\Don Cannon & Diamond Supply Co. Present PTK - Diamond Life-2010-MIXFIEND
2010-04-14 21:41:36 ----D---- C:\DJ_Genius_DJ_Blu-Nation_Cyco_Envy-Black_Sunday
2010-04-14 21:41:06 ----D---- C:\DJ P Exclusivez & Eldorado Red - 2 Plug Shawty-2010-MIXFIEND
2010-04-14 21:40:43 ----D---- C:\Sean Falyon - BE Everywhere-2010-MIXFIEND
2010-04-14 21:40:25 ----D---- C:\Numonics - Being Cool Doesn't Pay The Bills (Mixed By DJ RTC)-2010-MIXFIEND
2010-04-14 21:38:59 ----D---- C:\Supastar LT - Voice Of The City (Hosted By DJ Drama)-2010-MIXFIEND
2010-04-14 21:38:29 ----D---- C:\DJ Delz & Al Pac - Menace From Lenox (The Sequel)-2010-MIXFIEND
2010-04-14 21:38:07 ----D---- C:\Mistah FAB - The Realest Shit I Never Wrote Part 3 (Hosted By DJ Ill Will & DJ Rockstar)-2010-MIXFIEND
2010-04-14 21:37:53 ----D---- C:\Ras Kass - The Endangered Lyricist Vol 2-2010-MIXFIEND
2010-04-14 21:37:30 ----D---- C:\DJ_Genius_Kid_Class-iRap_iProduce
2010-04-14 21:35:55 ----D---- C:\VA-DJ Whiteowl - Whiteowl Drop That 114-2010-MIXFIEND
2010-04-14 21:34:44 ----D---- C:\Digital Product & The Syndicate Present Rocko - Dope Boy Music-2010-MIXFIEND
2010-04-14 21:34:01 ----D---- C:\SB34
2010-04-14 21:33:36 ----D---- C:\The Advantage Part 2
2010-04-14 21:32:14 ----D---- C:\DJ Rated R & Big Tobacco - That New Whiff (Co-Starring Agallah)-2010-MIXFIEND
2010-04-14 21:30:47 ----D---- C:\DJ 5150 & Dre Present Delwin The Krazy Man - Fully Loaded-2010-MIXFIEND
2010-04-14 21:30:27 ----D---- C:\DJ Drama & Tony Austin - Gangsta Grillz (The Influence)-2010-MIXFIEND
2010-04-14 21:30:12 ----D---- C:\Webbz - God's Plan-2010-MIXFIEND
2010-04-14 21:29:54 ----D---- C:\Arlis Michales - Mr. Whole Lotta Bread-2010-MIXFIEND
2010-04-14 21:29:37 ----D---- C:\VA-Coast 2 Coast Vol 121 (Hosted By Mistah FAB)-2010-MIXFIEND
2010-04-14 21:27:44 ----D---- C:\DJ DirtyMoney - 8Ball MJG - Ten Toes Down (Mixtape)2010
2010-04-14 21:27:38 ----D---- C:\Wiz Khalifa - Kush & Orange Juice-2010-MIXFIEND
2010-04-14 19:23:07 ----D---- C:\Program Files\Common Files\Software Update Utility
2010-04-14 18:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 18:44:23 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 18:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-14 18:39:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 18:38:47 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 18:38:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 18:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-11 17:04:02 ----D---- C:\TuF 11 ep1allof the full fights
2010-04-06 18:54:58 ----D---- C:\Program Files\Conduit
2010-04-06 18:54:57 ----D---- C:\Program Files\Hotspot_Shield
2010-04-06 18:11:42 ----D---- C:\Program Files\URL.BIZ ip blocker 1.0
2010-04-01 11:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-03-29 16:04:12 ----A---- C:\Tornado Touches Down In Oakland Park Monday - cbs4.com.avi
2010-03-28 21:16:36 ----A---- C:\Officials Tornado touched down in west Charlotte - News14.com.avi

======List of files/folders modified in the last 1 months======

2010-04-27 23:23:35 ----D---- C:\WINDOWS\Temp
2010-04-27 23:23:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-27 23:21:31 ----SHD---- C:\System Volume Information
2010-04-27 23:20:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-27 23:20:21 ----D---- C:\WINDOWS\system32
2010-04-27 22:59:03 ----SHD---- C:\WINDOWS\Installer
2010-04-27 22:58:50 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-04-27 22:57:16 ----D---- C:\Program Files\Common Files\Adobe
2010-04-27 22:55:05 ----D---- C:\Program Files\Adobe
2010-04-27 22:54:29 ----D---- C:\WINDOWS\WinSxS
2010-04-26 22:45:27 ----D---- C:\Program Files\Common Files
2010-04-26 22:34:29 ----D---- C:\Program Files\Registry Mechanic
2010-04-26 22:29:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-26 22:29:53 ----D---- C:\WINDOWS
2010-04-26 22:29:45 ----D---- C:\WINDOWS\system32\drivers
2010-04-26 22:29:45 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-04-26 22:29:43 ----RD---- C:\Program Files
2010-04-25 22:19:24 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-22 11:53:25 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-22 11:46:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-22 11:46:16 ----D---- C:\Program Files\Internet Explorer
2010-04-22 11:45:30 ----D---- C:\Documents and Settings\pc3\Application Data\Skype
2010-04-22 11:44:28 ----D---- C:\Documents and Settings\pc3\Application Data\skypePM
2010-04-22 11:08:26 ----D---- C:\WINDOWS\Debug
2010-04-22 10:43:43 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-22 00:32:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-22 00:32:01 ----HD---- C:\WINDOWS\inf
2010-04-18 12:40:18 ----D---- C:\Max Minelli - Backpack Dreams-2009-MIXFIEND
2010-04-18 12:40:16 ----D---- C:\VA-DJ Mighty K - The Countdown 36-2009-MIXFIEND
2010-04-18 12:40:16 ----D---- C:\Reno Chinati & DJ Bedtyme357 - New Year New Money-2009-MIXFIEND
2010-04-18 12:40:16 ----D---- C:\DJ Swatts Presents Hoodlegendz - My Life Iz A Movie (Hosted By Playboy Tre)-2009-MIXFIEND
2010-04-18 12:40:15 ----D---- C:\VA-Coast 2 Coast Mixtape Vol 80 (Hosted By Illaj)-2009-MIXFIEND
2010-04-18 12:40:14 ----D---- C:\Jim Jones & Juelz Santana – Amibitionz Of A Gangsta (Mixtape)
2010-04-18 12:40:14 ----D---- C:\Fly Society Presents Trademark - Da Skydiver Issue #1-2009-MIXFIEND
2010-04-18 12:40:13 ----D---- C:\DJ Mynd Tek-Music 4 Tha Mynd Vol. 1 (Hosted By Franchise)-2009-MIXFIEND
2010-04-17 23:06:35 ----D---- C:\Program Files\Replay Media Catcher
2010-04-17 23:05:53 ----A---- C:\WINDOWS\system32\rmc_fixasf.exe
2010-04-17 23:05:51 ----A---- C:\WINDOWS\system32\rmc_rtspdl.dll
2010-04-17 23:05:27 ----A---- C:\WINDOWS\system32\AUDIOGENIE2.DLL
2010-04-16 12:55:05 ----D---- C:\VA-Hevehitta_and_DJ_Unexpected_Present_Clipse-Boxcutter_Business-Bootleg-2009-CR
2010-04-16 12:55:05 ----D---- C:\DJ P Exclusivez Presents Yung Twizzle - Starvin Like Marvin-2009-MIXFIEND
2010-04-16 12:55:04 ----D---- C:\Red Cafe-Hottest In The Hood (Hosted By Diddy)-2009-MIXFIEND
2010-04-16 12:55:04 ----D---- C:\Exclusive Tunes 83 - Biggy Jiggy Mixtapes
2010-04-16 12:55:04 ----D---- C:\DJ Rob E Rob & Krillz - Let Me Hold Something-2009-MIXFIEND
2010-04-16 12:55:03 ----D---- C:\The Rap Depo-We Do This Shit Vol. 4-2009-MIXFIEND
2010-04-16 12:55:03 ----D---- C:\Bohagon - 2 City Shawty
2010-04-16 12:55:02 ----D---- C:\VA-DJ Mystery - Nothing But Heat Rocks Vol 4 (Hosted By Blizz)-2009-MIXFIEND
2010-04-16 12:55:02 ----D---- C:\Born Wit It And DJ Holiday - Substance Abuse-2009-MIXFIEND
2010-04-16 12:55:01 ----D---- C:\RH Bless - Bring That Beat Back Vol 1-2009-MIXFIEND
2010-04-16 12:55:00 ----D---- C:\VA-DJ Delz - East Coasts Most Wanted Vol 3 (Hosted By Donny Goines)-2009-MIXFIEND
2010-04-15 21:57:33 ----D---- C:\VA-DJ Trigga - Shooters For Hire Vol 8-2009-MIXFIEND
2010-04-15 21:57:32 ----D---- C:\Allstar - I Love You Too-2009-MIXFIEND
2010-04-15 19:44:53 ----SD---- C:\Documents and Settings\pc3\Application Data\Microsoft
2010-04-14 22:01:11 ----D---- C:\Yo Gotti - 5 Star Chef-2009-MIXFIEND
2010-04-14 22:01:11 ----D---- C:\DJ_Haze_DJ_Capcom_And_Eminem-Before_The_Relapse_2-(Bootleg)-2009-CR
2010-04-14 22:01:10 ----D---- C:\Gyasi Omari - The Waterkid EP-2009-MIXFIEND
2010-04-14 22:01:10 ----D---- C:\Big Kuntry King-Bread Box (Hosted By DJ Infamous)-2009-MIXFIEND
2010-04-14 22:01:09 ----D---- C:\DJ Whiteowl White Owl Drop That 68
2010-04-14 22:01:08 ----D---- C:\Exclusive Tunes 84 - Biggy Jiggy Mixtapes
2010-04-14 22:01:08 ----D---- C:\BloodyChuck Presents - Rest In Peace Dolla-2009-MIXFIEND
2010-04-14 22:01:07 ----D---- C:\VA-DJ Concept - Soundset 09-2009-MIXFIEND
2010-04-14 22:01:07 ----D---- C:\DJ Smallz And K-Dirt - I Am Heat-2009-MIXFIEND
2010-04-14 22:01:07 ----D---- C:\DJ Rated R & Big Tobacco - The Cartel Gathering 2 (Hosted By LA The Darkman)
2010-04-14 22:01:06 ----D---- C:\DJ Smooth Denali - Guest Spot Vol.1 (Jadakiss R&B Edition)
2010-04-14 22:01:06 ----D---- C:\DJ Panic And N.O.E. - Aint N.O.E. Frontin-2009-MIXFIEND
2010-04-14 22:01:05 ----D---- C:\DJ Folk & Young Jeezy - Trappin' Ain't Dead
2010-04-14 22:01:03 ----D---- C:\Pitbull - Shittin On The Industry (Presented By DJ Noodles & DJ Buddha)-2009-MIXFIEND
2010-04-14 22:01:01 ----D---- C:\Nickelus F - Go Time-2009-MIXFIEND
2010-04-14 19:41:44 ----D---- C:\WINDOWS\Prefetch
2010-04-14 19:39:02 ----D---- C:\Program Files\NortonInstaller
2010-04-14 19:36:56 ----D---- C:\Program Files\Symantec
2010-04-14 19:36:55 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-04-14 19:30:56 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-04-14 19:27:40 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-04-14 19:24:23 ----D---- C:\Program Files\AIM
2010-04-14 18:47:13 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-04-14 18:44:48 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-13 16:02:26 ----D---- C:\Fed-X_(Of_The_Mob_Figaz)-The_Mob_Made_Me_Do_It_2-Bootleg-2009-CR
2010-04-13 16:02:26 ----D---- C:\DJ Klapton & Ransom - Behind The Scenes
2010-04-13 16:02:25 ----D---- C:\Jo Well - Welcome To The Jungle-2009-MIXFIEND
2010-04-13 16:02:25 ----D---- C:\DJ Souljahandz Presents - Busta Buss Instrumentals-2009-MIXFIEND
2010-04-13 16:02:25 ----D---- C:\Big Mike DJ Thoro & Cassidy-Apply Pressure (Hosted By Carmelo Anthony)-2009-MIXFIEND
2010-04-13 16:02:24 ----D---- C:\Statik Selektah & MixUnit.com-Soundtrack To The Summer-2009-MIXFIEND
2010-04-13 16:02:24 ----D---- C:\Exclusive Tunes 85 - Biggy Jiggy Mixtapes
2010-04-13 16:02:23 ----D---- C:\VA-DJ Chaplin - Feeding The Streets 10-2009-MIXFIEND
2010-04-13 16:02:23 ----D---- C:\Big Inf Presents M.O.P. - All Out War Pt 2-2009-MIXFIEND
2010-04-13 16:02:22 ----D---- C:\VA-DJ Mighty K - The Countdown 35-2009-MIXFIEND
2010-04-13 16:02:22 ----D---- C:\S. Fresh - Get It Out Da Mud (Hosted By DJ Infamous)-2009-MIXFIEND
2010-04-13 16:02:22 ----D---- C:\Money - New Money College Addition (Hosted By Trae Tha Truth)-2009-MIXFIEND
2010-04-13 16:02:21 ----D---- C:\Evil Empire And Jadakiss The Passion Of Kiss 2009
2010-04-13 16:02:20 ----D---- C:\VA-DJ Scope - Street Certified Vol 54-2009-MIXFIEND
2010-04-13 16:02:19 ----D---- C:\DJ Whiteowl White Owl Drop That 69
2010-04-13 16:02:17 ----D---- C:\VA-DJ Kev G - Crack 4 Ya Whip 16-2009-MIXFIEND
2010-04-11 20:00:23 ----D---- C:\French Montana - The Laundry Man EP
2010-04-11 20:00:22 ----D---- C:\DJ Whoo Kid Tony Yayo - The Swine Flu
2010-04-11 20:00:22 ----D---- C:\DJ Scream And Archie Eversole - Back Like I Never Left-2009-MIXFIEND
2010-04-11 20:00:21 ----D---- C:\Double_Barrel_presents-Rap_Juggaknottz_Vol.1-Young_Buck-2009
2010-04-11 20:00:21 ----D---- C:\DJ Chong Wizard Presents Phoenix Jones - Family Guy Mixtape-2009-MIXFIEND
2010-04-11 20:00:20 ----D---- C:\Scotty Boi - Scott Free (Money Driven)-2009-MIXFIEND
2010-04-11 20:00:19 ----D---- C:\DJ Scream & DJ Smallz-Young BuckBack On My Buck Sht
2010-04-11 20:00:18 ----D---- C:\Serius Jones - Why So Serius-2009-MIXFIEND
2010-04-06 13:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-03 10:07:39 ----D---- C:\Mixtapes
2010-04-01 16:23:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-28 16:52:13 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NIS\1106000.020\ccHPx86.sys [2010-02-25 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1106000.020\SRTSP.SYS [2010-02-26 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSPX.SYS [2010-02-26 43696]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1106000.020\Ironx86.SYS [2010-02-26 116784]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMTDI.SYS [2010-02-03 362032]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-03 546976]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-20 5854688]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100422.002\IDSxpx86.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-12 4751360]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-08-25 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-03-11 36864]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100427.022\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100427.022\NAVEX15.SYS []
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-12-23 50704]
S3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2008-03-28 625024]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS.SYS []
S3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS []
S3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS []
S3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS []
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2010-01-08 32768]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-26 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-03-19 73728]
R2 NIS;Norton Internet Security.; C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe [2010-02-25 126392]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-04 267824]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-12-23 117264]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------






INFO


info.txt logfile of random's system information tool 1.06 2010-04-27 23:12:07

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 7-->C:\Program Files\AIM\uninst.exe
AIM Search-->C:\Program Files\AIM Search\uninstaller.exe AIM Search
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
AnalogX Vocal Remover (WinAmp)-->C:\Program Files\Winamp\Plugins\Effects\wavremu.exe
AnalogX Vocal Remover-->C:\Program Files\AnalogX\VocalRemover\vremu.exe
Asus ACPI Driver-->MsiExec.exe /X{19F5658D-92E8-4A08-8657-D38ABB1574B2}
ASUSUpdate for Eee PC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Azurewave Wireless LAN-->C:\Program Files\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08-->C:\Program Files\Elantech\ETDUninst.exe
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotspot_Shield Toolbar-->C:\PROGRA~1\HOTSPO~1\UNWISE.EXE /U C:\PROGRA~1\HOTSPO~1\INSTALL.LOG
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Codec Pack 5.0.0 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LightScribe System Software-->MsiExec.exe /X{3744B641-61DE-417F-BCDC-9CCED4224DF8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MixPad Audio Mixer-->C:\Program Files\NCH Swift Sound\MixPad\uninst.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Essentials-->MsiExec.exe /X{F61DD673-0030-4BB2-A382-7E57E97F1033}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\17.6.0.32\InstStub.exe /X
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Replay Media Catcher 3.02-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Video Capture-->"C:\WINDOWS\Replay Video Capture\uninstall.exe" "/U:C:\Program Files\Replay Video Capture\Uninstall\uninstall.xml"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features-->MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spyware Doctor 6.1-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Super Hybrid Engine-->C:\Program Files\InstallShield Installation Information\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}\setup.exe -runfromtemp -l0x0009 -removeonly
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb981433)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A6859A6-042D-4DF7-84E2-79F8DEFB5D48}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
URL Snooper v2.23.01-->"C:\Program Files\URLSnooper2\unins000.exe"
URL.BIZ ip blocker 1.0-->MsiExec.exe /I{4B04C8A6-8282-420B-A9CD-62E68E8A47C2}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Resource Kit Tools-->MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
WinPcap 4.1 beta5-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WM Recorder-->C:\Program Files\WMR11\Uninstal.exe
Xilisoft Video Converter Ultimate-->C:\Program Files\Xilisoft\Video Converter Ultimate\Uninstall.exe

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======System event log======

Computer Name: YOUR-28P8EYAFN8
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 12639
Source Name: Cdrom
Time Written: 20100409212133.000000-240
Event Type: error
User:

Computer Name: YOUR-28P8EYAFN8
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 12638
Source Name: Cdrom
Time Written: 20100409212132.000000-240
Event Type: error
User:

Computer Name: YOUR-28P8EYAFN8
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 12637
Source Name: Cdrom
Time Written: 20100409212132.000000-240
Event Type: error
User:

Computer Name: YOUR-28P8EYAFN8
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 12636
Source Name: Cdrom
Time Written: 20100409200841.000000-240
Event Type: error
User:

Computer Name: YOUR-28P8EYAFN8
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 12635
Source Name: Cdrom
Time Written: 20100409200840.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-28P8EYAFN8
Event Code: 1000
Message: Faulting application moviemk.exe, version 2.1.4026.0, faulting module mcmpgdmx.ax, version 7.3.0.27713, fault address 0x00088c78.

Record Number: 453
Source Name: Application Error
Time Written: 20091126135130.000000-300
Event Type: error
User:

Computer Name: YOUR-28P8EYAFN8
Event Code: 1517
Message: Windows saved user YOUR-28P8EYAFN8\pc3 registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 441
Source Name: Userenv
Time Written: 20091126121132.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-28P8EYAFN8
Event Code: 1002
Message: Hanging application moviemk.exe, version 2.1.4026.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 434
Source Name: Application Hang
Time Written: 20091124163047.000000-300
Event Type: error
User:

Computer Name: YOUR-28P8EYAFN8
Event Code: 1000
Message: Faulting application moviemk.exe, version 2.1.4026.0, faulting module qedit.dll, version 6.5.2600.5512, fault address 0x00025bdc.

Record Number: 433
Source Name: Application Error
Time Written: 20091124161824.000000-300
Event Type: error
User:

Computer Name: YOUR-28P8EYAFN8
Event Code: 1002
Message: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 427
Source Name: Application Hang
Time Written: 20091123134222.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Windows Resource Kits\Tools\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby askey127 » April 28th, 2010, 8:34 am

Jon,
Please tell me whether you have ever installed the Anchor Free HSS adapter to locate passwords for your wireless router?
Does your router's administrator account (used to make settings) still have the default password, or has it been changed?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby Jon14 » April 28th, 2010, 8:31 pm

Hey, I am not sure what the Anchor Free HSS adapter is, but to my knowledge, there has been nothing of that sort installed by me ever. In terms of the password, i'm not sure what you mean by that as well, if you're talking about the password to connect to the wireless connection, then yes I have that. You mentioned a default password, I do not know if I have that. Are these steps critical or can they be passed? Sorry for not really being able to answer the questions more than I did, but I am not very knowledgable about this laptop.

Also, regarding the virus, I am pretty sure it's just making it look as if iexplore.exe and svchost.exe are doing something, as i've read this on other sites. The actual virus is probably somewhere else. I noticed that everytime I use Google, the Norton box comes up saying "an attack was attempted". The computer is A LOT slower than it should be, and popups come up every once in a while.
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby askey127 » April 29th, 2010, 12:53 pm

Jon14,
The Azure Wave? Router you have was set up by typing an address like 192.xxx.xx.xx into Internet explorer, and typing the info for your particular Internet Provider.
At that time, you had to use a default username (Usually "administrator") and a default password (varies with the make/model of router).
They are published online. See here: http://www.phenoelit-us.org/dpl/dpl.html
It is recommended that you then change the password so that internet robots cannot get in using the default password and insert their own server address in your settings.
I was asking if you changed the password.

You have some serious issues with Hard Drive space. WinXP needs about 15% free HD space to run smoothly.
Otherwise it can slow to a crawl.
System drive C: has 6 GB (7%) free of 82 GB
I would suggest burning some of your less frequently used photo, audio and video files to CDs/DVDs and then deleting them from your hard drive.
---------------------------------------------------------------
If you don't often use the Search function in Windows Explorer, you can free up space this way:
Go to Start, My Computer
Right click on the C: Drive and choose Properties.
At the bottom, UNCHECK the box labeled "Allow Indexing to Index this disk for fast file searching".
Click Apply, and OK.
It will ask if you want to apply this to all files and folders. Answer Yes.
Go for a coffee.
---------------------------------------------------------------
Disable Indexing Service (XP)
From Start, Run, type services.msc into the box and hit <Enter>
Scroll down to Indexing Service on the list and Right Click it, then choose Properties.
Under Service Status, click Stop
Under Startup Type, choose Disabled.
Then click Apply, OK
------------------------------------------------------------
Please download OTM and save to your Desktop.
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Do NOT copy the word "Code" :
Code: Select all
:files
C:\WINDOWS\system32\DRIVERS\taphss.sys

:services
taphss
Anchorfree HSS Adapter

:Commands
[emptytemp]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next Reply.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Note: the logs are saved in C:\_OTM\MovedFiles\ if you need to retrieve one.

Please post the OTM log in your reply, and tell me how it goes, along with anything you remember about the Router Setup.
When you are able to get these things done, or improved, we will look deeper for any malware.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby Jon14 » May 1st, 2010, 1:47 pm

Thanks for the response.

I have cleared up (deleted) over 15% of space from the drive, so that has been settled. I did not follow the indexing steps as I use the search a lot, so it would just make that slower. I wasn't sure if the first Indexing step related to the second, so i skipped them both. Let me know if that was a problem.

In terms of the AzureWave thing, I cannot really tell you much about the router setup or anything like that as it was not me who configured all of that. What I was thinking though, does this AzureWave have anything to do with the program Azureus? I ask because they have similar names. I had Azureus on this laptop, and am not sure if it's still on, but maybe it left a bunch of files behind. I'm really not sure on this whole thing, sorry.

Here is the log of what you asked me to do:



All processes killed
========== FILES ==========
C:\WINDOWS\system32\DRIVERS\taphss.sys moved successfully.
========== SERVICES/DRIVERS ==========
Service taphss stopped successfully!
Service taphss deleted successfully!
Error: No service named Anchorfree HSS Adapter was found to stop!
Service\Driver key Anchorfree HSS Adapter not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 16528515 bytes
->Java cache emptied: 34340 bytes
->Flash cache emptied: 4566 bytes

User: pc3
->Temp folder emptied: 620080 bytes
->Temporary Internet Files folder emptied: 306166593 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 7476 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82208 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 309.00 mb


OTM by OldTimer - Version 3.1.11.0 log created on 05012010_130526

Files moved on Reboot...
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\20\d2d7054-204e5dcb moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\SWK9A1UT\01 RAPID TRANCE HITT[1].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\SWK9A1UT\01 RAPID TRANCE HITT[2].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\SWK9A1UT\01 RAPID TRANCE HITT[3].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\SWK9A1UT\index[10].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\SWK9A1UT\index[11].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\SWK9A1UT\index[12].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\SWK9A1UT\index[2].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\SWK9A1UT\index[5].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\SWK9A1UT\index[8].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\O5IZOHAF\01 RAPID TRANCE HITT[1].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\O5IZOHAF\01 RAPID TRANCE HITT[2].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\O5IZOHAF\01 RAPID TRANCE HITT[3].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\O5IZOHAF\01 RAPID TRANCE HITT[4].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\O5IZOHAF\01 RAPID TRANCE HITT[5].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\O5IZOHAF\index[13].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\O5IZOHAF\index[17].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\O5IZOHAF\index[3].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\O5IZOHAF\index[8].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\MTYPQVAZ\01 RAPID TRANCE HITT[1].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\4LYZ8DU7\01 RAPID TRANCE HITT[1].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\4LYZ8DU7\01 RAPID TRANCE HITT[2].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\4LYZ8DU7\01 RAPID TRANCE HITT[3].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\4LYZ8DU7\index[10].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\4LYZ8DU7\index[11].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\4LYZ8DU7\index[15].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\4LYZ8DU7\index[3].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\4LYZ8DU7\index[6].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\4LYZ8DU7\index[9].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\4LYZ8DU7\Paystub__from_GRADE_EXPECTA[1].pdf moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\4LYZ8DU7\tracking_id[1].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\2PH7R03C\01 RAPID TRANCE HITT[1].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\2PH7R03C\posting[1].php moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\2PH7R03C\topbuttons[1].xml moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\2PH7R03C\tracking_id[1].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\0J23M5O7\01 RAPID TRANCE HITT[1].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\0J23M5O7\01 RAPID TRANCE HITT[2].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\0J23M5O7\01 RAPID TRANCE HITT[3].mp3 moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\0J23M5O7\index[10].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\0J23M5O7\index[11].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\0J23M5O7\index[15].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\0J23M5O7\index[5].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\0J23M5O7\index[8].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\0J23M5O7\index[9].htm moved successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\0BMTADEV\today[1].htm moved successfully.
File C:\WINDOWS\temp\hsperfdata_SYSTEM\1140 not found!
C:\WINDOWS\temp\Perflib_Perfdata_818.dat moved successfully.

Registry entries deleted on Reboot...
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby askey127 » May 2nd, 2010, 7:23 am

Jon14,
Your decision about indexing was OK, if you use the Windows search a lot.

The reason I asked about the router is that it's possible for an infection to exist in your router. It can happen if the router's administrator password is not changed after the router is set up.
It can allow an outsider to intercept all communications, but will not show when you analyze the PC itself.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "keygens" or "cracks" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "plants".
--------------------------------------------
Let's find all the Azureus folders:
Press Start->Run, copy/paste the following command into the box and press OK:
cmd /c dir C:\*.* /L /A:D /B /S|Find "azureus" >> "%userprofile%\desktop\look.txt"

A file called look.txt should appear on your Desktop. Please post the contents of that file.

------------------------------------------------------
Check for a Rootkit: Rooter
Please download Rooter.exe... Copyrighted © by... Eric_71. Save it to your desktop.
  • Double-click on Rooter.exe icon on your desktop, to execute.
    If you receive the "Open File" security warning, press Run. The Rooter interface will appear, with a variety of options displayed.
  • To run the Scan... just press the Scan...button.
  • Notepad will open with a file created called "Rooter.txt" (1st scan) or Rooter_#.txt (subsequent scans) ... located in the %systemdrive%\Rooter$\ folder, (usually C:\Rooter$\). (# is the scan number assigned to the report)
    The location of the report file is also shown in the bottom display window.
  • Press the Close button, to close the Rooter window.
Please copy and paste the contents of Rooter.txt in your next reply.
If you have scanned more than once with Rooter, post the log with the highest # number Rooter_#.txt.

So we are looking the contents of both look.txt and Rooter.txt.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby Jon14 » May 2nd, 2010, 11:39 am

Thanks for the response, here are the logs, starting with the look.txt:

c:\documents and settings\all users\application data\azureus
c:\documents and settings\pc3\application data\azureus
c:\documents and settings\pc3\application data\azureus\active
c:\documents and settings\pc3\application data\azureus\devices
c:\documents and settings\pc3\application data\azureus\dht
c:\documents and settings\pc3\application data\azureus\logs
c:\documents and settings\pc3\application data\azureus\net
c:\documents and settings\pc3\application data\azureus\plugins
c:\documents and settings\pc3\application data\azureus\rss
c:\documents and settings\pc3\application data\azureus\shares
c:\documents and settings\pc3\application data\azureus\subs
c:\documents and settings\pc3\application data\azureus\tmp
c:\documents and settings\pc3\application data\azureus\torrents
c:\documents and settings\pc3\application data\azureus\updates
c:\documents and settings\pc3\application data\azureus\logs\save
c:\documents and settings\pc3\application data\azureus\plugins\azupnpav
c:\documents and settings\pc3\application data\azureus\tmp\azu14197.tmp
c:\documents and settings\pc3\application data\azureus\tmp\azu14207.tmp
c:\documents and settings\pc3\my documents\azureus downloads





_______________________________________________________________________________


Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 28 Stepping 2, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 6.0.2900.5512
.
C:\ [Fixed-NTFS] .. ( Total:79 Go - Free:18 Go )
D:\ [Fixed-NTFS] .. ( Total:61 Go - Free:35 Go )
.
Scan : 11:36.16
Path : C:\Documents and Settings\pc3\Desktop\Rooter.exe
User : pc3 ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (696)
______ \??\C:\WINDOWS\system32\csrss.exe (780)
______ \??\C:\WINDOWS\system32\winlogon.exe (804)
______ C:\WINDOWS\system32\services.exe (848)
______ C:\WINDOWS\system32\lsass.exe (860)
______ C:\WINDOWS\system32\svchost.exe (1032)
______ C:\WINDOWS\system32\svchost.exe (1096)
______ C:\WINDOWS\System32\svchost.exe (1152)
______ C:\WINDOWS\system32\svchost.exe (1204)
______ C:\WINDOWS\system32\svchost.exe (1340)
______ C:\WINDOWS\system32\svchost.exe (1384)
______ C:\WINDOWS\system32\spoolsv.exe (1544)
______ C:\WINDOWS\system32\svchost.exe (1624)
______ C:\WINDOWS\System32\svchost.exe (1812)
______ C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (1836)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1908)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (1952)
______ C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (196)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (288)
______ C:\WINDOWS\system32\svchost.exe (504)
______ C:\Program Files\Windows Media Player\WMPNetwk.exe (664)
______ C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (2600)
______ C:\WINDOWS\Explorer.EXE (2860)
______ C:\WINDOWS\RTHDCPL.EXE (3396)
______ C:\WINDOWS\system32\hkcmd.exe (3448)
______ C:\Program Files\Elantech\ETDCtrl.exe (3360)
______ C:\Program Files\Elantech\ETDDect.exe (3316)
______ C:\WINDOWS\system32\igfxsrvc.exe (3480)
______ C:\Program Files\EeePC\ACPI\AsTray.exe (1356)
______ C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (3540)
______ C:\Program Files\EeePC\ACPI\AsEPCMon.exe (824)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (1476)
______ C:\Program Files\Common Files\Java\Java Update\jusched.exe (1464)
______ C:\WINDOWS\system32\igfxext.exe (2400)
______ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (3264)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3776)
______ C:\WINDOWS\system32\ctfmon.exe (3812)
______ C:\Program Files\Windows Media Player\WMPNSCFG.exe (3836)
______ C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (4064)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (1552)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (748)
______ C:\Program Files\Windows Live\Toolbar\wltuser.exe (3320)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (2936)
______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (4040)
______ C:\Program Files\Internet Explorer\iexplore.exe (4296)
______ C:\Documents and Settings\pc3\Desktop\Rooter.exe (4292)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:85888341504)
\Device\Harddisk0\Partition2 (Start_Offset:85888373760 | Length:65711761920)
\Device\Harddisk0\Partition3 (Start_Offset:151600135680 | Length:8398010880)
\Device\Harddisk0\Partition4 (Start_Offset:159998146560 | Length:41126400)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\mixpadSevenDaysInit.job
C:\WINDOWS\Tasks\mixpadShakeIcon.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\WINDOWS\system32\IkmTwGgh.ini
C:\WINDOWS\system32\IkmTwGgh.ini2
==> Vundo <==
.
----------------------\\ Scan completed at 11:36.27
.
C:\Rooter$\Rooter_1.txt - (02/05/2010 | 11:36.28)
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby askey127 » May 2nd, 2010, 2:09 pm

Jon14,
------------------------------------------------------------
  • Please double-click OTM.exe to run it.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Do NOT copy the word "Code" :
Code: Select all
:files
c:\documents and settings\all users\application data\azureus
c:\documents and settings\pc3\application data\azureus
C:\WINDOWS\system32\IkmTwGgh.ini
C:\WINDOWS\system32\IkmTwGgh.ini2
:Commands
[emptytemp]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next Reply.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Note: the logs are saved in C:\_OTM\MovedFiles\ if you need to retrieve one.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby Jon14 » May 2nd, 2010, 7:03 pm

Thanks again. I did this, but when the laptop rebooted, Norton kept notifying me of 5 Backdoor.Tidserv.l!inf viruses. It is not getting rid of them though and just keeps saying I must do it myself. It says to visit their site on instructions, but so far, nothings worked. I think these are the cause of the problems, or at least some of it. Even in safe mode, their instructions are garbage. I did a search on Google about this, and now I figure this is the cause of all my problems. Apparently it disguises itself as other programs (probably in my case iexplore.exe and svchost.exe). And Norton is showing the location as: c:\WINDOWS\system32\drivers\intelppm.sys

Here is that log:



All processes killed
========== FILES ==========
c:\documents and settings\all users\application data\Azureus folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\updates folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\torrents folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\tmp\AZU14207.tmp folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\tmp\AZU14197.tmp folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\tmp folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\subs folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\shares folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\rss folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\plugins\azupnpav folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\plugins folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\net folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\logs\save folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\logs folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\dht folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\devices folder moved successfully.
c:\documents and settings\pc3\application data\Azureus\active folder moved successfully.
c:\documents and settings\pc3\application data\Azureus folder moved successfully.
C:\WINDOWS\system32\IkmTwGgh.ini moved successfully.
C:\WINDOWS\system32\IkmTwGgh.ini2 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14424746 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2970 bytes

User: pc3
->Temp folder emptied: 13763220 bytes
->Temporary Internet Files folder emptied: 261073016 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 14384 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16480 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 301454201 bytes

Total Files Cleaned = 563.00 mb


OTM by OldTimer - Version 3.1.11.0 log created on 05022010_144209

Files moved on Reboot...
File C:\Documents and Settings\pc3\Local Settings\Temp\fla348.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_c4.dat moved successfully.

Registry entries deleted on Reboot...
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby askey127 » May 3rd, 2010, 6:39 am

Jon14,
--------------------------------------------
TDSSKiller
  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop
  • Double-click the tdsskiller Folder on your desktop.
  • Right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy (Ctrl+C) the text in the codebox below.
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste (Ctrl+V) the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • Open tdskiller.txt on your desktop and post the contents in your next reply
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix!!
Turn Off Norton Security
1 Start Norton Internet Security.
2 In the left pane, click Status & Settings
3 Click Security.
4 Click Turn Off.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Disable ALL antivirus/antimalware programs before proceeding!
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it.
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts. When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • Do not touch the computer AT ALL while ComboFix is running!
  • When finished, the report will open. Reenable your protection software and post the log in your next reply
A copy of the log will be located here -> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.
Turn On Norton Security
1 Start Norton Internet Security.
2 In the left pane, click Status & Settings
3 Click Security.
4 Click Turn On.

Please post the contents of tdsskiller.txt and Combofix.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby Jon14 » May 3rd, 2010, 5:11 pm

Thanks for that crucial step. I think it did the job, or at least most of it. I'm not seeing any of the popups or any signs of the virus. Here are the logs:



11:20:01:562 2464 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
11:20:01:562 2464 ================================================================================
11:20:01:562 2464 SystemInfo:

11:20:01:562 2464 OS Version: 5.1.2600 ServicePack: 3.0
11:20:01:562 2464 Product type: Workstation
11:20:01:562 2464 ComputerName: YOUR-28P8EYAFN8
11:20:01:562 2464 UserName: pc3
11:20:01:578 2464 Windows directory: C:\WINDOWS
11:20:01:578 2464 Processor architecture: Intel x86
11:20:01:578 2464 Number of processors: 2
11:20:01:578 2464 Page size: 0x1000
11:20:01:578 2464 Boot type: Normal boot
11:20:01:578 2464 ================================================================================
11:20:01:671 2464 UnloadDriverW: NtUnloadDriver error 2
11:20:01:671 2464 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
11:20:02:312 2464 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
11:20:02:312 2464 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
11:20:02:312 2464 wfopen_ex: Trying to KLMD file open
11:20:02:312 2464 wfopen_ex: File opened ok (Flags 2)
11:20:02:312 2464 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
11:20:02:312 2464 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
11:20:02:312 2464 wfopen_ex: Trying to KLMD file open
11:20:02:312 2464 wfopen_ex: File opened ok (Flags 2)
11:20:02:312 2464 Initialize success
11:20:02:312 2464
11:20:02:312 2464 Scanning Services ...
11:20:03:218 2464 Raw services enum returned 347 services
11:20:03:265 2464
11:20:03:265 2464 Scanning Kernel memory ...
11:20:03:265 2464 Devices to scan: 5
11:20:03:265 2464
11:20:03:265 2464 Driver Name: Disk
11:20:03:281 2464 IRP_MJ_CREATE : F75CEBB0
11:20:03:281 2464 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
11:20:03:281 2464 IRP_MJ_CLOSE : F75CEBB0
11:20:03:281 2464 IRP_MJ_READ : F75C8D1F
11:20:03:281 2464 IRP_MJ_WRITE : F75C8D1F
11:20:03:281 2464 IRP_MJ_QUERY_INFORMATION : 804F4562
11:20:03:281 2464 IRP_MJ_SET_INFORMATION : 804F4562
11:20:03:281 2464 IRP_MJ_QUERY_EA : 804F4562
11:20:03:281 2464 IRP_MJ_SET_EA : 804F4562
11:20:03:281 2464 IRP_MJ_FLUSH_BUFFERS : F75C92E2
11:20:03:281 2464 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
11:20:03:281 2464 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
11:20:03:281 2464 IRP_MJ_DIRECTORY_CONTROL : 804F4562
11:20:03:281 2464 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
11:20:03:281 2464 IRP_MJ_DEVICE_CONTROL : F75C93BB
11:20:03:281 2464 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75CCF28
11:20:03:281 2464 IRP_MJ_SHUTDOWN : F75C92E2
11:20:03:281 2464 IRP_MJ_LOCK_CONTROL : 804F4562
11:20:03:281 2464 IRP_MJ_CLEANUP : 804F4562
11:20:03:281 2464 IRP_MJ_CREATE_MAILSLOT : 804F4562
11:20:03:281 2464 IRP_MJ_QUERY_SECURITY : 804F4562
11:20:03:281 2464 IRP_MJ_SET_SECURITY : 804F4562
11:20:03:281 2464 IRP_MJ_POWER : F75CAC82
11:20:03:281 2464 IRP_MJ_SYSTEM_CONTROL : F75CF99E
11:20:03:281 2464 IRP_MJ_DEVICE_CHANGE : 804F4562
11:20:03:281 2464 IRP_MJ_QUERY_QUOTA : 804F4562
11:20:03:281 2464 IRP_MJ_SET_QUOTA : 804F4562
11:20:03:343 2464 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
11:20:03:343 2464
11:20:03:343 2464 Driver Name: Disk
11:20:03:343 2464 IRP_MJ_CREATE : F75CEBB0
11:20:03:343 2464 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
11:20:03:343 2464 IRP_MJ_CLOSE : F75CEBB0
11:20:03:343 2464 IRP_MJ_READ : F75C8D1F
11:20:03:343 2464 IRP_MJ_WRITE : F75C8D1F
11:20:03:343 2464 IRP_MJ_QUERY_INFORMATION : 804F4562
11:20:03:343 2464 IRP_MJ_SET_INFORMATION : 804F4562
11:20:03:343 2464 IRP_MJ_QUERY_EA : 804F4562
11:20:03:343 2464 IRP_MJ_SET_EA : 804F4562
11:20:03:343 2464 IRP_MJ_FLUSH_BUFFERS : F75C92E2
11:20:03:343 2464 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
11:20:03:343 2464 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
11:20:03:343 2464 IRP_MJ_DIRECTORY_CONTROL : 804F4562
11:20:03:343 2464 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
11:20:03:343 2464 IRP_MJ_DEVICE_CONTROL : F75C93BB
11:20:03:343 2464 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75CCF28
11:20:03:343 2464 IRP_MJ_SHUTDOWN : F75C92E2
11:20:03:343 2464 IRP_MJ_LOCK_CONTROL : 804F4562
11:20:03:343 2464 IRP_MJ_CLEANUP : 804F4562
11:20:03:343 2464 IRP_MJ_CREATE_MAILSLOT : 804F4562
11:20:03:343 2464 IRP_MJ_QUERY_SECURITY : 804F4562
11:20:03:343 2464 IRP_MJ_SET_SECURITY : 804F4562
11:20:03:343 2464 IRP_MJ_POWER : F75CAC82
11:20:03:343 2464 IRP_MJ_SYSTEM_CONTROL : F75CF99E
11:20:03:343 2464 IRP_MJ_DEVICE_CHANGE : 804F4562
11:20:03:343 2464 IRP_MJ_QUERY_QUOTA : 804F4562
11:20:03:343 2464 IRP_MJ_SET_QUOTA : 804F4562
11:20:03:375 2464 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
11:20:03:375 2464
11:20:03:375 2464 Driver Name: Disk
11:20:03:375 2464 IRP_MJ_CREATE : F75CEBB0
11:20:03:375 2464 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
11:20:03:375 2464 IRP_MJ_CLOSE : F75CEBB0
11:20:03:375 2464 IRP_MJ_READ : F75C8D1F
11:20:03:375 2464 IRP_MJ_WRITE : F75C8D1F
11:20:03:375 2464 IRP_MJ_QUERY_INFORMATION : 804F4562
11:20:03:375 2464 IRP_MJ_SET_INFORMATION : 804F4562
11:20:03:375 2464 IRP_MJ_QUERY_EA : 804F4562
11:20:03:375 2464 IRP_MJ_SET_EA : 804F4562
11:20:03:375 2464 IRP_MJ_FLUSH_BUFFERS : F75C92E2
11:20:03:375 2464 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
11:20:03:375 2464 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
11:20:03:375 2464 IRP_MJ_DIRECTORY_CONTROL : 804F4562
11:20:03:375 2464 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
11:20:03:375 2464 IRP_MJ_DEVICE_CONTROL : F75C93BB
11:20:03:375 2464 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75CCF28
11:20:03:375 2464 IRP_MJ_SHUTDOWN : F75C92E2
11:20:03:375 2464 IRP_MJ_LOCK_CONTROL : 804F4562
11:20:03:375 2464 IRP_MJ_CLEANUP : 804F4562
11:20:03:375 2464 IRP_MJ_CREATE_MAILSLOT : 804F4562
11:20:03:375 2464 IRP_MJ_QUERY_SECURITY : 804F4562
11:20:03:375 2464 IRP_MJ_SET_SECURITY : 804F4562
11:20:03:375 2464 IRP_MJ_POWER : F75CAC82
11:20:03:375 2464 IRP_MJ_SYSTEM_CONTROL : F75CF99E
11:20:03:375 2464 IRP_MJ_DEVICE_CHANGE : 804F4562
11:20:03:375 2464 IRP_MJ_QUERY_QUOTA : 804F4562
11:20:03:375 2464 IRP_MJ_SET_QUOTA : 804F4562
11:20:03:406 2464 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
11:20:03:406 2464
11:20:03:406 2464 Driver Name: Disk
11:20:03:406 2464 IRP_MJ_CREATE : F75CEBB0
11:20:03:406 2464 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
11:20:03:406 2464 IRP_MJ_CLOSE : F75CEBB0
11:20:03:406 2464 IRP_MJ_READ : F75C8D1F
11:20:03:406 2464 IRP_MJ_WRITE : F75C8D1F
11:20:03:406 2464 IRP_MJ_QUERY_INFORMATION : 804F4562
11:20:03:406 2464 IRP_MJ_SET_INFORMATION : 804F4562
11:20:03:406 2464 IRP_MJ_QUERY_EA : 804F4562
11:20:03:406 2464 IRP_MJ_SET_EA : 804F4562
11:20:03:406 2464 IRP_MJ_FLUSH_BUFFERS : F75C92E2
11:20:03:406 2464 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
11:20:03:406 2464 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
11:20:03:406 2464 IRP_MJ_DIRECTORY_CONTROL : 804F4562
11:20:03:406 2464 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
11:20:03:406 2464 IRP_MJ_DEVICE_CONTROL : F75C93BB
11:20:03:406 2464 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75CCF28
11:20:03:406 2464 IRP_MJ_SHUTDOWN : F75C92E2
11:20:03:406 2464 IRP_MJ_LOCK_CONTROL : 804F4562
11:20:03:406 2464 IRP_MJ_CLEANUP : 804F4562
11:20:03:406 2464 IRP_MJ_CREATE_MAILSLOT : 804F4562
11:20:03:406 2464 IRP_MJ_QUERY_SECURITY : 804F4562
11:20:03:406 2464 IRP_MJ_SET_SECURITY : 804F4562
11:20:03:406 2464 IRP_MJ_POWER : F75CAC82
11:20:03:406 2464 IRP_MJ_SYSTEM_CONTROL : F75CF99E
11:20:03:406 2464 IRP_MJ_DEVICE_CHANGE : 804F4562
11:20:03:406 2464 IRP_MJ_QUERY_QUOTA : 804F4562
11:20:03:406 2464 IRP_MJ_SET_QUOTA : 804F4562
11:20:03:437 2464 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
11:20:03:437 2464
11:20:03:437 2464 Driver Name: atapi
11:20:03:437 2464 IRP_MJ_CREATE : 863DEAC8
11:20:03:437 2464 IRP_MJ_CREATE_NAMED_PIPE : 863DEAC8
11:20:03:437 2464 IRP_MJ_CLOSE : 863DEAC8
11:20:03:437 2464 IRP_MJ_READ : 863DEAC8
11:20:03:437 2464 IRP_MJ_WRITE : 863DEAC8
11:20:03:437 2464 IRP_MJ_QUERY_INFORMATION : 863DEAC8
11:20:03:437 2464 IRP_MJ_SET_INFORMATION : 863DEAC8
11:20:03:437 2464 IRP_MJ_QUERY_EA : 863DEAC8
11:20:03:437 2464 IRP_MJ_SET_EA : 863DEAC8
11:20:03:437 2464 IRP_MJ_FLUSH_BUFFERS : 863DEAC8
11:20:03:437 2464 IRP_MJ_QUERY_VOLUME_INFORMATION : 863DEAC8
11:20:03:437 2464 IRP_MJ_SET_VOLUME_INFORMATION : 863DEAC8
11:20:03:437 2464 IRP_MJ_DIRECTORY_CONTROL : 863DEAC8
11:20:03:437 2464 IRP_MJ_FILE_SYSTEM_CONTROL : 863DEAC8
11:20:03:437 2464 IRP_MJ_DEVICE_CONTROL : 863DEAC8
11:20:03:437 2464 IRP_MJ_INTERNAL_DEVICE_CONTROL : 863DEAC8
11:20:03:437 2464 IRP_MJ_SHUTDOWN : 863DEAC8
11:20:03:437 2464 IRP_MJ_LOCK_CONTROL : 863DEAC8
11:20:03:437 2464 IRP_MJ_CLEANUP : 863DEAC8
11:20:03:437 2464 IRP_MJ_CREATE_MAILSLOT : 863DEAC8
11:20:03:437 2464 IRP_MJ_QUERY_SECURITY : 863DEAC8
11:20:03:437 2464 IRP_MJ_SET_SECURITY : 863DEAC8
11:20:03:437 2464 IRP_MJ_POWER : 863DEAC8
11:20:03:437 2464 IRP_MJ_SYSTEM_CONTROL : 863DEAC8
11:20:03:437 2464 IRP_MJ_DEVICE_CHANGE : 863DEAC8
11:20:03:437 2464 IRP_MJ_QUERY_QUOTA : 863DEAC8
11:20:03:437 2464 IRP_MJ_SET_QUOTA : 863DEAC8
11:20:03:437 2464 Driver "atapi" infected by TDSS rootkit!
11:20:03:500 2464 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
11:20:03:500 2464 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 11:20:03:500 2464 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
11:20:03:500 2464 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
11:20:04:203 2464 vfvi6
11:20:04:593 2464 !dsvbh1
11:20:06:875 2464 dsvbh2
11:20:06:875 2464 fdfb2
11:20:06:875 2464 Backup copy found, using it..
11:20:07:328 2464 will be cured on next reboot
11:20:07:328 2464 Reboot required for cure complete..
11:20:07:625 2464 Cure on reboot scheduled successfully
11:20:07:625 2464
11:20:07:625 2464 Completed
11:20:07:625 2464
11:20:07:625 2464 Results:
11:20:07:640 2464 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
11:20:07:640 2464 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
11:20:07:640 2464 File objects infected / cured / cured on reboot: 1 / 0 / 1
11:20:07:640 2464
11:20:07:640 2464 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
11:20:07:640 2464 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
11:20:07:640 2464 UnloadDriverW: NtUnloadDriver error 1
11:20:07:984 2464 KLMD(ARK) unloaded successfully

















ComboFix 10-05-03.02 - pc3 05/03/2010 16:14:18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.685 [GMT -4:00]
Running from: c:\documents and settings\pc3\Desktop\zzz.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate
c:\recycler\S-1-5-21-2297251999-738724385-1645878046-1003
c:\recycler\S-1-5-21-504221711-2657588388-2843214241-1003
c:\recycler\S-1-5-21-861567501-1202660629-1935655697-1003
c:\windows\system32\Thumbs.db
c:\windows\system32\urlmhhty.ini

Infected copy of c:\windows\system32\drivers\intelppm.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-03 15:25 . 2010-04-15 00:04 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\NAVENG.SYS
2010-05-03 15:25 . 2010-04-15 00:04 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\NAVENG32.DLL
2010-05-03 15:25 . 2010-04-15 00:04 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\NAVEX32A.DLL
2010-05-03 15:25 . 2010-04-15 00:04 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\NAVEX15.SYS
2010-05-03 15:25 . 2010-04-15 00:04 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\EECTRL.SYS
2010-05-03 15:25 . 2010-04-15 00:04 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\CCERASER.DLL
2010-05-03 15:25 . 2010-04-15 00:04 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\ECMSVR32.DLL
2010-05-03 15:25 . 2010-04-15 00:04 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\ERASER.SYS
2010-05-02 15:36 . 2010-05-02 15:36 -------- d-----w- C:\Rooter$
2010-05-01 17:05 . 2010-05-01 17:05 -------- d-----w- C:\_OTM
2010-04-28 03:11 . 2010-04-28 03:12 -------- d-----w- C:\rsit
2010-04-27 02:45 . 2010-04-27 02:45 -------- d-----w- c:\program files\Common Files\Java
2010-04-27 02:44 . 2010-04-27 02:44 503808 ----a-w- c:\documents and settings\pc3\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4ab87ebc-n\msvcp71.dll
2010-04-27 02:44 . 2010-04-27 02:44 499712 ----a-w- c:\documents and settings\pc3\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4ab87ebc-n\jmc.dll
2010-04-27 02:44 . 2010-04-27 02:44 348160 ----a-w- c:\documents and settings\pc3\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4ab87ebc-n\msvcr71.dll
2010-04-27 02:44 . 2010-04-27 02:44 61440 ----a-w- c:\documents and settings\pc3\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-23ecf9c0-n\decora-sse.dll
2010-04-27 02:44 . 2010-04-27 02:44 12800 ----a-w- c:\documents and settings\pc3\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-23ecf9c0-n\decora-d3d.dll
2010-04-27 02:43 . 2010-04-27 02:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-27 01:50 . 2010-02-04 01:40 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100422.002\Scxpx86.dll
2010-04-27 01:50 . 2010-02-04 01:40 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100422.002\IDSxpx86.dll
2010-04-27 01:50 . 2010-02-04 01:40 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100422.002\IDSviA64.sys
2010-04-27 01:50 . 2010-02-04 01:40 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100422.002\IDSvix86.sys
2010-04-27 01:50 . 2010-02-04 01:40 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100422.002\IDSXpx86.sys
2010-04-25 19:08 . 2010-05-03 19:07 439816 ----a-w- c:\documents and settings\pc3\Application Data\Real\Update\setup3.10\setup.exe
2010-04-22 17:44 . 2010-04-22 17:44 -------- d-----w- c:\program files\Trend Micro
2010-04-22 04:32 . 2010-04-22 15:51 -------- d-----w- c:\windows\BDOSCAN8
2010-04-21 23:03 . 2010-04-21 23:03 53512 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-21 23:03 . 2010-04-21 23:03 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-21 23:03 . 2010-04-21 23:03 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-21 15:05 . 2010-04-21 15:05 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-16 23:11 . 2010-04-16 23:11 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-16 22:38 . 2010-04-16 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2010-04-16 21:24 . 2010-02-04 01:40 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100415.001\Scxpx86.dll
2010-04-16 21:24 . 2010-02-04 01:40 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
2010-04-16 21:24 . 2010-02-04 01:40 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100415.001\IDSviA64.sys
2010-04-16 21:24 . 2010-02-04 01:40 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010-04-16 21:24 . 2010-02-04 01:40 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
2010-04-15 15:37 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-04-15 15:37 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-04-15 15:37 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-04-15 15:37 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-04-15 15:37 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-04-15 01:44 . 2010-04-15 01:44 -------- d-----w- C:\Rocky Fontaine & Kidd Domination - Every Man 4 Himself-2010-MIXFIEND
2010-04-15 01:43 . 2010-04-15 01:43 -------- d-----w- C:\DJ Aaries & Blood Raw - Goon Music 2.0-2010-MIXFIEND
2010-04-15 01:43 . 2010-04-15 01:43 -------- d-----w- C:\Trap-A-Holics & Trillville - 1000 Deep-2010-MIXFIEND
2010-04-15 01:42 . 2010-04-15 01:42 -------- d-----w- C:\DJ 5150 & E-Pistol - Boy Vs Machine-2010-MIXFIEND
2010-04-15 01:42 . 2010-04-15 01:42 -------- d-----w- C:\Don Cannon & Diamond Supply Co. Present PTK - Diamond Life-2010-MIXFIEND
2010-04-15 01:41 . 2010-04-15 01:41 -------- d-----w- C:\DJ_Genius_DJ_Blu-Nation_Cyco_Envy-Black_Sunday
2010-04-15 01:41 . 2010-04-15 01:41 -------- d-----w- C:\DJ P Exclusivez & Eldorado Red - 2 Plug Shawty-2010-MIXFIEND
2010-04-15 01:40 . 2010-04-15 01:40 -------- d-----w- C:\Sean Falyon - BE Everywhere-2010-MIXFIEND
2010-04-15 01:40 . 2010-04-15 01:40 -------- d-----w- C:\Numonics - Being Cool Doesn't Pay The Bills (Mixed By DJ RTC)-2010-MIXFIEND
2010-04-15 01:38 . 2010-04-15 01:39 -------- d-----w- C:\Supastar LT - Voice Of The City (Hosted By DJ Drama)-2010-MIXFIEND
2010-04-15 01:38 . 2010-04-15 01:38 -------- d-----w- C:\DJ Delz & Al Pac - Menace From Lenox (The Sequel)-2010-MIXFIEND
2010-04-15 01:38 . 2010-04-15 01:38 -------- d-----w- C:\Mistah FAB - The Realest Shit I Never Wrote Part 3 (Hosted By DJ Ill Will & DJ Rockstar)-2010-MIXFIEND
2010-04-15 01:37 . 2010-04-15 01:37 -------- d-----w- C:\Ras Kass - The Endangered Lyricist Vol 2-2010-MIXFIEND
2010-04-15 01:37 . 2010-04-15 01:37 -------- d-----w- C:\DJ_Genius_Kid_Class-iRap_iProduce
2010-04-15 01:35 . 2010-04-15 01:35 -------- d-----w- C:\VA-DJ Whiteowl - Whiteowl Drop That 114-2010-MIXFIEND
2010-04-15 01:34 . 2010-04-15 01:34 -------- d-----w- C:\Digital Product & The Syndicate Present Rocko - Dope Boy Music-2010-MIXFIEND
2010-04-15 01:34 . 2010-04-15 01:34 -------- d-----w- C:\SB34
2010-04-15 01:33 . 2010-04-15 01:33 -------- d-----w- C:\The Advantage Part 2
2010-04-15 01:32 . 2010-04-15 01:32 -------- d-----w- C:\DJ Rated R & Big Tobacco - That New Whiff (Co-Starring Agallah)-2010-MIXFIEND
2010-04-15 01:30 . 2010-04-15 01:30 -------- d-----w- C:\DJ 5150 & Dre Present Delwin The Krazy Man - Fully Loaded-2010-MIXFIEND
2010-04-15 01:30 . 2010-04-15 01:30 -------- d-----w- C:\DJ Drama & Tony Austin - Gangsta Grillz (The Influence)-2010-MIXFIEND
2010-04-15 01:30 . 2010-04-15 01:30 -------- d-----w- C:\Webbz - God's Plan-2010-MIXFIEND
2010-04-15 01:29 . 2010-04-15 01:29 -------- d-----w- C:\Arlis Michales - Mr. Whole Lotta Bread-2010-MIXFIEND
2010-04-15 01:29 . 2010-04-15 01:29 -------- d-----w- C:\VA-Coast 2 Coast Vol 121 (Hosted By Mistah FAB)-2010-MIXFIEND
2010-04-15 01:27 . 2010-04-15 01:28 -------- d-----w- C:\DJ DirtyMoney - 8Ball MJG - Ten Toes Down (Mixtape)2010
2010-04-15 01:27 . 2010-04-15 01:28 -------- d-----w- C:\Wiz Khalifa - Kush & Orange Juice-2010-MIXFIEND
2010-04-14 23:43 . 2010-03-25 23:29 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2010-04-14 23:43 . 2010-02-27 00:20 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2010-04-14 23:36 . 2010-02-27 02:23 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-04-14 23:36 . 2010-02-27 02:23 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-04-14 23:36 . 2010-02-25 23:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-04-14 23:36 . 2010-02-04 01:40 362032 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-04-14 23:36 . 2010-02-04 01:40 172592 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-04-14 23:36 . 2009-08-30 00:17 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-04-14 23:35 . 2010-02-04 01:40 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\idsxpx86.sys
2010-04-14 23:35 . 2010-02-04 01:40 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\idsvia64.sys
2010-04-14 23:35 . 2010-02-04 01:40 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\idsvix86.sys
2010-04-14 23:35 . 2010-02-04 01:40 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\scxpx86.dll
2010-04-14 23:35 . 2010-02-04 01:40 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\idsxpx86.dll
2010-04-14 23:35 . 2010-01-19 22:45 968560 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
2010-04-14 23:35 . 2009-09-01 08:27 892272 ------w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\CLT\cltLMSx.dll
2010-04-14 23:23 . 2010-04-14 23:23 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-04-11 21:04 . 2010-04-11 21:04 -------- d-----w- C:\TuF 11 ep1allof the full fights
2010-04-06 22:54 . 2010-04-06 22:55 -------- d-----w- c:\documents and settings\pc3\Local Settings\Application Data\Hotspot_Shield
2010-04-06 22:54 . 2010-04-06 22:54 -------- d-----w- c:\program files\Conduit
2010-04-06 22:54 . 2010-04-06 22:54 -------- d-----w- c:\documents and settings\pc3\Local Settings\Application Data\Conduit
2010-04-06 22:54 . 2010-04-06 22:54 -------- d-----w- c:\program files\Hotspot_Shield
2010-04-06 22:11 . 2010-04-06 22:11 -------- d-----w- c:\program files\URL.BIZ ip blocker 1.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 19:51 . 2008-04-14 00:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-03 00:24 . 2009-12-19 17:21 -------- d-----w- c:\program files\Replay Media Catcher
2010-05-03 00:23 . 2009-12-19 17:24 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-05-03 00:23 . 2009-12-19 17:24 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-05-03 00:22 . 2009-12-19 17:23 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-05-02 22:51 . 2009-07-19 23:49 -------- d-----w- c:\documents and settings\pc3\Application Data\Skype
2010-05-02 22:28 . 2008-04-14 00:01 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-04-28 02:57 . 2008-09-11 11:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-27 02:29 . 2008-12-10 17:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-27 02:29 . 2008-12-10 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-22 15:53 . 2009-07-29 16:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-22 15:44 . 2009-07-19 23:56 -------- d-----w- c:\documents and settings\pc3\Application Data\skypePM
2010-04-22 15:43 . 2009-12-29 01:06 -------- d-----w- c:\documents and settings\pc3\Application Data\LimeWire
2010-04-22 14:43 . 2010-02-11 04:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-22 14:34 . 2008-12-01 05:32 70448 ----a-w- c:\documents and settings\pc3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-21 21:49 . 2010-02-11 04:46 117760 ----a-w- c:\documents and settings\pc3\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-14 23:39 . 2008-12-10 16:01 -------- d-----w- c:\program files\NortonInstaller
2010-04-14 23:36 . 2008-12-10 16:13 -------- d-----w- c:\program files\Symantec
2010-04-14 23:36 . 2008-12-10 16:13 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-14 23:36 . 2008-12-10 16:13 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-14 23:36 . 2008-12-10 16:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-14 23:36 . 2008-12-10 16:13 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-14 23:30 . 2008-12-10 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-14 23:27 . 2008-12-10 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-14 23:24 . 2009-12-20 20:27 -------- d-----w- c:\program files\AIM
2010-04-14 22:47 . 2008-12-10 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 11:09 . 2008-08-09 14:32 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 05:07 . 2010-03-05 05:07 -------- d-----w- c:\documents and settings\pc3\Application Data\NCH Swift Sound
2010-03-05 05:06 . 2010-03-05 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-03-05 05:06 . 2010-03-05 05:06 -------- d-----w- c:\program files\NCH Swift Sound
2010-02-26 05:43 . 2008-08-09 14:32 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2008-08-09 14:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2008-08-09 14:32 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-14 00:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-08-09 14:32 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-08-09 14:32 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-11 04:46 . 2010-02-11 04:46 52224 ----a-w- c:\documents and settings\pc3\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2010-03-17 19:45 2355224 ----a-w- c:\program files\Hotspot_Shield\tbHots.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-23 204800]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-03 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-03 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-30 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-26 19:56 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/29/2009 1:00 PM 130936]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [4/14/2010 7:36 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [4/14/2010 7:36 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [4/15/2010 11:37 AM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [4/14/2010 7:36 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 8:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 74480]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [4/14/2010 7:36 PM 116784]
R2 NIS;Norton Internet Security.;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [4/14/2010 7:36 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/29/2009 4:00 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100422.002\IDSXpx86.sys [4/26/2010 9:50 PM 329592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 2:13 PM 135664]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 11:35 AM 50704]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [9/11/2008 10:42 PM 625024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/29/2009 12:59 PM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 15:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 18:13]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 18:13]

2010-03-05 c:\windows\Tasks\mixpadSevenDaysInit.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-03-05 05:06]

2010-03-12 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-03-05 05:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ontarioweather.com/
uInternet Connection Wizard,ShellNext = hxxp://ui.skype.com/ui/0/3.6.0.248/en/exitsurvey
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 16:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2010-05-03 16:32:11
ComboFix-quarantined-files.txt 2010-05-03 20:32

Pre-Run: 20,308,877,312 bytes free
Post-Run: 20,714,946,560 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 69F6D8CFD39F6BF404B030C9A703ED98
Jon14
Regular Member
 
Posts: 35
Joined: April 22nd, 2010, 1:28 pm

Re: iexplore.exe & svchost.exe Producing A Virus?

Unread postby askey127 » May 3rd, 2010, 6:25 pm

Jon14,
Please rename xxx.exe on your desktop to Combofix.exe
-----------------------------------------------------------
Click START then RUN
Type Combofix /uninstall in the Runbox and click OK. Note the space between Combofix and /uninstall
When shown the disclaimer, Select "2"
-----------------------------------------------------------
Reset System Restore Points
  • Click Start > Help and Support
  • Click on ->Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close Help and Support Center.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
---------------------------------------------------------------
Disable DNS Client Service
From Start, or Start, Run type services.msc in the box and hit <Enter>
Give permission to continue if necessary.
Scroll down to DNS Client on the list, Right Click it and choose Properties.
Under Service Status, click Stop. Under Startup Type, choose Disabled.
Then click Apply, OK
-----------------------------------------------------------
Replace the Current HOSTS File with MVPs
Download HostsXpert and unzip (extract) it to your computer, somewhere where you can find it.
  • Double click on HostsXpert.exe to launch the program. Give whatever Permissions are required.
  • In the bottom half of the left pane, click on File Handling
  • If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only
  • Click third button from the bottom, labeled Download. A couple new buttons will appear at the top.
  • Click on the top button labeled MVPs Hosts and choose Replace
  • When asked to verify if you want to Replace present Hosts file, click OK.
  • When it finishes , click on File Handling again.
  • Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
  • Hit the X in the upper right corner to exit HostsXpert
If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.

Let me know how it goes.
If you installed Recovery Console properly, you may notice an extra menu screen at bootup that is a "safety valve" to allow a repair technician an extra tool for emergency recovery. It is not harmful.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware