|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
AV security suite
I need help removing AV security suite from a laptop...tons of popups....i ran avast and can not remove it...pls help
|
#3
|
||||
|
||||
Request re-opened - different system than the other thread. You will need to be patient sabutai1, but someone will respond here as time permits.
|
#4
|
|||
|
|||
thank you Jintan...i am patient and appreciate any help you all can give
|
#5
|
||||
|
||||
I picked up the other open requests sabutai1, so I reckon time is permitting now. Let's take a look.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button. If RSIT downloads/installs HijackThis be sure to agree to the install of that. Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt. RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt). You can break logs into parts and use separate posts here when replying and posting the log files, if needed. -------------- Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. |
#6
|
|||
|
|||
RSIT log:
Logfile of random's system information tool 1.07 (written by random/random) Run by Ruthie at 2010-07-08 07:46:36 Microsoft Windows XP Professional Service Pack 3 System drive C: has 180 GB (78%) free of 232 GB Total RAM: 2038 MB (76% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\OGALogon.job C:\WINDOWS\tasks\User_Feed_Synchronization-{43890C11-C779-4163-B824-74195331E49D}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTog1.dll [2010-01-19 2166296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-28 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-19 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll [2010-01-19 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-28 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-28 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingl eInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768] {038cb5c7-48ea-4af9-94e0-a1646542e62b} - ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTog1.dll [2010-01-19 2166296] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-19 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504] "Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2008-02-22 1245184] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752] "OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-05-10 36864] "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\IS USPM.exe [2006-09-11 218032] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-28 136600] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520] "Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-05-02 68592] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-05-15 54576] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-06-02 2220032] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.e xe [2010-05-06 2815192] "ddeacdap"=C:\Documents and Settings\NetworkService\Local Settings\Application Data\yilowpxyp\tgugwvatssd.exe [2010-07-02 288512] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "DellAutomatedPCTuneUp"=C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [2007-10-11 465136] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2009-05-02 39408] "ares"=C:\Program Files\Ares\Ares.exe -h [] "OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2008-05-15 95536] "noaurhep"=C:\Documents and Settings\Ruthie\Local Settings\Application Data\jjfysrjfy\xhxsxrltssd.exe [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\Ruthie\Start Menu\Programs\Startup LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:* ![]() "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Pro gram Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enable d:Yahoo! Messenger" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2e821cac-857a-11df-992d-001644bcd550}] shell\AutoRun\command - E:\MULTIM~1.EXE shell\doubleTwist\command - E:\MULTIM~1.EXE ======List of files/folders created in the last 1 months====== 2010-07-08 07:32:09 ----D---- C:\rsit 2010-07-08 07:32:09 ----D---- C:\Program Files\trend micro 2010-06-15 22:41:10 ----D---- C:\Documents and Settings\Ruthie\Application Data\Facebook |
#7
|
|||
|
|||
RSIT log continued:
======List of files/folders modified in the last 1 months====== 2010-07-08 07:44:49 ----D---- C:\WINDOWS\Prefetch 2010-07-08 07:44:01 ----D---- C:\WINDOWS\Temp 2010-07-08 07:42:27 ----D---- C:\Program Files\Mozilla Firefox 2010-07-08 07:41:32 ----D---- C:\Documents and Settings\Ruthie\Application Data\LimeWire 2010-07-08 07:41:16 ----D---- C:\WINDOWS 2010-07-08 07:36:06 ----A---- C:\WINDOWS\ntbtlog.txt 2010-07-08 07:32:09 ----RD---- C:\Program Files 2010-07-08 07:27:33 ----D---- C:\WINDOWS\network diagnostic 2010-07-07 21:08:12 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-07 20:58:09 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-07-04 16:47:09 ----SHD---- C:\WINDOWS\Installer 2010-07-04 16:47:09 ----D---- C:\Program Files\Google 2010-06-28 21:27:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2010-06-19 01:21:23 ----D---- C:\Documents and Settings\Ruthie\Application Data\Skype 2010-06-19 00:02:07 ----D---- C:\Documents and Settings\Ruthie\Application Data\skypePM ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880] R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432] R2 datunidr;DellAutomatedPCTuneUp UniDriver; C:\WINDOWS\system32\DRIVERS\datunidr.sys [2007-08-23 5376] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376] R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-06-02 1287552] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.; \??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys [] R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-11 235648] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424] R3 PTproct;PTproct; \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTpr oct.sys [] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [] S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-28 152984] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-06-02 24064] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992] S2 gupdate1cafd4c1bd62ea6;Google Update Service (gupdate1cafd4c1bd62ea6); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-26 133104] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2008-07-25 69632] S3 DellAMBrokerService;DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [2007-10-11 76016] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe [2008-07-29 46104] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
#8
|
|||
|
|||
RSIT info:
info.txt logfile of random's system information tool 1.06 2010-07-08 07:32:12 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1 Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plug in.exe Adobe Media Player-->MsiExec.exe /X{9455959E-D588-EFAE-329C-F66CC797F32A} Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001} Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A} Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe Comcast Universal Installer v1.2-->MsiExec.exe /I{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB} Compresor WinRAR-->C:\Program Files\WinRAR\uninstall.exe Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\s puninst.exe" Dell Automated PC TuneUp-->MsiExec.exe /X{FE34691C-4298-4667-9758-D7F534DD0B94} DELL Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove DELL Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.99\Install er\setup.exe" --uninstall --system-level Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B5 6FCA2.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spun inst.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunin st.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spunin st.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe" Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spunin st.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spunin st.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spunin st.exe" Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} KKopy-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\I Driver.exe /M{E2F43AFC-95FF-43A3-95C2-8F55D41CDEC0} Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409 LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe" Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spunins t.exe" Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\sp uninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe" Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuni nst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Toolbar-->MsiExec.exe /I{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} OLYMPUS Master 2-->MsiExec.exe /X{0815D55A-5EFF-4E1B-8C04-7035E914D90D} OLYMPUS muvee theaterPack-->MsiExec.exe /X{EC047FA6-E83D-4326-9195-E7D306C5B9A2} PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe" QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Safari-->MsiExec.exe /I{C5C649A8-1D21-4C83-9B08-7B3752E580F4} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF} Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} |
#9
|
|||
|
|||
info continued:
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\sp uninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\sp uninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\sp uninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\sp uninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\ spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\s puninst.exe" Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spunin st.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spunin st.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spunin st.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spunin st.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spunin st.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spunin st.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spunin st.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe" Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spunin st.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spunin st.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spunin st.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spunin st.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spunin st.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spunin st.exe" Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spunin st.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spunin st.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spunin st.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spunin st.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spunin st.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spunin st.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spunin st.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spunin st.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spunin st.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spunin st.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spunin st.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spunin st.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spunin st.exe" Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spunin st.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spunin st.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spunin st.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spunin st.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spunin st.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spunin st.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spunin st.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spunin st.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spunin st.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spunin st.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spunin st.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spunin st.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spunin st.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spunin st.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spunin st.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spunin st.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spunin st.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spunin st.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spunin st.exe" Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spunin st.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spunin st.exe" Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spunin st.exe" Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spunin st.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spunin st.exe" Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spunin st.exe" Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spunin st.exe" Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spunin st.exe" Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spunin st.exe" Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spunin st.exe" Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spunin st.exe" Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spunin st.exe" Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spunin st.exe" Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spunin st.exe" Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spunin st.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} ToggleEN Toolbar-->C:\PROGRA~1\ToggleEN\UNWISE.EXE /U C:\PROGRA~1\ToggleEN\INSTALL.LOG Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Update for Outlook 2007 Junk Email Filter (kb981726)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2C69BACE-1151-41C0-8C8D-F6026D510BD4} |
#10
|
|||
|
|||
info:
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe" Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spunin st.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spunin st.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe" Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spunin st.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spunin st.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spunin st.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spunin st.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spunin st.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spunin st.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71} Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463} Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87} Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA} Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1} Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuni nst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst. exe" Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe" Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spunin st.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe" WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE ======Hosts File====== 127.0.0.1 localhost ::1 localhost 91.212.65.122 browser-security.microsoft.com 91.212.65.122 antiwareprotect.com 91.212.65.122 www.antiwareprotect.com ======Security center information====== AV: avast! Antivirus ======System event log====== Computer Name: EUGENIA Event Code: 16 Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Record Number: 7455 Source Name: Windows Update Agent Time Written: 20100526200138.000000-240 Event Type: error User: Computer Name: EUGENIA Event Code: 49 Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Record Number: 7431 Source Name: Ftdisk Time Written: 20100526195949.000000-240 Event Type: error User: Computer Name: EUGENIA Event Code: 45 Message: The system could not sucessfully load the crash dump driver. Record Number: 7430 Source Name: Ftdisk Time Written: 20100526195949.000000-240 Event Type: error User: Computer Name: EUGENIA Event Code: 7000 Message: The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Record Number: 7428 Source Name: Service Control Manager Time Written: 20100526195936.000000-240 Event Type: error User: Computer Name: EUGENIA Event Code: 7009 Message: Timeout (30000 milliseconds) waiting for the Themes service to connect. Record Number: 7427 Source Name: Service Control Manager Time Written: 20100526195936.000000-240 Event Type: error User: =====Application event log===== Computer Name: EUGENIA Event Code: 1517 Message: Windows saved user EUGENIA\EU registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 22609 Source Name: Userenv Time Written: 20100306204514.000000-300 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: EUGENIA Event Code: 1517 Message: Windows saved user EUGENIA\Ruthie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 22587 Source Name: Userenv Time Written: 20100306170210.000000-300 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: EUGENIA Event Code: 4113 Message: Record Number: 22586 Source Name: Avira AntiVir Time Written: 20100306170145.000000-300 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: EUGENIA Event Code: 8 Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Record Number: 22581 Source Name: crypt32 Time Written: 20100306161125.000000-300 Event Type: error User: Computer Name: EUGENIA Event Code: 1517 Message: Windows saved user EUGENIA\EU registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 22565 Source Name: Userenv Time Written: 20100306144847.000000-300 Event Type: warning User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\WINDOWS\system32\WindowsP owerShell\v1.0;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.PSC1 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip "SAFEBOOT_OPTION"=NETWORK -----------------EOF----------------- |
#11
|
|||
|
|||
GMER log:
GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-08 14:00:52 Windows 5.1.2600 Service Pack 3 Running: u54gnk2x.exe; Driver: C:\DOCUME~1\Ruthie\LOCALS~1\Temp\axrdapow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A .text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A .text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C .text C:\WINDOWS\system32\svchost.exe[1172] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E9000A .text C:\WINDOWS\Explorer.EXE[1980] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A .text C:\WINDOWS\Explorer.EXE[1980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A .text C:\WINDOWS\Explorer.EXE[1980] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \Fat B9732D20 ---- EOF - GMER 1.0.15 ---- |
#12
|
||||
|
||||
The Gmer log suggests a tough boot level driver file has been altered by malware there, so let's assess/address that first.
Click here and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file on your desktop. Then click that to start the scan. A command window will open, and when the scan completes it will create a log file on your C drive. Similar in name to this: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt Your copy will be different - some of those numbers will reflect the date/time it was just run by you there. Copy/paste those contents back here please. Note - if the scan prompts for a reboot, be sure to do that. |
#13
|
|||
|
|||
21:36:31:515 0420 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
21:36:31:515 0420 ================================================== ============================== 21:36:31:515 0420 SystemInfo: 21:36:31:515 0420 OS Version: 5.1.2600 ServicePack: 3.0 21:36:31:515 0420 Product type: Workstation 21:36:31:515 0420 ComputerName: EUGENIA 21:36:31:515 0420 UserName: Ruthie 21:36:31:515 0420 Windows directory: C:\WINDOWS 21:36:31:515 0420 System windows directory: C:\WINDOWS 21:36:31:515 0420 Processor architecture: Intel x86 21:36:31:515 0420 Number of processors: 2 21:36:31:515 0420 Page size: 0x1000 21:36:31:515 0420 Boot type: Safe boot with network 21:36:31:515 0420 ================================================== ============================== 21:36:32:000 0420 Initialize success 21:36:32:000 0420 21:36:32:000 0420 Scanning Services ... 21:36:33:875 0420 Raw services enum returned 374 services 21:36:33:890 0420 21:36:33:890 0420 Scanning Drivers ... 21:36:34:703 0420 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys 21:36:34:765 0420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:36:34:828 0420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 21:36:34:859 0420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:36:34:921 0420 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 21:36:35:015 0420 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 21:36:35:046 0420 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 21:36:35:078 0420 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys 21:36:35:093 0420 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys 21:36:35:125 0420 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys 21:36:35:140 0420 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys 21:36:35:156 0420 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys 21:36:35:203 0420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:36:35:203 0420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:36:35:234 0420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:36:35:281 0420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:36:35:390 0420 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 21:36:35:484 0420 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 21:36:35:515 0420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:36:35:531 0420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:36:35:578 0420 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 21:36:35:640 0420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:36:35:656 0420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:36:35:671 0420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:36:35:718 0420 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 21:36:35:734 0420 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:36:35:750 0420 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:36:35:828 0420 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\datunidr.sys 21:36:35:828 0420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:36:35:906 0420 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 21:36:35:906 0420 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 21:36:35:937 0420 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS 21:36:35:937 0420 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 21:36:35:953 0420 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 21:36:35:968 0420 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 21:36:35:984 0420 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 21:36:36:000 0420 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 21:36:36:015 0420 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 21:36:36:078 0420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 21:36:36:109 0420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 21:36:36:125 0420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:36:36:156 0420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:36:36:187 0420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:36:36:187 0420 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 21:36:36:234 0420 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 21:36:36:296 0420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:36:36:312 0420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 21:36:36:328 0420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 21:36:36:343 0420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 21:36:36:406 0420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 21:36:36:484 0420 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 21:36:36:515 0420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:36:36:515 0420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:36:36:562 0420 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 21:36:36:562 0420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:36:36:625 0420 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:36:36:671 0420 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:36:36:734 0420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 21:36:36:765 0420 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:36:37:015 0420 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 21:36:37:218 0420 Imapi (c15ec45669072c527036e2bf0feee784) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:36:37:218 0420 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\imapi.sys. Real md5: c15ec45669072c527036e2bf0feee784, Fake md5: 083a052659f5310dd8b6a6cb05edcf8e 21:36:37:218 0420 File "C:\WINDOWS\system32\DRIVERS\imapi.sys" infected by TDSS rootkit ... 21:36:43:750 0420 Backup copy found, using it.. 21:36:43:765 0420 will be cured on next reboot 21:36:43:906 0420 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:36:43:953 0420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 21:36:43:984 0420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:36:44:015 0420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:36:44:062 0420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:36:44:078 0420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:36:44:109 0420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:36:44:156 0420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:36:44:156 0420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:36:44:218 0420 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 21:36:44:250 0420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:36:44:296 0420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 21:36:44:312 0420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:36:44:343 0420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 21:36:44:359 0420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:36:44:406 0420 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:36:44:406 0420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:36:44:421 0420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:36:44:484 0420 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:36:44:500 0420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:36:44:531 0420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:36:44:578 0420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:36:44:609 0420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:36:44:656 0420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:36:44:687 0420 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 21:36:44:703 0420 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 21:36:44:718 0420 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 21:36:44:765 0420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:36:44:796 0420 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 21:36:44:843 0420 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:36:44:859 0420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:36:44:875 0420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:36:44:875 0420 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 21:36:44:890 0420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:36:44:921 0420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:36:44:937 0420 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 21:36:44:953 0420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:36:44:984 0420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:36:45:031 0420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:36:45:078 0420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:36:45:093 0420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:36:45:125 0420 OEM02Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM02Afx.sys 21:36:45:171 0420 OEM02Dev (19cac780b858822055f46c58a111723c) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys 21:36:45:171 0420 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys 21:36:45:187 0420 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 21:36:45:218 0420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 21:36:45:234 0420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:36:45:265 0420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 21:36:45:281 0420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 21:36:45:343 0420 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 21:36:45:375 0420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 21:36:45:437 0420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:36:45:437 0420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 21:36:45:468 0420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:36:45:609 0420 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTpr oct.sys 21:36:45:640 0420 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:36:45:703 0420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:36:45:718 0420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:36:45:734 0420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:36:45:734 0420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:36:45:765 0420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:36:45:812 0420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:36:45:812 0420 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:36:45:859 0420 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 21:36:45:875 0420 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:36:45:937 0420 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 21:36:46:000 0420 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 21:36:46:031 0420 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 21:36:46:062 0420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:36:46:093 0420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 21:36:46:125 0420 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 21:36:46:156 0420 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 21:36:46:171 0420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:36:46:203 0420 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 21:36:46:234 0420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:36:46:265 0420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 21:36:46:328 0420 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 21:36:46:437 0420 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 21:36:46:500 0420 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 21:36:46:531 0420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:36:46:546 0420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:36:46:609 0420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:36:46:671 0420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:36:46:703 0420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:36:46:718 0420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:36:46:750 0420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:36:46:781 0420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:36:46:796 0420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:36:46:859 0420 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys 21:36:46:890 0420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:36:46:906 0420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:36:46:921 0420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:36:46:953 0420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:36:47:015 0420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:36:47:046 0420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:36:47:078 0420 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 21:36:47:109 0420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:36:47:140 0420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 21:36:47:156 0420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:36:47:187 0420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:36:47:203 0420 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 21:36:47:265 0420 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 21:36:47:296 0420 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 21:36:47:343 0420 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:36:47:375 0420 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:36:47:375 0420 Reboot required for cure complete.. 21:36:47:921 0420 Cure on reboot scheduled successfully 21:36:47:921 0420 21:36:47:921 0420 Completed 21:36:47:921 0420 21:36:47:921 0420 Results: 21:36:47:921 0420 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 21:36:47:921 0420 File objects infected / cured / cured on reboot: 1 / 0 / 1 21:36:47:921 0420 21:36:47:953 0420 KLMD(ARK) unloaded successfully |
#14
|
||||
|
||||
Good - tough rootkit to deal with usually.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. Download ComboFix.exe from here to your desktop. However, as you download it I would like you to rename it to cman.scr, then click that to run that scan. Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. |
#15
|
|||
|
|||
ComboFix 10-07-08.02 - Ruthie 07/09/2010 7:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1431 [GMT -4:00] Running from: c:\documents and settings\Ruthie\Desktop\cman.scr.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NetworkService\Local Settings\Application Data\yilowpxyp c:\documents and settings\NetworkService\Local Settings\Application Data\yilowpxyp\tgugwvatssd.exe c:\windows\system32\st325602.dll c:\windows\wiaserviv.log c:\windows\xpsp1hfm.log . ((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 ))))))))))))))))))))))))))))))) . 2010-07-09 11:24 . 2010-07-09 11:24 -------- d-----w- c:\windows\LastGood 2010-07-08 11:32 . 2010-07-08 11:32 -------- d-----w- C:\rsit 2010-07-08 11:32 . 2010-07-08 11:32 -------- d-----w- c:\program files\trend micro 2010-07-08 01:08 . 2010-07-08 01:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-07-08 01:05 . 2010-07-08 01:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2010-06-16 02:41 . 2010-06-16 02:41 50354 ----a-w- c:\documents and settings\Ruthie\Application Data\Facebook\uninstall.exe 2010-06-16 02:41 . 2010-06-16 02:41 -------- d-----w- c:\documents and settings\Ruthie\Application Data\Facebook 2010-06-11 02:39 . 2010-07-02 02:44 -------- d-----w- c:\documents and settings\Ruthie\Local Settings\Application Data\Temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-07-09 11:22 . 2010-02-09 03:29 -------- d-----w- c:\documents and settings\Ruthie\Application Data\LimeWire 2010-07-09 01:38 . 2004-08-04 12:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys 2010-07-04 20:47 . 2009-05-02 23:27 -------- d-----w- c:\program files\Google 2010-06-19 05:21 . 2010-05-27 03:24 -------- d-----w- c:\documents and settings\Ruthie\Application Data\Skype 2010-06-19 04:02 . 2009-05-07 02:21 -------- d-----w- c:\documents and settings\Ruthie\Application Data\skypePM 2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Ruthie\Application Data\Facebook\npfbplugin_1_0_3.dll 2010-05-27 03:24 . 2010-05-27 03:23 -------- d-----r- c:\program files\Skype 2010-05-27 03:23 . 2010-05-27 03:23 -------- d-----w- c:\program files\Common Files\Skype 2010-05-27 03:23 . 2009-01-04 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-05-27 00:10 . 2010-05-27 00:10 -------- d-----w- c:\program files\Alwil Software 2010-05-27 00:10 . 2010-05-27 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-05-24 01:21 . 2010-05-24 01:21 -------- d-----w- c:\documents and settings\Ruthie\Application Data\Malwarebytes 2010-05-24 01:21 . 2010-05-24 01:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-24 01:21 . 2010-05-24 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-24 01:04 . 2009-05-03 21:20 -------- d-----w- c:\documents and settings\Ruthie\Application Data\InstallShield 2010-05-24 00:58 . 2008-12-28 17:51 -------- d-----w- c:\program files\Dell 2010-05-24 00:58 . 2008-12-28 17:49 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-23 06:43 . 2009-05-03 21:24 69232 ----a-w- c:\documents and settings\Ruthie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-23 06:31 . 2009-01-29 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio 2010-05-23 06:31 . 2009-01-29 17:55 -------- d-----w- c:\program files\Common Files\Roxio Shared 2010-05-23 06:31 . 2008-12-28 20:24 -------- d-----w- c:\program files\Roxio 2010-05-23 06:31 . 2008-12-28 20:24 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-05-18 03:27 . 2009-02-01 03:27 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-12 07:02 . 2009-01-31 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-06 20:59 . 2010-05-27 00:11 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-05-06 20:59 . 2010-05-27 00:11 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-05-06 20:39 . 2010-05-27 00:11 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-05-06 20:39 . 2010-05-27 00:11 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-05-06 20:34 . 2010-05-27 00:11 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-05-06 20:33 . 2010-05-27 00:11 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-05-06 20:33 . 2010-05-27 00:11 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-05-06 20:33 . 2010-05-27 00:11 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-05-06 20:33 . 2010-05-27 00:11 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-04-14 19:37 . 2009-11-21 17:43 79488 ----a-w- c:\documents and settings\Ruthie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2008-12-28 19:35 . 2008-12-28 19:35 76 --sh--r- c:\windows\CT4CET.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2010-01-20 2166296] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] 2010-01-20 01:24 2166296 ----a-w- c:\program files\ToggleEN\tbTog1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2010-01-20 2166296] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog1.dll" [2010-01-20 2166296] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-05-02 39408] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-28 137752] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-06 647520] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-02 68592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-05-15 54576] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-05-06 2815192] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Ruthie\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager] BootExecute REG_MULTI_SZ \0 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/26/2010 8:11 PM 164048] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [5/26/2010 8:11 PM 19024] S2 gupdate1cafd4c1bd62ea6;Google Update Service (gupdate1cafd4c1bd62ea6);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2010 11:24 PM 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 03:24] 2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 03:24] 2010-07-09 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] 2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{43890C11-C779-4163-B824-74195331E49D}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543 uInternet Settings,ProxyServer = http=127.0.0.1:5577 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll FF - ProfilePath - c:\documents and settings\Ruthie\Application Data\Mozilla\Firefox\Profiles\7ukbz04z.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\Ruthie\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Ruthie\Application Data\Mozilla\Firefox\Profiles\7ukbz04z.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Ruthie\Application Data\Mozilla\Firefox\Profiles\7ukbz04z.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.d ll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKCU-Run-ares - c:\program files\Ares\Ares.exe HKCU-Run-noaurhep - c:\documents and settings\Ruthie\Local Settings\Application Data\jjfysrjfy\xhxsxrltssd.exe SafeBoot-klmdb.sys ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-09 07:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(860) c:\windows\System32\BCMLogon.dll . Completion time: 2010-07-09 07:43:14 ComboFix-quarantined-files.txt 2010-07-09 11:43 Pre-Run: 189,346,062,336 bytes free Post-Run: 195,368,738,816 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 58744B84D9ACBD7A631043D5B309FD42 |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Security Suite | KFuhr | Malware Removal | 10 | August 20th, 2010 06:40 PM |
AV Security Suite & other Malware Help | ates | Malware Removal | 22 | July 25th, 2010 12:43 AM |
AV Security Suite | oasis.g | Malware Removal | 5 | July 15th, 2010 02:17 AM |
Security Suite | Shalimarp3 | Windows XP | 2 | December 30th, 2006 05:31 AM |
CA Security Suite | sarah0chap | Applications | 0 | November 10th, 2006 06:22 AM |
All times are GMT +1. The time now is 11:16 PM.