Author Topic: [Resolved] Bloodhound quarantined constantly  (Read 6037 times)

Offline adf1962

  • Bronze Member
  • Posts: 67
[Resolved] Bloodhound quarantined constantly
« on: June 03, 2009, 05:57:22 PM »
My Symantec keeps telling me about once a day after a scheduled scan that it finds the Bloodhound virus in my C:\Windows\temp folder and then sends to Quarantine because no further action can be done.  Similary, it does the same with a PDF called inocs(1).pdf located in my Temporary Internet Files folder in Local Settings.

I don't think anything is really wrong, I just don't like seeing it all the time and would like to get rid of it.  I ran Malware bytes but it says it can't find anything.  I also have Spybot.

Here's my HJT log, thanks in advance . . .

Logfile of Trend Micro HijackThis v2.0.2                                                                                                                                  
Scan saved at 7:45:40 PM, on 6/3/2009                                                                                                                                    
Platform: Windows XP SP3 (WinNT 5.01.2600)                                                                                                                                
MSIE: Internet Explorer v7.00 (7.00.6000.16827)                                                                                                                          
Boot mode: Normal                                                                                                                                                        
                                                                                                                                                                          
Running processes:                                                                                                                                                        
C:\WINDOWS\System32\smss.exe                                                                                                                                              
C:\WINDOWS\system32\winlogon.exe                                                                                                                                          
C:\WINDOWS\system32\services.exe                                                                                                                                          
C:\WINDOWS\system32\lsass.exe                                                                                                                                            
C:\WINDOWS\system32\Ati2evxx.exe                                                                                                                                          
C:\WINDOWS\system32\svchost.exe                                                                                                                                          
C:\WINDOWS\System32\svchost.exe                                                                                                                                          
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe                                                                                                                
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe                                                                                                                
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe                                                                                                          
C:\WINDOWS\system32\spoolsv.exe                                                                                                                                          
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe                                                                                
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe                                                                                                                                
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe                                                                                                                                
C:\Program Files\Symantec AntiVirus\DefWatch.exe                                                                                                                          
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE                                                                                                          
C:\WINDOWS\Explorer.EXE                                                                                                                                                  
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe                                                                                                                      
C:\Program Files\Analog Devices\Core\smax4pnp.exe                                                                                                                        
C:\Program Files\QuickTime\QTTask.exe                                                                                                                                    
C:\Program Files\OpenVPN\bin\openvpn-gui.exe                                                                                                                              
C:\WINDOWS\system32\LVCOMSX.EXE                                                                                                                                          
C:\Program Files\Logitech\Video\LogiTray.exe                                                                                                                              
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe                                                                                                      
C:\WINDOWS\system32\svchost.exe                                                                                                                                          
C:\Program Files\Symantec AntiVirus\Rtvscan.exe                                                                                                                          
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe                                                                                                                      
C:\WINDOWS\system32\dla\tfswctrl.exe                                                                                                                                      
C:\Program Files\BellCanada\McciTrayApp.exe                                                                                                                              
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe                                                                                                              
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe                                                                                            
C:\Program Files\Logitech\Video\FxSvr2.exe                                                                                                                                
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe                                                                                                
C:\Program Files\Common Files\Symantec Shared\ccApp.exe                                                                                                                  
C:\PROGRA~1\SYMANT~1\VPTray.exe                                                                                                                                          
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe                                                                                                  
C:\WINDOWS\system32\ctfmon.exe                                                                                                                                            
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe                                                                                                                  
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe                                                                                                      
C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe                                                                                            
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe                                                                                                  
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe                                                                                                                      
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe                                                                                                                          
C:\WINDOWS\system32\hpoipm07.exe                                                                                                                                          
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe                                                                                                              
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe                                                                                                              
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe                                                                                                  
C:\Program Files\iPod\bin\iPodService.exe                                                                                                                                
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe                                                                                                    
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe                                                                                                
C:\WINDOWS\system32\taskmgr.exe                                                                                                                                          
C:\Program Files\Internet Explorer\iexplore.exe                                                                                                                          
C:\WINDOWS\system32\sndvol32.exe                                                                                                                                          
C:\WINDOWS\system32\winlogon.exe                                                                                                                                          
C:\Program Files\Internet Explorer\iexplore.exe                                                                                                                          
C:\Program Files\Internet Explorer\iexplore.exe                                                                                                                          
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe                                                                                                                    
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe                                                                                                                  
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe                                                                                                                    
                                                                                                                                                                          
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/                                                                                    
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157                                                      
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896                                                    
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896                                                            
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157                                                            
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen                                          
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll                                                          
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)                                                                                                  
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll        
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll                                      
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll                      
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll  
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll                          
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll                                          
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon                                                              
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe                                                                                        
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime                                                                                    
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe                                                                                              
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE                                                                                                              
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe                                                                                        
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe                                                                                      
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start                                                            
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup                                                                            
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"                                                                                    
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe                                                                                                              
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe                                                                                    
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe                                                                              
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"                                                                                              
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background                                      
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"                                                            
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"                                                                                      
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe                                                                                                                
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent                                              
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe                                                                          
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe                                                                                                            
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe                                                                            
O4 - HKCU\..\Run: [ISUSPM] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler                                                              
O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Rosina')                                              
O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Rosina')                        
O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Rosina')            
O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [A00F3AEF026.exe] C:\DOCUME~1\Rosina\LOCALS~1\Temp\_A00F3AEF026.exe (User 'Rosina')                      
O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Rosina')
O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\RunOnce: [Shockwave 10] "C:\WINDOWS\system32\Macromed\Shockwave 10\swinit.exe" (User 'Rosina')                
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')                                                            
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')                                                      
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe                                                              
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe                                          
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe                                    
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe                                            
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE                                                                            
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe                                                                            
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000                                                            
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll                                            
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll                          
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll                                                                
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll                        
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe                                                      
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe                                  
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe                                                            
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe                                          
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab                                                  
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204                              
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab                          
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab                                        
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab                
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab                                                      
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.us-resources.com/dwa7W.cab                                              
O17 - HKLM\System\CCS\Services\Tcpip\..\{9541D7A2-AEB9-4B63-8C25-CD1FB2433AF1}: NameServer = 192.168.2.1                                                                  
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll                          
O20 - AppInit_DLLs:                                                                                                                                                      
O23 - Service: AbelService - Unknown owner - C:\Program Files\AbelCam\AbelService.exe                                                                                    
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe                            
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe                                                      
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe                                                                              
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe                                      
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe                                  
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe                                
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe                            
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe                                
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe                                              
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe                                          
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe          
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe                                                                                      
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE                                                                            
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe                                                            
O23 - Service: Roxio UPnP Renderer 9 (roxio upnp renderer 9) - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe                            
O23 - Service: Roxio Upnp Server 9 (roxio upnp server 9) - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe                                  
O23 - Service: LiveShare P2P Server 9 (roxliveshare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe                      
O23 - Service: RoxMediaDB9 (roxmediadb9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe                                    
O23 - Service: Roxio Hard Drive Watcher 9 (roxwatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe                          
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe                                      
O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe                                            
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe                                                                            
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe                              
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe                                    
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe                                                                
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe                            
                                                                                                                                                                          
--                                                                                                                                                                        
End of file - 14702 bytes                                                                                                            
« Last Edit: June 17, 2009, 05:18:03 AM by Maurice Naggar »

Offline Maurice Naggar

  • Malware Removal Staff
  • Gold Member
  • Posts: 1205
Re: Bloodhound quarantined constantly
« Reply #1 on: June 06, 2009, 07:37:41 AM »
Hello adf1962 and welcome to SpywareHammer forums,

I will assist you in loooking for malwares. Please follow my guidance.
You should be clearing your temporary internet files on a very regular basis. And certainly have your IE browser set to do it.
You can also use ATF Cleaner (see below) to do regular emptying of temp areas.

You have Spybot's "Tea Timer" active, which makes removal of malwares much tougher will "it" is running.
Right click the Spybot Icon in the system tray (notification area).
  • If you have the new version 1.5, click once on Resident Protection and make sure it is Unchecked.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident


If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
Exit Spybot S&D when done and reboot the system so the changes are in effect.[/list]

=
1. Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then  Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
 ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

Please download and run the Trend Micro Sysclean Package on your computer.
NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.
    Trend Micro Damage Cleanup Engine
    • Create a brand new folder to copy these files to.
    • As an example: C:\DCE
    • Then open each of the zipped archive files and copy their contents to C:\DCE
    • Copy the file sysclean.com to the new folder C:\DCE as well.
    • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.

      After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.

    How To Use Compressed (Zipped) Folders in Windows XP
    Compress and uncompress files (zip files) in Vista
    « Last Edit: June 06, 2009, 07:41:12 AM by Maurice Naggar »
    ~Maurice Naggar
    MS-MVP (October 2002 - September 2010)

    Offline adf1962

    • Bronze Member
    • Posts: 67
    Re: [In Progress]Bloodhound quarantined constantly
    « Reply #2 on: June 06, 2009, 07:24:55 PM »
    Hi Maurice,

    Thanks for taking on the case.

    I have followed all your directions.  I am stuck on downloading the Spyware Pattern Files from Trend Micro.  If I use Firefox, the linkto tma777.zip returns me to the same page  . . .http://www.trendmicro.com/download/spywarepattern.asp . If I use IE7, the same link to tma777.zip takes me to http://www.trendmicro.com/download/ .

    Either way, I can't get the Spyeare Pattern Files.

    Thanks,

    ADF

    Offline Maurice Naggar

    • Malware Removal Staff
    • Gold Member
    • Posts: 1205
    Re: [In Progress]Bloodhound quarantined constantly
    « Reply #3 on: June 07, 2009, 08:46:28 AM »
    As much as possible, use Internet Explorer.
    This is the link you need
    http://www.trendmicro.com/ftp/products/pattern/spyware/tma777.zip
    ~Maurice Naggar
    MS-MVP (October 2002 - September 2010)

    Offline adf1962

    • Bronze Member
    • Posts: 67
    Re: [In Progress]Bloodhound quarantined constantly
    « Reply #4 on: June 07, 2009, 11:48:42 PM »
    I got the tma777.zip.

    When I went to run the sysclean.com, it says it couldn't find the SSAPIPTN.DA5 file so it would not do the Spyware component.  I ran the scan anyway, below are the results of 1)  HijackThis and 2) the sysclean.log

    Logfile of Trend Micro HijackThis v2.0.2                                                                                                                                 
    Scan saved at 1:44:32 AM, on 6/8/2009                                                                                                                                     
    Platform: Windows XP SP3 (WinNT 5.01.2600)                                                                                                                               
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)                                                                                                                           
    Boot mode: Normal                                                                                                                                                         
                                                                                                                                                                             
    Running processes:                                                                                                                                                       
    C:\WINDOWS\System32\smss.exe                                                                                                                                             
    C:\WINDOWS\system32\winlogon.exe                                                                                                                                         
    C:\WINDOWS\system32\services.exe                                                                                                                                         
    C:\WINDOWS\system32\lsass.exe                                                                                                                                             
    C:\WINDOWS\system32\Ati2evxx.exe                                                                                                                                         
    C:\WINDOWS\system32\svchost.exe                                                                                                                                           
    C:\WINDOWS\System32\svchost.exe                                                                                                                                           
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe                                                                                                               
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe                                                                                                               
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe                                                                                                         
    C:\WINDOWS\system32\spoolsv.exe                                                                                                                                           
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe                                                                               
    C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe                                                                                                                               
    C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe                                                                                                                               
    C:\Program Files\Symantec AntiVirus\DefWatch.exe                                                                                                                         
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE                                                                                                           
    C:\WINDOWS\system32\svchost.exe                                                                                                                                           
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe                                                                                                                           
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe                                                                                                             
    C:\WINDOWS\Explorer.EXE                                                                                                                                                   
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe                                                                                                                     
    C:\Program Files\Analog Devices\Core\smax4pnp.exe                                                                                                                         
    C:\Program Files\QuickTime\QTTask.exe                                                                                                                                     
    C:\Program Files\OpenVPN\bin\openvpn-gui.exe                                                                                                                             
    C:\WINDOWS\system32\LVCOMSX.EXE                                                                                                                                           
    C:\Program Files\Logitech\Video\LogiTray.exe                                                                                                                             
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe                                                                                                       
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe                                                                                                                       
    C:\WINDOWS\system32\dla\tfswctrl.exe                                                                                                                                     
    C:\Program Files\BellCanada\McciTrayApp.exe                                                                                                                               
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe                                                                                           
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe                                                                                               
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe                                                                                                                   
    C:\PROGRA~1\SYMANT~1\VPTray.exe                                                                                                                                           
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe                                                                                                   
    C:\WINDOWS\system32\ctfmon.exe                                                                                                                                           
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe                                                                                                                   
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe                                                                                                     
    C:\Program Files\Logitech\Video\FxSvr2.exe                                                                                                                               
    C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe                                                                                             
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe                                                                                                                     
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe                                                                                                 
    C:\Program Files\iPod\bin\iPodService.exe                                                                                                                                 
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe                                                                                                   
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe                                                                                               
    C:\Program Files\Internet Explorer\iexplore.exe                                                                                                                           
    C:\WINDOWS\system32\taskmgr.exe                                                                                                                                           
    C:\Program Files\Internet Explorer\iexplore.exe                                                                                                                           
    C:\WINDOWS\system32\winlogon.exe                                                                                                                                         
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe                                                                                                                   
    C:\Software\DCE\sysclean.com                                                                                                                                             
    C:\Software\DCE\sysclean.exe                                                                                                                                             
    C:\WINDOWS\system32\rundll32.exe                                                                                                                                         
    C:\WINDOWS\system32\NOTEPAD.EXE                                                                                                                                           
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe                                                                                                                   
                                                                                                                                                                             
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/                                                                                   
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157                                                       
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896                                                     
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896                                                           
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157                                                             
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen                                         
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll                                                           
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)                                                                                                 
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll         
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll                                       
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll                     
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll 
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll                           
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll                                         
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon                                                               
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe                                                                                         
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime                                                                                   
    O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe                                                                                             
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE                                                                                                               
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe                                                                                       
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe                                                                                       
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start                                                           
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup                                                                             
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"                                                                                     
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe                                                                                                             
    O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe                                                                                   
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe                                                                               
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"                                                                                               
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background                                       
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"                                                             
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"                                                                                       
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe                                                                                                               
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe                                                                           
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe                                                                                                             
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe                                                                             
    O4 - HKCU\..\Run: [ISUSPM] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler                                                             
    O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Rosina')                                               
    O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Rosina')                       
    O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Rosina')             
    O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [A00F3AEF026.exe] C:\DOCUME~1\Rosina\LOCALS~1\Temp\_A00F3AEF026.exe (User 'Rosina')                       
    O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Rosina')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')                                                             
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')                                                       
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe                                                             
    O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe                                           
    O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe                                     
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe                                             
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE                                                                           
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe                                                                           
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000                                                             
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll                                           
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll                           
    O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll                                                                 
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll                         
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe                                                       
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe                                 
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe                                                             
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe                                           
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab                                                   
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204                             
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab                           
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab                                         
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab                 
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab                                                       
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.us-resources.com/dwa7W.cab                                             
    O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/v2_0_0_12/PCAXSetupv2.0.0.12.cab?               
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9541D7A2-AEB9-4B63-8C25-CD1FB2433AF1}: NameServer = 192.168.2.1                                                                 
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll                         
    O20 - AppInit_DLLs:                                                                                                                                                       
    O23 - Service: AbelService - Unknown owner - C:\Program Files\AbelCam\AbelService.exe                                                                                     
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe                             
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe                                                     
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe                                                                               
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe                                     
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe                                   
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe                                 
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe                           
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe                                 
    O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe                                               
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe                                         
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe           
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe                                                                                     
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE                                                                             
    O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe                                                           
    O23 - Service: Roxio UPnP Renderer 9 (roxio upnp renderer 9) - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe                             
    O23 - Service: Roxio Upnp Server 9 (roxio upnp server 9) - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe                                 
    O23 - Service: LiveShare P2P Server 9 (roxliveshare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe                     
    O23 - Service: RoxMediaDB9 (roxmediadb9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe                                     
    O23 - Service: Roxio Hard Drive Watcher 9 (roxwatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe                         
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe                                       
    O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe                                           
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe                                                                             
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe                             
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe                                     
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe                                                               
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe                             
                                                                                                                                                                             
    --                                                                                                                                                                       
    End of file - 14286 bytes







    /--------------------------------------------------------------\
    |                  Trend Micro System Cleaner                  |
    |            Copyright 2006-2007, Trend Micro, Inc.            |
    |                   http://www.antivirus.com                   |
    \--------------------------------------------------------------/


    2009-06-07, 23:57:00,   Auto-clean mode specified.
    2009-06-07, 23:57:00,   Initialized Rootkit Driver version 1.6.0.1059.
    2009-06-07, 23:57:00,   Running scanner "C:\Software\DCE\TSC.BIN"...
    2009-06-07, 23:57:46,   Scanner "C:\Software\DCE\TSC.BIN" has finished running.
    2009-06-07, 23:57:46,   TSC Log:

    ’žD a m a g e   C l e a n u p   E n g i n e   ( D C E )     6 . 0 ( B u i l d   1 1 7 2 )
     
     
     W i n d o w s   X P ( B u i l d   2 6 0 0 :   S e r v i c e   P a c k   3 )
     
     
     
     
     S t a r t   t i m e   :   S u n   J u n   0 7   2 0 0 9   2 3 : 5 7 : 0 2
     
     
     
     
     
     L o a d   D a m a g e   C l e a n u p   T e m p l a t e   ( D C T )   " C : \ S o f t w a r e \ D C E \ T M R D C T . p t n "   ( v e r s i o n   )   [ f a i l ]
     
     
     L o a d   D a m a g e   C l e a n u p   T e m p l a t e   ( D C T )   " C : \ S o f t w a r e \ D C E \ t s c . p t n "   ( v e r s i o n   1 0 4 0 )   [ s u c c e s s ]
     
     
     
     
     
     C o m p l e t e   t i m e   :   S u n   J u n   0 7   2 0 0 9   2 3 : 5 7 : 4 6
     
     
     E x e c u t e   p a t t e r n   c o u n t ( 3 0 5 7 ) ,   V i r u s   f o u n d   c o u n t ( 0 ) ,   V i r u s   c l e a n   c o u n t ( 0 ) ,   C l e a n   f a i l e d   c o u n t ( 0 )
     
     
     
     
     
     2009-06-07, 23:57:46,   Running scanner "C:\Software\DCE\VSCANTM.BIN"...
    2009-06-08, 01:41:33,   Scanner "C:\Software\DCE\VSCANTM.BIN" has finished running.
    2009-06-08, 01:41:33,   VSCANTM Log:

    2009-06-08, 01:41:33,   Files Detected:
    Copyright (c) 1990 - 2006 Trend Micro Inc.
    Report Date : 6/7/2009 23:57:46
    VSAPI Engine Version : 8.950-1092
    VSCANTM Version : 3.00-1018 (Official Build)

    VSGetVirusPatternInformation is invoked
     
    Virus Pattern Version : 175 (413380/413380 Patterns) (2009/06/05) (617500)

    Command Line: C:\Software\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\Software\DCE\lpt$vpn.175

    173772 files have been read.
    173772 files have been check

    Offline Maurice Naggar

    • Malware Removal Staff
    • Gold Member
    • Posts: 1205
    Re: [In Progress]Bloodhound quarantined constantly
    « Reply #5 on: June 10, 2009, 07:08:53 AM »
    I'd like to have you run an online scan at Kaspersky; but first some preliminaries.

    Right click the Spybot Icon in the system tray (notification area).
    • If you have the new version 1.5, click once on Resident Protection and make sure it is Unchecked.
    • If you have Version 1.4, Click on Exit Spybot S&D Resident


    If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    Exit Spybot S&D when done and reboot the system so the changes are in effect.[/list]

    I'm going to have you follow-up to insure Tea Timer is not auto-started & to also not have Adobe Reader auto-start.
    Tea Timer can (and does) get in the way of cleanup attempts.

    Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present
    Quote
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    Click on Fix Checked when finished and exit HijackThis.
    Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!

    Now, Logoff and Restart the system for a fresh start.


    Next, Scan the system with the Kaspersky Online Scanner
    http://www.kaspersky.com/virusscanner

    Attention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

    During this run, make sure your browser does not block popup windows.  Have patience while some screens populate.

    1) Click the Kapersky Online Scanner button.  You'll see a popup window.
    2) Accept the agreement
    3) Accept the installation of the required ActiveX object ( XP SP2-SP3 will show this in the Information Bar )
    4) For XP SP2-SP3, click the Install button when prompted
    5) The necessary files will be downloaded and installed. Please have plenty of patience.
    6) After Kaspersky AntiVirus Database is updated,  look at the Scan box.
    7) Click the My Computer line
    8 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares

    9) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply.

    ( To see an animated tutorial-how-to on the scan, see >>this link<<)

    Re-enable your antivirus program after Kaspersky has finished.
    Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired.

    Do not be alarmed if Kaspersky tags items that are already in quarantine quarantine.
    Kaspersky is a report only and does not remove files.


    Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


    Post back with copies of the Kaspersky.txt report
    Log.txt
    Info.txt.
    How is your system now ? 

    ~Maurice Naggar
    MS-MVP (October 2002 - September 2010)

    Offline adf1962

    • Bronze Member
    • Posts: 67
    Re: [In Progress]Bloodhound quarantined constantly
    « Reply #6 on: June 10, 2009, 11:18:35 PM »
    Hi Maurice,

    I'm posting the results in 3 parts because combined reports exceed the size for posting.

    KASPERSKY REPORT
    ============

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0 REPORT
     Thursday, June 11, 2009
     Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
     Kaspersky Online Scanner  version: 7.0.26.13
     Program database last update: Thursday, June 11, 2009 02:51:48
     Records in database: 2335992
    --------------------------------------------------------------------------------

    Scan settings:
       Scan using the following database: extended
       Scan archives: yes
       Scan mail databases: yes

    Scan area - My Computer:
       A:\
       C:\
       D:\
       E:\

    Scan statistics:
       Files scanned: 180271
       Threat name: 12
       Infected objects: 23
       Suspicious objects: 0
       Duration of the scan: 03:20:44


    File name / Threat name / Threats count
    C:\D\FROM_C\Downloads\xolox13.exe   Infected: not-a-virus:AdWare.Win32.SaveNow.e   1
    C:\D\FROM_C\Downloads\xolox13.exe   Infected: not-a-virus:AdWare.Win32.SaveNow.bl   2
    C:\D\FROM_C\Downloads\xolox13.exe   Infected: not-a-virus:AdWare.Win32.SaveNow   1
    C:\D\FROM_C\Downloads\xolox131b.exe   Infected: not-a-virus:AdWare.Win32.SaveNow.e   1
    C:\D\FROM_C\Downloads\xolox131b.exe   Infected: not-a-virus:AdWare.Win32.SaveNow.bl   2
    C:\D\FROM_C\Downloads\xolox131b.exe   Infected: not-a-virus:AdWare.Win32.SaveNow   1
    C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\.ttA.tmp.vbs.bac_a01332   Infected: Backdoor.Win32.Frauder.eo   1
    C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\.ttB.tmp.vbs.bac_a01332   Infected: Backdoor.Win32.Frauder.eo   1
    C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\.ttC.tmp.vbs.bac_a01252   Infected: Backdoor.Win32.Frauder.eo   1
    C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\.ttD.tmp.vbs.bac_a01332   Infected: Backdoor.Win32.Frauder.eo   1
    C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\blphc3nvj0eca3.scr.bac_a01252   Infected: Trojan.Win32.FraudPack.ijv   1
    C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\ࡢttA.tmp.vbs.bac_a01332   Infected: Backdoor.Win32.Frauder.eo   1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA80000\4FBCBBA6.VBN   Infected: Exploit.Win32.Pidief.ayl   1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA80001\4FBCBBCC.VBN   Infected: Trojan.Win32.Inject.aaoh   1
    C:\Documents and Settings\Tony\Application Data\Thunderbird\Profiles\lproy0c7.default\Mail\Local Folders\Sent   Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110   1
    C:\Documents and Settings\Tony\Application Data\Thunderbird\Profiles\lproy0c7.default\Mail\Local Folders\Sent   Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4   1
    C:\Software\Utilities\gencontrol.exe   Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b   1
    C:\Software\Utilities\PsTools\pskill.exe   Infected: not-a-virus:RiskTool.Win32.PsKill.k   1
    C:\Software\Utilities\PsTools\psshutdown.exe   Infected: not-a-virus:RiskTool.Win32.PsKill.au   1
    C:\Software\vnc-4_1_1-x86_win32.exe   Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110   1
    C:\Software\vnc-4_1_1-x86_win32.exe   Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4   1

    The selected area was scanned.

    Offline adf1962

    • Bronze Member
    • Posts: 67
    Re: [In Progress]Bloodhound quarantined constantly
    « Reply #7 on: June 10, 2009, 11:20:01 PM »
    Part 2  . . .RSIT LOG.TXT REPORT

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Tony at 2009-06-11 01:12:08
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 58 GB (38%) free of 153 GB
    Total RAM: 1022 MB (56% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:12:31 AM, on 6/11/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\OpenVPN\bin\openvpn-gui.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BellCanada\McciTrayApp.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
    C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Software\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Tony.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
    O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?AuthParam=1244683491_a87b4e3cc5f52f538b3022dcef56ca7e&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab&File=jinstall-6u13-windows-i586-jc.cab&BHost=javadl.sun.com
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.us-resources.com/dwa7W.cab
    O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/v2_0_0_12/PCAXSetupv2.0.0.12.cab?
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9541D7A2-AEB9-4B63-8C25-CD1FB2433AF1}: NameServer = 192.168.2.1
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: 
    O23 - Service: AbelService - Unknown owner - C:\Program Files\AbelCam\AbelService.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
    O23 - Service: Roxio UPnP Renderer 9 (roxio upnp renderer 9) - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 (roxio upnp server 9) - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (roxliveshare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 (roxmediadb9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (roxwatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 14086 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\Spybot - Search & Destroy -  Scheduled Task.job
    C:\WINDOWS\tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6f74-2d53-2644-206d7942484f}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-22 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-22 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-10 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - Google Web Accelerator - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll [2006-12-14 237568]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-22 259696]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SpeedTouch USB Diagnostics"=C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe [2002-05-03 4341760]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
    "openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe [2009-03-09 104696]
    "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
    "LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
    "LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2007-08-30 205480]
    "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
    "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
    "BellCanada_McciTrayApp"=C:\Program Files\BellCanada\McciTrayApp.exe [2007-08-09 930816]
    "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-31 344064]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-12-11 267048]
    "BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-06-05 615696]
    "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-09-19 236016]
    "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
    "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-10 148888]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-05 68856]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Event Planner Reminder.lnk - C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
    HPAiODevice(hp psc 900 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=" "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\navlogon]
    C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableProfileQuota"=1
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\Program Files\OpenVPN\bin\openvpn.exe"="C:\Program Files\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn"
    "C:\Program Files\Alchemy Mindworks\GIF Construction Set Professional\ALCHUDDL.EXE"="C:\Program Files\Alchemy Mindworks\GIF Construction Set Professional\ALCHUDDL.EXE:*:Disabled:ALCHUDDL"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Software AG\Entire Connection\v431\PccServer.exe"="C:\Program Files\Software AG\Entire Connection\v431\PccServer.exe:*:Enabled:Entire Connection"
    "C:\Program Files\LogiSphere\LogiSphere.exe"="C:\Program Files\LogiSphere\LogiSphere.exe:*:Enabled:LogiSphere"
    "C:\Program Files\Look@LAN\LookAtHost.exe"="C:\Program Files\Look@LAN\LookAtHost.exe:*:Disabled:Look@HOST"
    "C:\Program Files\Look@LAN\LookAtLan.exe"="C:\Program Files\Look@LAN\LookAtLan.exe:*:Disabled:Look@LAN"
    "C:\Program Files\AbelCam\AbelCam.exe"="C:\Program Files\AbelCam\AbelCam.exe:*:Enabled:AbelCam"
    "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus"
    "C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui"
    "C:\Program Files\SecondLife\SecondLife.exe"="C:\Program Files\SecondLife\SecondLife.exe:*:Disabled:Second Life"
    "C:\Program Files\NewsBin\nbpro.exe"="C:\Program Files\NewsBin\nbpro.exe:*:Enabled:Newsbin"
    "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Documents and Settings\Tony\Local Settings\temp\7zSB.tmp\SymNRT.exe"="C:\Documents and Settings\Tony\Local Settings\temp\7zSB.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    shell\AutoRun\command - E:\kioskviewer\bin\kioskmain.exe


    ======List of files/folders created in the last 1 months======

    2009-06-11 01:12:08 ----D---- C:\rsit
    2009-06-10 21:23:50 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-06-10 21:23:50 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-06-10 21:23:50 ----A---- C:\WINDOWS\system32\java.exe
    2009-06-10 21:23:50 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-05-20 23:23:17 ----A---- C:\WINDOWS\system32\al.txt
    2009-05-20 22:35:59 ----A---- C:\WINDOWS\system32\r24.txt
    2009-05-20 22:35:59 ----A---- C:\WINDOWS\system32\p1.txt
    2009-05-20 22:35:59 ----A---- C:\WINDOWS\system32\dz1.txt
    2009-05-16 23:20:00 ----D---- C:\Documents and Settings\All Users\Application Data\Musicnotes
    2009-05-14 23:42:32 ----D---- C:\Program Files\MSECache

    ======List of files/folders modified in the last 1 months======

    2009-06-11 01:11:51 ----D---- C:\WINDOWS\Prefetch
    2009-06-11 01:11:34 ----AD---- C:\Software
    2009-06-11 01:10:27 ----D---- C:\Program Files\Symantec AntiVirus
    2009-06-10 21:24:08 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-06-10 21:24:07 ----SHD---- C:\WINDOWS\Installer
    2009-06-10 21:23:54 ----D---- C:\Config.Msi
    2009-06-10 21:23:52 ----D---- C:\WINDOWS\temp
    2009-06-10 21:23:50 ----D---- C:\WINDOWS\system32
    2009-06-10 21:23:32 ----D---- C:\Program Files\Java
    2009-06-10 21:22:25 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-06-10 21:17:59 ----D---- C:\WINDOWS
    2009-06-10 20:12:53 ----SD---- C:\WINDOWS\Tasks
    2009-06-10 20:11:21 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-06-10 18:28:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-06-10 17:08:56 ----HD---- C:\WINDOWS\inf
    2009-06-10 17:06:55 ----HD---- C:\WINDOWS\$hf_mig$
    2009-06-09 19:55:15 ----D---- C:\WINDOWS\system32\drivers
    2009-06-09 19:55:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-06-09 19:53:58 ----D---- C:\Program Files\Common Files\Research In Motion
    2009-06-09 19:53:43 ----D---- C:\WINDOWS\WinSxS
    2009-06-07 20:25:37 ----AD---- C:\Digital
    2009-06-07 18:48:18 ----D---- C:\Program Files\Mozilla Firefox
    2009-06-03 06:00:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-06-02 19:30:05 ----D---- C:\Tony
    2009-06-02 19:29:38 ----D---- C:\WINDOWS\Debug
    2009-05-30 00:14:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-25 07:38:09 ----D---- C:\Program Files\MSN Messenger
    2009-05-20 23:51:28 ----RD---- C:\Program Files
    2009-05-20 23:45:31 ----D---- C:\WINDOWS\system32\wbem
    2009-05-14 23:43:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2009-05-14 23:43:20 ----RSD---- C:\WINDOWS\Fonts
    2009-05-14 23:43:15 ----D---- C:\Program Files\Microsoft Office
    2009-05-14 23:31:34 ----SHD---- C:\RECYCLER

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
    R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
    R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
    R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
    R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
    R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
    R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
    R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
    R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
    R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
    R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
    R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-01 1198080]
    R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-01 132608]
    R3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
    R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
    R3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
    R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
    R3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport; C:\WINDOWS\system32\DRIVERS\enetnt.sys [2003-03-27 40832]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2008-01-15 15664]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090609.022\naveng.sys []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090609.022\navex15.sys []
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
    R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
    R3 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
    R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-03-09 25216]
    R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
    R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
    S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
    S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
    S3 ENDETECT;ENDETECT; \??\C:\PROGRA~1\Bell\ACCESS~1\app\ENDETECT.SYS []
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
    S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
    S3 NTSTPL1;NTSTPL1; \??\C:\PROGRA~1\Bell\ACCESS~1\app\NTSTPL1.SYS []
    S3 NTSTPL2;NTSTPL2; \??\C:\PROGRA~1\Bell\ACCESS~1\app\NTSTPL2.SYS []
    S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
    S3 RAWESR;RAWESR; \??\C:\PROGRA~1\Bell\ACCESS~1\app\RAWESR.SYS []
    S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
    S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2005-05-24 23552]
    S3 TAPBIND;TAPBIND; \??\C:\PROGRA~1\Bell\ACCESS~1\app\TAPBIND1.SYS []
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
    S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
    S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
    S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
    S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
    S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
    S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-01 368640]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
    R2 DB2JDS;DB2 JDBC Applet Server; C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe [2005-05-27 188416]
    R2 DB2NTSECSERVER;DB2 Security Server; C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe [2005-04-24 13864]
    R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-10 152984]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 roxwatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-09-19 170480]
    R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
    R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-12-11 504104]
    R3 roxmediadb9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-09-19 1108464]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
    S2 roxio upnp server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-07 362992]
    S2 roxliveshare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-09-19 313840]
    S3 AbelService;AbelService; C:\Program Files\AbelCam\AbelService.exe [2007-02-25 81920]
    S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-19 263168]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 DynDNS_Updater_Service;DynDNS Updater Service; C:\Program Files\DynDNS Updater\DynDNS.exe [2006-09-17 1352704]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
    S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2009-03-09 15872]
    S3 roxio upnp renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-07 88560]
    S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
    S3 sasrfcService;sasrfc Service; C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe [2001-01-30 41984]
    S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
    S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

    -----------------EOF-----------------



    Offline adf1962

    • Bronze Member
    • Posts: 67
    Re: [In Progress]Bloodhound quarantined constantly
    « Reply #8 on: June 10, 2009, 11:25:00 PM »
    Part 3 . . . RSIT INFO.TXT REPORT


    info.txt logfile of random's system information tool 1.06 2009-06-11 01:12:36

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->MsiExec.exe /X{8548A86C-3FCE-4019-88EE-A52820207988}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    3ivx MPEG-4 5.0 Decoder (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0 Decoder\uninstall.exe"
    AbelCam-->MsiExec.exe /I{9E13A3DB-DFEC-4F4A-940F-C53B643C45B0}
    Access Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F63BF3C0-D774-11D5-9241-444553540000}\setup.exe"  -AUNINSTALL_ONLY
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
    Alcatel SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe"
    Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
    Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
    Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
    ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
    ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
    AVS Video to GO-->"C:\Program Files\AVS4YOU\AVSVideotoGO\unins000.exe"
    AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
    Azureus-->C:\Program Files\Azureus\Uninstall.exe
    Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
    BitTornado 0.3.7-->C:\Program Files\BitTornado\uninst.exe
    BlackBerry Desktop Software 4.7-->MsiExec.exe /I{51D7494B-6C54-468F-98E1-1A9997C89329}
    BlackBerry Desktop Software 4.7-->MsiExec.exe /i{51D7494B-6C54-468F-98E1-1A9997C89329}
    BlackBerry Web Tool for DST 2007 Device Updates-->MsiExec.exe /X{45B914D8-DE1C-4004-9B47-13E013841739}
    Bridge Building Game-->C:\Program Files\Bridge Building Game\uninstall.exe
    Broadcom Advanced Control Suite-->MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
    Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Clifford Learning Activities-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Scholastic's Clifford\Clifford Learning Activities\Uninst.isu" -c"C:\Program Files\Scholastic's Clifford\Clifford Learning Activities\_UnInstall.dll"
    Cognos Series 7 Version 3-->"C:\Program Files\Common Files\Cognos Shared\cer4\Uninstall\uninst.exe" -u "C:\Program Files\Common Files\Cognos Shared\cer4\Uninstall\uninst.ini"
    Cognos Windows Common Logon Server-->"C:\Program Files\Common Files\Cognos Shared\commonlogon\Uninstall\uninst.exe" -u "C:\Program Files\Common Files\Cognos Shared\commonlogon\Uninstall\uninst.ini"
    Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Data Doctor Recovery Digital Camera (Demo)-->C:\Program Files\Data Doctor Recovery Digital Camera (Demo)\Uninstall.exe
    DB2 Administration Client-->MsiExec.exe /I{ABD23811-AA8F-416B-9EF6-E54D62F21A49}
    Disney Mix Central-->MsiExec.exe /X{A84EB063-10A9-49D5-B64F-EB1192E7EA6F}
    Disney Mix-It Plug-in and Windows Media Player Skin-->MsiExec.exe /X{E18BCEBF-805F-4D20-BFE2-103BCBFF3C96}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DynDNS Updater 3.1-->"C:\Program Files\DynDNS Updater\unins000.exe"
    Express Burn Uninstall-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
    Express Rip Uninstall-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
    FL Studio 7-->C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
    FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
    Free YouTube Download 2.2-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
    Free YouTube to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
    Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
    FreshUI-->"C:\Program Files\FreshDevices\FreshUI\unins000.exe"
    GIF Construction Set Professional-->C:\WINDOWS\ALCHUNIN.EXE C:\Program Files\Alchemy Mindworks\GIF Construction Set Professional\INSTALLD.TXT
    GIMPshop .1 beta-->C:\Program Files\GIMPshop\bin\uninst.exe
    Google AFE-->regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Google SketchUp-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Google Web Accelerator-->MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}
    Hallmark Card Studio 2006-->MsiExec.exe /X{192C6FB8-40B8-4910-BE8C-5EE77FACF08D}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    hp psc 900 series-->C:\WINDOWS\system32\hpocon09.exe /u 1144468961 /d "hp psc 900 series"
    IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
    Internet Check-Up-->C:\Program Files\BellCanada\bcunwise.exe
    iPod for Windows 2005-02-22-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033
    IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
    iTunes-->MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
    Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Juice 2.2-->C:\Program Files\Juice\uninst.exe
    Languages of the World V4 Disk 1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC717589-84C8-43BA-8905-96075A8C9671}\Setup.exe" -l0x9
    Languages of the World V4 Disk 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281A55FF-D23F-4E57-9758-CB2F211484ED}\setup.exe"
    LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LogiSphere-->MsiExec.exe /I{A4E3B6CA-6062-474F-88F5-CDF4540F2A92}
    Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
    Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9  -removeonly
    Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
    Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
    Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
    Look@LAN 2.50 Build 29-->C:\WINDOWS\iun6002.exe "C:\Program Files\Look@LAN\irunin.ini"
    Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    MIKSOFT Mobile 3GP converter-->"C:\Program Files\MIKSOFT\Mobile 3GP converter\unins000.exe"
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (1.0)-->C:\WINDOWS\UninstallThunderbird.exe /ua "1.0 (en)"
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
    MSXML4SP2-->MsiExec.exe /I{451BB54C-8B23-4455-8BDC-14FC7D43E056}
    Musicnotes Player V1.22.3-->"C:\Program Files\Musicnotes\Player\unins000.exe"
    muvee Plugin 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82CA0A0C-A3EC-4167-B694-909205B2EDEC}\setup.exe" -l0x9
    NewsBin Pro V5-->C:\Program Files\NewsBin\uninst.exe
    Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
    Note ID 2.7-->C:\Kba_Music\unins000.exe
    NoteWorthy Composer-->C:\PROGRA~1\NOTEWO~1\Uninstal.exe
    Open RegEdit-->"C:\WINDOWS\Open RegEdit\uninstall.exe" "/U:C:\Program Files\Open RegEdit\irunin.xml"
    OpenVPN-->C:\Program Files\OpenVPN\Uninstall.exe
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x9
    Photo Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6B2ED65-7378-4065-802D-F2E5689F3A4E}\Setup.exe"
    PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
    PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
    PuTTY version 0.57-->"C:\Program Files\PuTTY\unins000.exe"
    QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
    RecordPad Sound Recorder Uninstall-->C:\Program Files\NCH Swift Sound\RecordPad\uninst.exe
    Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
    Roxio Media Manager-->MsiExec.exe /X{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}
    SAS ODBC Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SAS Institute\ODBC\Uninst.isu" -c"C:\Program Files\SAS Institute\ODBC\_UNODBC.DLL"
    SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
    SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
    Soap 3.0 Toolkit-->MsiExec.exe /I{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}
    Software AG Entire Connection 4.3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{ECCD4AE3-C161-433D-8FB1-94472F8D8F81} /l1033
    Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SUPER © Version 2008.bld.24 (Jan 18, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
    Switch Uninstall-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
    Symantec AntiVirus-->MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
    The SAS System V8-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SAS Institute\SAS\V8\UNINSTAL.ISU" -c"C:\Program Files\SAS Institute\SAS\V8\uninst.dll"
    Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
    Type3045 TWAIN Driver Ver.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58906F7D-268F-416E-AF25-E240739F3BFC}\setup.exe" -l0x9 DRIVER_UNINSTALL
    UFile 2007-->MsiExec.exe /X{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}
    UFile 2008-->MsiExec.exe /X{2A5C6AD0-F7B3-40A1-B140-23B085B1B8CE}
    UFile Updater 2007-->MsiExec.exe /X{BAF0296B-77EA-425B-934E-671B4DBAED6E}
    UFile Updater 2008-->MsiExec.exe /X{C9967B5A-6E08-4E79-BFBD-BBB07DB0CA04}
    Ulead VideoStudio 8.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9
    Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
    Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
    Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Zwei-Stein Video Compositor 3.01 (Beta 2).-->"C:\Program Files\Thugs at Bay\Zwei-Stein\unins000.exe"

    =====HijackThis Backups=====

    O4 - HKCU\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe" [2008-07-30]
    O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe" [2008-07-30]
    O15 - Trusted Zone: *.sxload.net (HKLM) [2008-07-30]
    O4 - HKCU\..\Run: [prunnet] "C:\DOCUME~1\Tony\LOCALS~1\Temp\prun.exe" [2009-04-02]
    O4 - HKLM\..\Run: [prunnet] "C:\DOCUME~1\Tony\LOCALS~1\Temp\prun.exe" [2009-04-02]
    O4 - HKLM\..\Run: [prunnet] "C:\DOCUME~1\Tony\LOCALS~1\Temp\prun.exe" [2009-04-02]
    O4 - HKCU\..\Run: [prunnet] "C:\DOCUME~1\Tony\LOCALS~1\Temp\prun.exe" [2009-04-02]
    O4 - HKLM\..\Run: [prunnet] "C:\DOCUME~1\Tony\LOCALS~1\Temp\prun.exe" [2009-04-02]
    O4 - HKCU\..\Run: [prunnet] "C:\DOCUME~1\Tony\LOCALS~1\Temp\prun.exe" [2009-04-02]
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-06-10]
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2009-06-10]

    ======Hosts File======

    127.0.0.1 localhost
    127.0.0.1   www.007guard.com
    127.0.0.1   007guard.com
    127.0.0.1   010402.com
    127.0.0.1   www.032439.com
    127.0.0.1   032439.com
    127.0.0.1   www.0scan.com
    127.0.0.1   0scan.com
    127.0.0.1   100888290cs.com
    127.0.0.1   www.100888290cs.com

    ======Security center information======

    AV: Symantec AntiVirus Corporate Edition

    ======System event log======

    Computer Name: DIFELICE
    Event Code: 51
    Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

    Record Number: 23299
    Source Name: Disk
    Time Written: 20090422054700.000000-240
    Event Type: warning
    User:

    Computer Name: DIFELICE
    Event Code: 51
    Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

    Record Number: 23298
    Source Name: Disk
    Time Written: 20090422054700.000000-240
    Event Type: warning
    User:

    Computer Name: DIFELICE
    Event Code: 51
    Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

    Record Number: 23297
    Source Name: Disk
    Time Written: 20090422054700.000000-240
    Event Type: warning
    User:

    Computer Name: DIFELICE
    Event Code: 51
    Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

    Record Number: 23296
    Source Name: Disk
    Time Written: 20090422054700.000000-240
    Event Type: warning
    User:

    Computer Name: DIFELICE
    Event Code: 51
    Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

    Record Number: 23295
    Source Name: Disk
    Time Written: 20090422054700.000000-240
    Event Type: warning
    User:

    =====Application event log=====

    Computer Name: DIFELICE
    Event Code: 6
    Message:


    Could not scan 1 files inside C:\Software\office\FILES\OSP\1033\IE5\EN\JAAIME.CAB due to extraction errors encountered by the Decomposer Engines.

    Record Number: 10140
    Source Name: Symantec AntiVirus
    Time Written: 20090517041806.000000-240
    Event Type: warning
    User:

    Computer Name: DIFELICE
    Event Code: 6
    Message:


    Could not scan 1 files inside C:\Software\office\FILES\OSP\1033\IE5\EN\IE_S3.CAB due to extraction errors encountered by the Decomposer Engines.

    Record Number: 10139
    Source Name: Symantec AntiVirus
    Time Written: 20090517041806.000000-240
    Event Type: warning
    User:

    Computer Name: DIFELICE
    Event Code: 6
    Message:


    Could not scan 1 files inside C:\Software\office\FILES\OSP\1033\IE5\EN\IE_S2.CAB due to extraction errors encountered by the Decomposer Engines.

    Record Number: 10138
    Source Name: Symantec AntiVirus
    Time Written: 20090517041805.000000-240
    Event Type: warning
    User:

    Computer Name: DIFELICE
    Event Code: 6
    Message:


    Could not scan 1 files inside C:\Software\office\FILES\OSP\1033\IE5\EN\IE_S1.CAB due to extraction errors encountered by the Decomposer Engines.

    Record Number: 10137
    Source Name: Symantec AntiVirus
    Time Written: 20090517041805.000000-240
    Event Type: warning
    User:

    Computer Name: DIFELICE
    Event Code: 6
    Message:


    Could not scan 1 files inside C:\Software\office\FILES\OSP\1033\IE5\EN\IENT_S4.CAB due to extraction errors encountered by the Decomposer Engines.

    Record Number: 10136
    Source Name: Symantec AntiVirus
    Time Written: 20090517041805.000000-240
    Event Type: warning
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\IBM\SQLLIB\BIN;C:\PROGRA~1\IBM\SQLLIB\FUNCTION;C:\PROGRA~1\IBM\SQLLIB\SAMPLES\REPL;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
    "PROCESSOR_REVISION"=0403
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
    "INCLUDE"=C:\PROGRA~1\IBM\SQLLIB\INCLUDE;C:\PROGRA~1\IBM\SQLLIB\LIB
    "LIB"=;C:\PROGRA~1\IBM\SQLLIB\LIB
    "DB2TEMPDIR"=C:\PROGRA~1\IBM\SQLLIB\
    "CLASSPATH"=.;C:\PROGRA~1\IBM\SQLLIB\java\db2java.zip;C:\PROGRA~1\IBM\SQLLIB\java\db2jcc.jar;C:\PROGRA~1\IBM\SQLLIB\java\db2jcc_license_cu.jar;C:\PROGRA~1\IBM\SQLLIB\bin;C:\PROGRA~1\IBM\SQLLIB\java\common.jar;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
    "DB2INSTANCE"=DB2
    "QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

    -----------------EOF-----------------

    Offline Maurice Naggar

    • Malware Removal Staff
    • Gold Member
    • Posts: 1205
    Re: [In Progress]Bloodhound quarantined constantly
    « Reply #9 on: June 11, 2009, 09:04:14 AM »
    There are a few files tagged by Kaspersky as "adwares" that you should likely delete.
    They are
    C:\D\FROM_C\Downloads\xolox13.exe   
    C:\D\FROM_C\Downloads\xolox13.exe 
    C:\D\FROM_C\Downloads\xolox13.exe 
    C:\D\FROM_C\Downloads\xolox131b.exe
    C:\D\FROM_C\Downloads\xolox131b.exe
    C:\D\FROM_C\Downloads\xolox131b.exe

    =


    Download OTListIt by OldTimer >>   from here <<   and SAVE to your Desktop

    • Please double-click OTL.exe on the Desktop to run it.
      Note:
      If you are running on Vista, right-click on the file and choose Run As Administrator.

    • Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: [Select]
    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    :files
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]




      • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.

      • Close any browser(s) windows that may be open.
      • Using your mouse, click on the red-lettered button Run Fix.
      • Once you see a message box "Fix complete! Click OK to open the fix log."

      Click the OK button
      • The log will open in Notepad (your default text editor).
      • Save the log. Post a copy of that log in your next reply.
      Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
      If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

      =
      I'm going to have you get and run two utilities.
      The first stops automatic use of the AutoRun feature of XP. The second will write to any connected devices a Read-only, System protected Autorun.inf file on all of your hard drives, and all connected removable storage devices.

      Download and Install Microsoft's TweakUI:
      http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
      Obtain and install TweakUI (part of the PowerToys for Windows XP package), and then start TweakUI.
      Expand the My Computer branch, then the AutoPlay branch, and then select Drives.
      Turn off the checkbox next to every drive letter to disable AutoPlay -- except your CD/DVD drive letters.

      Download and run "Flash Drive Disinfector" by sUBs. It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
      http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
      There is no GUI interface or log file produced.



      Start your MBAM.
      Click the Settings Tab. Make sure all option lines have a checkmark.
      Click the Update tab. Press the "Check for Updates" button.
      The latest program version is 1.37 (released May 26)

      When done, click the Scanner tab.
      Do a Quick Scan.

      When the scan is complete, click OK, then Show Results to view the results.
      Make sure that everything is checked, and click Remove Selected.
      When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
      The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

      =
      Reply with copy of the OTL Movedfiles log (from above)
      the latest MBAM scan log
      and tell me, if the "bloodhound" issue is still around?
      ~Maurice Naggar
      MS-MVP (October 2002 - September 2010)

      Offline adf1962

      • Bronze Member
      • Posts: 67
      Re: [In Progress]Bloodhound quarantined constantly
      « Reply #10 on: June 11, 2009, 06:16:42 PM »
      I followed your instructions.  However, I'm a bit concerned.  When I downloaded and ran Flash Disinfector from the link you gave me, my anti-virus program told me it was a virus.  See attached RTF file containing screen print below.  Have I been infected?

      Here are the reports you asked for:

      Error: Unable to interpret <:OTLI> in the current context!
      Error: Unable to interpret <PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
      ========== FILES ==========
      C:\RECYCLER\S-1-5-21-3860373334-2885350956-181780697-1007\Dc60 moved successfully.
      C:\RECYCLER\S-1-5-21-3860373334-2885350956-181780697-1007\Dc59 moved successfully.
      C:\RECYCLER\S-1-5-21-3860373334-2885350956-181780697-1007\Dc58 moved successfully.
      C:\RECYCLER\S-1-5-21-3860373334-2885350956-181780697-1007 moved successfully.
      C:\RECYCLER\S-1-5-21-3860373334-2885350956-181780697-1006 moved successfully.
      C:\RECYCLER moved successfully.
      File\Folder D:\recycler not found.
      File\Folder e:\recycler not found.
      File\Folder f:\recycler not found.
      File\Folder g:\recycler not found.
      File\Folder h:\recycler not found.
      ========== COMMANDS ==========
      File delete failed. C:\Documents and Settings\Tony\Local Settings\temp\~ROMFN_00000A80 scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Internet Explorer cache folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      Network Service Temp folder emptied.
      Network Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\JETDD46.tmp scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_364.dat scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      Temp folders emptied.
      Explorer started successfully
       
      OTL by OldTimer - Version 2.1.1.0 log created on 06112009_192526

      Files moved on Reboot...
      File C:\Documents and Settings\Tony\Local Settings\temp\~ROMFN_00000A80 not found!
      C:\WINDOWS\temp\JETDD46.tmp moved successfully.
      File C:\WINDOWS\temp\Perflib_Perfdata_364.dat not found!

      Registry entries deleted on Reboot...


      =======================================================


      Malwarebytes' Anti-Malware 1.37
      Database version: 2265
      Windows 5.1.2600 Service Pack 3

      6/11/2009 8:02:15 PM
      mbam-log-2009-06-11 (20-02-15).txt

      Scan type: Quick Scan
      Objects scanned: 118577
      Time elapsed: 6 minute(s), 31 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 1

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      c:\documents and settings\Tony\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.




      Offline Maurice Naggar

      • Malware Removal Staff
      • Gold Member
      • Posts: 1205
      Re: [In Progress]Bloodhound quarantined constantly
      « Reply #11 on: June 13, 2009, 05:14:23 AM »
      If the "message" from your antivirus is on the flash drive disinfector, then that is a false indication.
      Turn off (temporarily) your antivirus & do run the disinfector.
      See How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

      >
      Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

      Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

      Scan with DrWeb-CureIt as follows:
      • Double-click on cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
      • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
      • Once the short scan has finished, Click Options > Change settings
      • Choose the "Scan tab" and UNcheck "Heuristic analysis"
      • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
      • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
      • When done, a message will be displayed at the bottom advising if any viruses were found.
      • Click "Yes to all" if it asks if you want to cure/move the file.
      • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable". (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
      • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
      • Save the DrWeb.csv report to your desktop.
      • Exit Dr.Web Cureit when done.
      • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
      • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
      ~Maurice Naggar
      MS-MVP (October 2002 - September 2010)

      Offline adf1962

      • Bronze Member
      • Posts: 67
      Re: [In Progress]Bloodhound quarantined constantly
      « Reply #12 on: June 14, 2009, 08:08:36 AM »
      WMGRPPOL.DLL;C:\D\FROM_C\wnt48e\novell\english\winnt\i386\REDIR;Trojan.MulDrop.origin;Incurable.Moved.;
      blphc3nvj0eca3.scr.bac_a01252;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Fakealert.1321;Deleted.;
      RegUBP2b-Tony.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
      ComboFix(3).exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Tony\Desktop\Unused Desktop Shortcuts\ComboFix(3).exe/data002;Program.PsExec.171;;
      data002;C:\Documents and Settings\Tony\Desktop\Unused Desktop Shortcuts;Archive contains infected objects;;
      ComboFix(3).exe;C:\Documents and Settings\Tony\Desktop\Unused Desktop Shortcuts;Container contains infected objects;Moved.;
      ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Tony\Desktop\Unused Desktop Shortcuts\ComboFix.exe/data002;Program.PsExec.171;;
      data002;C:\Documents and Settings\Tony\Desktop\Unused Desktop Shortcuts;Archive contains infected objects;;
      ComboFix.exe;C:\Documents and Settings\Tony\Desktop\Unused Desktop Shortcuts;Container contains infected objects;Moved.;
      MultiFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Tony\Desktop\Unused Desktop Shortcuts\MultiFix.exe/data002;Program.PsExec.171;;
      data002;C:\Documents and Settings\Tony\Desktop\Unused Desktop Shortcuts;Archive contains infected objects;;
      MultiFix.exe;C:\Documents and Settings\Tony\Desktop\Unused Desktop Shortcuts;Container contains infected objects;Moved.;
      SDFix.exe\SDFix\apps\Process.exe;C:\Software\SDFix.exe;Tool.Prockill;;
      SDFix.exe;C:\Software;Archive contains infected objects;Moved.;
      SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\Software\SmitfraudFix.exe;Tool.Prockill;;
      SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\Software\SmitfraudFix.exe;Tool.ShutDown.14;;
      SmitfraudFix.exe;C:\Software;Archive contains infected objects;Moved.;
      VirtumundoBeGone.exe\data005;C:\Software\VirtumundoBeGone.exe;Tool.Prockill;;
      VirtumundoBeGone.exe;C:\Software;Archive contains infected objects;Moved.;
      vnc-4_1_1-x86_win32.exe\data001;C:\Software\vnc-4_1_1-x86_win32.exe;Program.RemoteAdmin;;
      vnc-4_1_1-x86_win32.exe\data003;C:\Software\vnc-4_1_1-x86_win32.exe;Program.RemoteAdmin;;
      vnc-4_1_1-x86_win32.exe;C:\Software;Archive contains infected objects;Moved.;
      psexec.cfexe;C:\Software\MultiFix\32788R22FWJFW;Program.PsExec.171;Moved.;
      MaxRAMFree.exe;C:\Software\Utilities\MaxRAMFree;Trojan.Click.25652;Deleted.;
      psexec.exe;C:\Software\Utilities\PsTools;Program.PsExec.174;Moved.;
      psfile.exe;C:\Software\Utilities\PsTools;Program.PsFile.101;Moved.;
      psgetsid.exe;C:\Software\Utilities\PsTools;Program.PsSid.142;Moved.;
      pskill.exe;C:\Software\Utilities\PsTools;Tool.ProcessKill.7;Moved.;
      pslist.exe;C:\Software\Utilities\PsTools;Program.PsList.126;Moved.;
      psloggedon.exe;C:\Software\Utilities\PsTools;Program.PsLogon.131;Moved.;
      pspasswd.exe;C:\Software\Utilities\PsTools;Program.PsPasswd.121;Moved.;
      pssuspend.exe;C:\Software\Utilities\PsTools;Program.PsSuspend.105;Moved.;
      smitRem.exe\smitRem/pv.exe;C:\Software\Virus\smitRem.exe;Program.PrcView.3741;;
      smitRem.exe;C:\Software\Virus;Archive contains infected objects;Moved.;
      A0003077.DLL;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40;Trojan.MulDrop.origin;Incurable.Moved.;
      A0003078.reg;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40;Trojan.StartPage.1505;Deleted.;
      A0003082.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40\A0003082.exe;Tool.Prockill;;
      A0003082.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40;Archive contains infected objects;Moved.;
      A0003083.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40\A0003083.exe;Tool.Prockill;;
      A0003083.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40\A0003083.exe;Tool.ShutDown.14;;
      A0003083.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40;Archive contains infected objects;Moved.;
      A0003084.exe\data005;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40\A0003084.exe;Tool.Prockill;;
      A0003084.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40;Archive contains infected objects;Moved.;
      A0003085.exe\data001;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40\A0003085.exe;Program.RemoteAdmin;;
      A0003085.exe\data003;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40\A0003085.exe;Program.RemoteAdmin;;
      A0003085.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40;Archive contains infected objects;Moved.;
      A0003086.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40;Trojan.Click.25652;Deleted.;
      A0003087.exe\smitRem/pv.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40\A0003087.exe;Program.PrcView.3741;;
      A0003087.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP40;Archive contains infected objects;Moved.;
      Dc2.exe\data003;C:\_OTL\MovedFiles\06112009_192526\RECYCLER\S-1-5-21-3860373334-2885350956-181780697-1006\Dc2.exe;Adware.SaveNow;;
      Dc2.exe;C:\_OTL\MovedFiles\06112009_192526\RECYCLER\S-1-5-21-3860373334-2885350956-181780697-1006;Archive contains infected objects;Moved.;
      Dc3.exe\data003;C:\_OTL\MovedFiles\06112009_192526\RECYCLER\S-1-5-21-3860373334-2885350956-181780697-1006\Dc3.exe;Adware.SaveNow;;
      Dc3.exe;C:\_OTL\MovedFiles\06112009_192526\RECYCLER\S-1-5-21-3860373334-2885350956-181780697-1006;Archive contains infected objects;Moved.;

      Offline Maurice Naggar

      • Malware Removal Staff
      • Gold Member
      • Posts: 1205
      Re: [In Progress]Bloodhound quarantined constantly
      « Reply #13 on: June 14, 2009, 09:14:07 AM »
      Make sure you have your antivirus (Symantec) active, and up-to-date with latest definitions.
      Then do a full scan of your system with it.
      Does it flag any "bloodhound"?

      If not, we can proceeed next with wrap-up of this case.
      ~Maurice Naggar
      MS-MVP (October 2002 - September 2010)

      Offline adf1962

      • Bronze Member
      • Posts: 67
      Re: [In Progress]Bloodhound quarantined constantly
      « Reply #14 on: June 15, 2009, 09:15:06 PM »
      I ran a Full Symantec scan and it came back with two Trojan Horses.  One of them was the Flash Disinfector which we both believe is a false positive.

      The second is a file called A0003185.exe found in the System Volume Information.

      Both were Quarantined.

      Below is a copy of the screen shot which I put into a Word file.