Author Topic: [RESOLVED] Trojan.Win32.Generic!SB.0 infection  (Read 4599 times)

0 Members and 1 Guest are viewing this topic.

Offline holeinshoe

  • Bronze Member
  • Posts: 16
[RESOLVED] Trojan.Win32.Generic!SB.0 infection
« on: March 01, 2012, 08:10:23 pm »
Hi

Over the past weekend my A/V kept a program from opening that it said was a trojan.  It said that "this is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability."  Every half-hour the same warning popped up.  I ran spybot last night and fixed  some items that it said need attention.  Since then no A/V notifications have shown up.  I am wondering whether something might still be running in the background.  I ran the DDS and have attached the results.  I appreciate your advice.

Thanks

Holeinshoe

« Last Edit: April 01, 2012, 10:10:11 pm by Maurice Naggar »



Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25390
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: Trojan.Win32.Generic!SB.0 infection
« Reply #1 on: March 01, 2012, 08:27:18 pm »
Can you please paste your logs inline of your post instead of attaching them? This is for our protection as well as people that may use your log in the future for research.

Once you have done that, one of the MRS will be around to help you.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline holeinshoe

  • Bronze Member
  • Posts: 16
Re: Trojan.Win32.Generic!SB.0 infection
« Reply #2 on: March 01, 2012, 08:33:13 pm »
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_02
Run by Daniel at 20:39:51 on 2012-03-01
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.66 [GMT -5:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Norton Internet Worm Protection *Disabled*
FW: Comodo Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\17.0.963.56\npchrome_frame.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ServUTrayIcon] c:\program files\rhinosoft.com\serv-u\ServUTray.exe
uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Download] "c:\documents and settings\daniel\local settings\application data\supportsoft\ddoctorv2\daniel\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_Plugin.exe -update plugin
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [Comodo Personal Firewall] c:\program files\comodo\personal firewall\CPF.exe sysrestart
mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
StartupFolder: c:\docume~1\daniel\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\documents and settings\daniel\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelr~1.lnk - c:\program files\corel\wordperfect office 2000\register\Remind32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelc~1.lnk - c:\program files\corel\wordperfect office 2000\programs\ccwin9.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelc~2.lnk - c:\program files\corel\wordperfect office 2000\programs\alarm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\corel\wordperfect office 2000\programs\dad9.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/yinst/yinst_current.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\autodesk architectural desktop 3\AcDcToday.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\autodesk architectural desktop 3\InstBanr.ocx
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://c:\program files\autodesk architectural desktop 3\InstFred.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\autodesk architectural desktop 3\AcPreview.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B0715675-B245-43B4-A508-DC158BCF5909} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\17.0.963.56\npchrome_frame.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\daniel\application data\mozilla\firefox\profiles\oxsroyum.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: c:\program files\adobe\adobe acrobat 6.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint_03000F10.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2004-1-18 6097]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-11-2 21240]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2009-5-17 217976]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 LMIBackupVSSService.exe;LogMeIn Backup VSS Service;c:\program files\logmein backup\LMIBackupVSSService.exe [2006-5-16 316160]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-19 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-19 47640]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\gfi software\vipre\SBAMSvc.exe [2011-11-1 3287472]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-11-2 77816]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2011-11-1 173424]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-13 1174152]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2004-1-18 299923]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-25 372824]
S4 BackupMaint;LogMeIn Backup Maintenance Service;"c:\program files\logmein backup\backupmaint.exe" --> c:\program files\logmein backup\BackupMaint.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP;

S4 LogMeInBackupService.exe;LogMeIn Backup Storage PC Service;c:\program files\logmein backup\LogmeInBackupService.exe [2006-5-16 922368]
S4 Usd_394;Usd_394;

.
=============== File Associations ===============
.
.scr=
.
=============== Created Last 30 ================
.
2012-02-15 00:37:18   3072   ------w-   c:\windows\system32\iacenc.dll
2012-02-15 00:37:18   3072   ------w-   c:\windows\system32\dllcache\iacenc.dll
.
==================== Find3M  ====================
.
2012-01-12 16:53:24   1859968   ------w-   c:\windows\system32\win32k.sys
2011-12-17 19:46:36   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-12-17 19:46:36   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58   385024   ----a-w-   c:\windows\system32\html.iec
.
============= FINISH: 20:44:41.62 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/8/2003 8:53:13 PM
System Uptime: 2/15/2012 3:38:58 AM (377 hours ago)
.
Motherboard: Dell Computer Corp. |  | 0G0728
Processor:               Intel(R) Pentium(R) 4 CPU 2.60GHz | Microprocessor | 2593/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 22.139 GiB free.
D: is CDROM ()
H: is NetworkDisk (NTFS) - 112 GiB total, 22.139 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
.
==== System Restore Points ===================
.
RP2034: 12/2/2011 8:20:05 PM - System Checkpoint
RP2035: 12/3/2011 9:20:06 PM - System Checkpoint
RP2036: 12/4/2011 9:46:23 PM - System Checkpoint
RP2037: 12/5/2011 10:19:58 PM - System Checkpoint
RP2038: 12/6/2011 10:24:18 PM - System Checkpoint
RP2039: 12/7/2011 11:19:56 PM - System Checkpoint
RP2040: 12/8/2011 11:33:13 PM - System Checkpoint
RP2041: 12/10/2011 12:19:58 AM - System Checkpoint
RP2042: 12/11/2011 1:19:57 AM - System Checkpoint
RP2043: 12/12/2011 2:20:05 AM - System Checkpoint
RP2044: 12/13/2011 3:20:01 AM - System Checkpoint
RP2045: 12/14/2011 4:19:46 AM - System Checkpoint
RP2046: 12/15/2011 3:00:24 AM - Software Distribution Service 3.0
RP2047: 12/16/2011 3:10:32 AM - System Checkpoint
RP2048: 12/17/2011 3:19:40 AM - System Checkpoint
RP2049: 12/18/2011 4:19:44 AM - System Checkpoint
RP2050: 12/19/2011 5:19:56 AM - System Checkpoint
RP2051: 12/20/2011 6:19:57 AM - System Checkpoint
RP2052: 12/21/2011 7:19:34 AM - System Checkpoint
RP2053: 12/22/2011 8:19:32 AM - System Checkpoint
RP2054: 12/23/2011 9:19:19 AM - System Checkpoint
RP2055: 12/24/2011 10:19:54 AM - System Checkpoint
RP2056: 12/25/2011 11:19:21 AM - System Checkpoint
RP2057: 12/26/2011 12:19:22 PM - System Checkpoint
RP2058: 12/27/2011 1:19:19 PM - System Checkpoint
RP2059: 12/28/2011 2:19:20 PM - System Checkpoint
RP2060: 12/29/2011 2:20:23 PM - System Checkpoint
RP2061: 12/30/2011 3:19:10 PM - System Checkpoint
RP2062: 12/31/2011 4:19:11 PM - System Checkpoint
RP2063: 1/1/2012 5:19:13 PM - System Checkpoint
RP2064: 1/2/2012 6:19:11 PM - System Checkpoint
RP2065: 1/3/2012 7:19:11 PM - System Checkpoint
RP2066: 1/4/2012 8:19:11 PM - System Checkpoint
RP2067: 1/5/2012 9:19:12 PM - System Checkpoint
RP2068: 1/6/2012 10:19:05 PM - System Checkpoint
RP2069: 1/8/2012 12:27:58 AM - System Checkpoint
RP2070: 1/9/2012 1:19:04 AM - System Checkpoint
RP2071: 1/10/2012 2:19:21 AM - System Checkpoint
RP2072: 1/11/2012 3:19:23 AM - System Checkpoint
RP2073: 1/12/2012 3:01:10 AM - Software Distribution Service 3.0
RP2074: 1/13/2012 3:00:52 AM - Software Distribution Service 3.0
RP2075: 1/14/2012 6:17:54 AM - System Checkpoint
RP2076: 1/15/2012 11:13:33 PM - System Checkpoint
RP2077: 1/16/2012 11:43:13 PM - System Checkpoint
RP2078: 1/17/2012 11:44:20 PM - System Checkpoint
RP2079: 1/19/2012 12:45:16 AM - System Checkpoint
RP2080: 1/20/2012 1:43:14 AM - System Checkpoint
RP2081: 1/21/2012 2:43:25 AM - System Checkpoint
RP2082: 1/22/2012 3:43:33 AM - System Checkpoint
RP2083: 1/23/2012 4:43:17 AM - System Checkpoint
RP2084: 1/24/2012 5:46:54 AM - System Checkpoint
RP2085: 1/25/2012 6:43:04 AM - System Checkpoint
RP2086: 1/26/2012 7:43:04 AM - System Checkpoint
RP2087: 1/27/2012 8:43:05 AM - System Checkpoint
RP2088: 1/28/2012 9:43:04 AM - System Checkpoint
RP2089: 1/29/2012 10:43:04 AM - System Checkpoint
RP2090: 1/30/2012 11:42:56 AM - System Checkpoint
RP2091: 1/31/2012 12:42:57 PM - System Checkpoint
RP2092: 2/1/2012 1:42:58 PM - System Checkpoint
RP2093: 2/2/2012 2:42:56 PM - System Checkpoint
RP2094: 2/3/2012 3:42:59 PM - System Checkpoint
RP2095: 2/4/2012 4:42:58 PM - System Checkpoint
RP2096: 2/5/2012 5:43:00 PM - System Checkpoint
RP2097: 2/6/2012 6:42:51 PM - System Checkpoint
RP2098: 2/7/2012 7:42:50 PM - System Checkpoint
RP2099: 2/8/2012 8:42:51 PM - System Checkpoint
RP2100: 2/9/2012 9:42:52 PM - System Checkpoint
RP2101: 2/10/2012 10:42:52 PM - System Checkpoint
RP2102: 2/12/2012 12:24:20 AM - System Checkpoint
RP2103: 2/13/2012 12:45:55 AM - System Checkpoint
RP2104: 2/14/2012 1:42:47 AM - System Checkpoint
RP2105: 2/15/2012 2:42:51 AM - System Checkpoint
RP2106: 2/15/2012 3:00:31 AM - Software Distribution Service 3.0
RP2107: 2/16/2012 3:00:57 AM - Software Distribution Service 3.0
RP2108: 2/17/2012 3:52:58 AM - System Checkpoint
RP2109: 2/18/2012 3:00:59 AM - Software Distribution Service 3.0
RP2110: 2/19/2012 3:53:03 AM - System Checkpoint
RP2111: 2/20/2012 3:57:44 AM - System Checkpoint
RP2112: 2/21/2012 4:02:05 AM - System Checkpoint
RP2113: 2/22/2012 5:03:35 AM - System Checkpoint
RP2114: 2/23/2012 6:02:01 AM - System Checkpoint
RP2115: 2/24/2012 7:02:03 AM - System Checkpoint
RP2116: 2/25/2012 8:01:54 AM - System Checkpoint
RP2117: 2/26/2012 9:01:55 AM - System Checkpoint
RP2118: 2/26/2012 9:53:40 PM - VIPRE clean action
RP2119: 2/27/2012 10:01:43 PM - System Checkpoint
RP2120: 2/28/2012 11:13:48 PM - System Checkpoint
RP2121: 3/1/2012 12:01:44 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 3.0
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AnswerWorks Runtime
Apple Mobile Device Support
Apple Software Update
Brother HL-5250DN
Cisco Packet Tracer 5.3.2
Compatibility Pack for the 2007 Office system
Corel Applications
Crayola Magic 3D Coloring Book
Critical Update for Windows Media Player 11 (KB959772)
Desktop Doctor
Fujitsu NetCOBOL Free Run-time
Fujitsu PowerCOBOL Free Run-time
Google Chrome
Google Chrome Frame
Google Earth
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) SE Runtime Environment 6 Update 1
LiveUpdate 3.0 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word Viewer
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OpenOffice.org 2.4
QuickTime
Scheduler
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Symantec KB-DocID:2003093015493306
SyncBack
TBS WMP Plug-in
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmiiper
TurboTax 2008 wrapper
TurboTax Premier 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIPRE Antivirus
WebFldrs XP
White Estate Software
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
.
==== End Of File ===========================

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1151
Re: Trojan.Win32.Generic!SB.0 infection
« Reply #3 on: March 01, 2012, 10:10:17 pm »
Hello holeinshoe and welcome to Spywarehammer.

I will be guiding you, going forward.  Please start with the following, and remember to always Copy & Paste the logs into main body of reply box.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then  Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 3
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Step 4
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad.  We will need this log, too, so remember where you've saved it!
Step 5
Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy.  Then paste contents into your next reply.

Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.
Step 7
RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.
Use separate replies as needed if logs do not fit into one reply box.
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1151
Re: [In Progress] Trojan.Win32.Generic!SB.0 infection
« Reply #4 on: March 04, 2012, 10:55:32 am »
Hello holeinshoe,

Are you still with us?
Please advise if you have resolved your issue.
If I do not hear back from you by Wednesday, your topic here will be closed.
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline holeinshoe

  • Bronze Member
  • Posts: 16
Re: [In Progress] Trojan.Win32.Generic!SB.0 infection
« Reply #5 on: March 04, 2012, 09:23:47 pm »
Here is the reports from the various steps you asked to be done.  Again, I have not seen any evidence or notifications of an active infection since I ran spybot.  But I just want to see if there might be something running in the background.

Apparently the amount of data generated by the reports is over 50000 characters, so I will send them via two posts.

Thanks

Logfile of random's system information tool 1.09 (written by random/random)
Run by Daniel at 2012-03-04 21:49:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (20%) free of 114 GB
Total RAM: 511 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:50:17 PM, on 3/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Daniel\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Daniel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Comodo Personal Firewall] C:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\GFI Software\VIPRE\SBAMTray.exe"
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Download] "C:\Documents and Settings\Daniel\Local Settings\Application Data\SupportSoft\ddoctorv2\Daniel\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10w_Plugin.exe -update plugin
O4 - HKUS\S-1-5-21-2038766453-2915000045-2127540699-1010\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Backup VSS Service (LMIBackupVSSService.exe) - LogMeIn, Inc. - C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: VIPRE Antivirus (SBAMSvc) - GFI Software - C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - GFI Software - C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13632 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGALogon.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\oxsroyum.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "extensions.enabledItems" -  "{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.0, {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483]
"Description"=6.0.12.1483
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP]
"Description"=Viewpoint Media Player for Mozilla
"Path"=C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
inspector-cmdline.js
inspector.dll
inspector.xpt
nppl3260.xpt
npRACtrl.xpt
nsILegitCheckPlugin.xpt
nsIMediaPlugin.xpt
nsJSRealPlayerPlugin.xpt
snapfishScript.xpt

C:\Program Files\Mozilla Firefox\plugins\
LMIProxyHelper.exe
np-mswmp.dll
npLegitCheckPlugin.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npRACtrl.dll
nprjplug.dll
nprpjplug.dll
npsnapfish.dll
NPTURNMED.dll
npViewpoint.xpt
npViewpoint_03000F10.dll
QuickTimePlugin.class
ractrlkeyhook.dll
unicows.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\oxsroyum.default\extensions\
LogMeInClient@logmein.com
{20a82645-c095-46ed-80e3-08825760534b}

C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\oxsroyum.default\searchplugins\
a9.xml
bing.xml
live-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-29 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-09-05 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}]
ChromeFrame BHO - C:\Program Files\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll [2012-02-15 1984496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-29 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe [2005-10-13 69632]
"tgcmd"=C:\Program Files\support.com\bin\tgcmd.exe [2002-04-24 1544192]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-08-14 28672]
"Comodo Personal Firewall"=C:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart []
"AdobeVersionCue"=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2003-10-13 1732608]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-07 267064]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
""= []
"SBAMTray"=C:\Program Files\GFI Software\VIPRE\SBAMTray.exe [2011-11-01 3045744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ServUTrayIcon"=C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe []
"PopUpStopperFreeEdition"=C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2003-04-29 524288]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Download"=C:\Documents and Settings\Daniel\Local Settings\Application Data\SupportSoft\ddoctorv2\Daniel\ssGet.exe 120 http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe EasySolveInstaller.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10w_Plugin.exe [2011-08-26 243360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Corel Registration.lnk - C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
CorelCENTRAL 9.LNK - C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
CorelCENTRAL Alarms.LNK - C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
Desktop Application Director 9.LNK - C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Daniel\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-10-01 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBPIMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe"="C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.iv41"=ir41_32.ax
"msacm.iac2"=iac25_32.ax
"vidc.iv50"=ir50_32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.dvacm"=dvacm.acm
"VIDC.WMV3"=wmv9vcm.dll

======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-03-04 21:49:50 ----D---- C:\Program Files\trend micro
2012-03-04 21:49:44 ----D---- C:\rsit
2012-03-04 21:46:15 ----D---- C:\WINDOWS\ERDNT
2012-03-04 21:45:34 ----D---- C:\Program Files\ERUNT
2012-02-15 03:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-15 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-14 19:37:18 ----N---- C:\WINDOWS\system32\iacenc.dll

======List of files/folders modified in the last 1 month======

2012-03-04 21:49:50 ----D---- C:\Program Files
2012-03-04 21:49:48 ----D---- C:\WINDOWS\Prefetch
2012-03-04 21:46:15 ----D---- C:\WINDOWS
2012-03-04 18:43:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-04 07:57:35 ----D---- C:\WINDOWS\SYSTEM32
2012-03-04 07:57:07 ----D---- C:\WINDOWS\Temp
2012-02-19 21:50:03 ----D---- C:\Program Files\Mozilla Firefox
2012-02-18 03:02:26 ----SHD---- C:\WINDOWS\Installer
2012-02-18 03:02:26 ----D---- C:\Config.Msi
2012-02-16 03:02:23 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-15 20:40:02 ----D---- C:\Documents and Settings\Daniel\Application Data\OpenOffice.org2
2012-02-15 03:54:22 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-15 03:53:36 ----RSD---- C:\WINDOWS\assembly
2012-02-15 03:39:56 ----A---- C:\WINDOWS\ModemLog_Dell Data Fax Modem #2.txt
2012-02-15 03:39:49 ----D---- C:\Program Files\LogMeIn Backup
2012-02-15 03:38:31 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-15 03:19:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-15 03:18:00 ----D---- C:\WINDOWS\WinSxS
2012-02-15 03:04:50 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-15 03:04:31 ----HD---- C:\WINDOWS\INF
2012-02-15 03:04:26 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2012-02-15 03:04:00 ----A---- C:\WINDOWS\imsins.BAK
2012-02-15 03:03:32 ----D---- C:\Program Files\Internet Explorer
2012-02-15 03:03:00 ----D---- C:\WINDOWS\ie8updates
2012-02-15 03:02:44 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 ohci1394;NEC FireWarden OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2004-12-18 20176]
R0 sonyhcb;Sony Digital Imaging Base; C:\WINDOWS\System32\DRIVERS\sonyhcb.sys [2001-11-05 6097]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-01-22 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-08-28 143834]
R1 sbaphd;sbaphd; C:\WINDOWS\system32\drivers\sbaphd.sys [2011-09-09 21240]
R1 SbTis;SbTis; C:\WINDOWS\system32\drivers\sbtis.sys [2011-11-01 217976]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-08-28 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 sbapifs;sbapifs; C:\WINDOWS\system32\drivers\sbapifs.sys [2011-09-09 77816]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2004-08-04 327040]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-08-28 25898]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2007-04-17 10144]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-11-11 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
R3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mbr;mbr; \??\C:\DOCUME~1\Daniel\LOCALS~1\Temp\mbr.sys []
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-08-28 30630]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-08-28 28164]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonyhcs;Sony Digital Imaging Video; C:\WINDOWS\System32\DRIVERS\sonyhcs.sys [2001-11-05 299923]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbaudio;Sony Digital Imaging Audio; C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2006-03-16 372824]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 Usd_394;Usd_394; C:\WINDOWS\system32\drivers\Usd_394.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-01-19 100032]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 LMIBackupVSSService.exe;LogMeIn Backup VSS Service; C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe [2006-06-28 316160]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 SBAMSvc;VIPRE Antivirus; C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe [2011-11-01 3287472]
R2 SBPIMSvc;SB Recovery Service; C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe [2011-11-01 173424]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-01-22 1174152]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-07 503608]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-26 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-05 194104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2004-01-16 68096]
S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-13 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2004-09-02 68608]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-26 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-01-19 2041536]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 BackupMaint;LogMeIn Backup Maintenance Service; C:\Program Files\LogMeIn Backup\BackupMaint.exe []
S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-01 116032]
S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-04-17 63040]
S4 LogMeInBackupService.exe;LogMeIn Backup Storage PC Service; C:\Program Files\LogMeIn Backup\LogMeInBackupService.exe [2006-06-28 922368]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------





Offline holeinshoe

  • Bronze Member
  • Posts: 16
Re: [In Progress] Trojan.Win32.Generic!SB.0 infection
« Reply #6 on: March 04, 2012, 09:27:00 pm »
info.txt logfile of random's system information tool 1.09 2012-03-04 21:50:35

======Uninstall list======

-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10w_Plugin.exe -maintain plugin
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9  -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Brother HL-5250DN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{573CECD8-4341-489C-AF34-3D7F086D711F}\SETUP.exe" -l0x9  -removeonly /uninst
Cisco Packet Tracer 5.3.2-->"C:\Program Files\Cisco Packet Tracer 5.3.2\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Applications-->C:\WINDOWS\Corel\Uninst32.exe
Crayola Magic 3D Coloring Book-->C:\WINDOWS\iun3401.exe C:\EAI\Magic
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fujitsu NetCOBOL Free Run-time-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{ED668272-E255-4CA9-8E0C-9DD6CF990416}
Fujitsu PowerCOBOL Free Run-time-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{99C80F31-E4AF-407B-B532-142303EBFB7E}
Google Chrome Frame-->"C:\Program Files\Google\Chrome Frame\Application\17.0.963.56\Installer\setup.exe" --uninstall --chrome-frame --system-level --verbose-logging
Google Chrome-->"C:\Program Files\Google\Chrome\Application\17.0.963.56\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft .NET Framework 1.1 Security Update (KB2656353)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word Viewer-->C:\Program Files\WordView\SETUP\Setup.exe /m
Mozilla Firefox 10.0.2 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Scheduler-->MsiExec.exe /I{81929079-8CA2-4378-BCAA-620C666BF531}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2491683)-->"C:\WINDOWS\$NtUninstallKB2491683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wmiiper-->MsiExec.exe /I{DE58B061-6936-4913-AA5C-682E49356D86}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Premier 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax Premier 2007-->C:\Program Files\TurboTax\Premier 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2007\Uninstall.log" -NoGui
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"
Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"
Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VIPRE Antivirus-->MsiExec.exe /I{7E36A3A4-9652-4200-AF89-C839CE4F1F2A}
VIPRE Antivirus-->MsiExec.exe /x {7E36A3A4-9652-4200-AF89-C839CE4F1F2A} /qf /l*v "%temp%\VIPRE_MsiUninstall.log" REMOVE=ALL
White Estate Software-->C:\WINDOWS\IsUninst.exe -fC:\Estate\Uninst.isu
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: GFI Software VIPRE
FW: Norton Internet Worm Protection (disabled)
FW: Comodo Personal Firewall

======System event log======

Computer Name: DELL
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 101141
Source Name: Tcpip
Time Written: 20120107223155.000000-300
Event Type: warning
User:

Computer Name: DELL
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 101092
Source Name: W32Time
Time Written: 20120106104550.000000-300
Event Type: warning
User:

Computer Name: DELL
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 101034
Source Name: Tcpip
Time Written: 20120104223214.000000-300
Event Type: warning
User:

Computer Name: DELL
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 100841
Source Name: W32Time
Time Written: 20111230104551.000000-300
Event Type: warning
User:

Computer Name: DELL
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 100594
Source Name: W32Time
Time Written: 20111223104549.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: DELL
Event Code: 439
Message: Catalog Database (884) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error -1032.

Record Number: 82469
Source Name: ESENT
Time Written: 20120112030355.000000-300
Event Type: error
User:

Computer Name: DELL
Event Code: 490
Message: svchost (884) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Record Number: 82468
Source Name: ESENT
Time Written: 20120112030355.000000-300
Event Type: error
User:

Computer Name: DELL
Event Code: 4118
Message: A content scan could not be completed on c:\.

Record Number: 81937
Source Name: Ci
Time Written: 20111225042844.000000-300
Event Type: error
User:

Computer Name: DELL
Event Code: 4147
Message: The IISADMIN service is not available, so virtual roots cannot be indexed.

Record Number: 81624
Source Name: Ci
Time Written: 20111215211538.000000-300
Event Type: warning
User:

Computer Name: DELL
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 81609
Source Name: Adobe Active File Monitor
Time Written: 20111215210634.000000-300
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Common Files\Fujitsu\COBOL;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Sonic\MyDVD;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"PT5HOME"=C:\Program Files\Cisco Packet Tracer 5.3.2

-----------------EOF-----------------


 Results of screen317's Security Check version 0.99.31  
 Windows XP Service Pack 3 x86  
 Internet Explorer 8  
``````````````````````````````
Antivirus/Firewall Check:

 Windows Firewall Disabled!  
 VIPRE Antivirus    
 Antivirus up to date!  
```````````````````````````````
Anti-malware/Other Utilities Check:

 Java(TM) SE Runtime Environment 6 Update 1
 Java(TM) 6 Update 2  
 Java(TM) 6 Update 4  
 Java version out of date!
  Adobe Flash Player    10.3.183.7 Flash Player out of Date!  
 Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:  
objlist.exe by Laurent

``````````End of Log````````````





Offline holeinshoe

  • Bronze Member
  • Posts: 16
Re: [In Progress] Trojan.Win32.Generic!SB.0 infection
« Reply #7 on: March 04, 2012, 09:29:19 pm »
QuickScan 32-bit v0.9.9.105
---------------------------
Scan date:  Sun Mar 04 21:59:14 2012
Machine ID: 685A7B62



No infection found.
-------------------



Processes
---------
             Adobe Version Cue™                      3944    C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
            AcroTray - Adobe Acrobat Distiller help  2476    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
            Apple Mobile Device Service              1380    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            CorelCENTRAL TM 9                        3788    C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
            CorelCENTRAL TM 9                        2900    C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
            Dell - DVDSentry                         1164    C:\WINDOWS\SYSTEM32\DSentry.exe
            Desktop Application Director 9           2404    C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
            DirectCD                                 2896    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
            FinePixViewer                            3568    C:\Program Files\FinePixViewer\QuickDCF.exe
            Firefox                                  3072    C:\Program Files\Mozilla Firefox\firefox.exe
            Firefox                                  3936    C:\Program Files\Mozilla Firefox\plugin-container.exe
            GFI AntiMalware Common SDK Merge Module  1796    C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
            GFI AntiMalware Common SDK Merge Module  2028    C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
            Intelliquest Reminder Application        2696    C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
            Intuit Update Service                    1516    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
            iTunes                                    664    C:\Program Files\iPod\bin\iPodService.exe
            iTunes                                   1488    C:\Program Files\iTunes\iTunesHelper.exe
            Java(TM) Platform SE 6 U4                2700    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
            LiveUpdate                               1396    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
            LogMeIn Backup                           1584    C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe
            Microsoft® Windows® Operating System     2680    C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
            Microsoft® Windows® Operating System     1992    C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
            Microsoft® Windows® Operating System     1536    C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
            Microsoft® Windows® Operating System     3188    C:\WINDOWS\SYSTEM32\notepad.exe
            Microsoft® Windows® Operating System     2712    C:\WINDOWS\SYSTEM32\notepad.exe
            Microsoft® Windows® Operating System     2256    C:\WINDOWS\SYSTEM32\notepad.exe
            Microsoft® Windows® Operating System     1208    C:\WINDOWS\SYSTEM32\spoolsv.exe
            OpenOffice.org 2.4                       3220    C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
            OpenOffice.org 2.4                       4000    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
            PhotoshopElementsDeviceConnect.exe       1740    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
            PhotoshopElementsFileAgent.exe           1348    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
            Pop-Up Stopper Free Edition              3680    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
            Support.com Scheduler and Command Dispa  3684    C:\Program Files\support.com\bin\tgcmd.exe
            SupportSoft sprtcmd                      3656    C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
            SupportSoft sprtsvc                       164    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
            Symantec Core Component                   208    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            VIPRE Antivirus                           932    C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
(verified)  Microsoft® Windows® Operating System     2840    C:\WINDOWS\explorer.exe
(verified)  Microsoft® Windows® Operating System     2388    C:\WINDOWS\SYSTEM32\alg.exe
(verified)  Microsoft® Windows® Operating System     1420    C:\WINDOWS\SYSTEM32\cisvc.exe
(verified)  Microsoft® Windows® Operating System      520    C:\WINDOWS\SYSTEM32\csrss.exe
(verified)  Microsoft® Windows® Operating System     3528    C:\WINDOWS\SYSTEM32\ctfmon.exe
(verified)  Microsoft® Windows® Operating System      348    C:\WINDOWS\SYSTEM32\fxssvc.exe
(verified)  Microsoft® Windows® Operating System      600    C:\WINDOWS\SYSTEM32\lsass.exe
(verified)  Microsoft® Windows® Operating System      588    C:\WINDOWS\SYSTEM32\services.exe
(verified)  Microsoft® Windows® Operating System      468    C:\WINDOWS\SYSTEM32\smss.exe
(verified)  Microsoft® Windows® Operating System     1308    C:\WINDOWS\SYSTEM32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1028    C:\WINDOWS\SYSTEM32\svchost.exe
(verified)  Microsoft® Windows® Operating System      972    C:\WINDOWS\SYSTEM32\svchost.exe
(verified)  Microsoft® Windows® Operating System      884    C:\WINDOWS\SYSTEM32\svchost.exe
(verified)  Microsoft® Windows® Operating System      816    C:\WINDOWS\SYSTEM32\svchost.exe
(verified)  Microsoft® Windows® Operating System      772    C:\WINDOWS\SYSTEM32\svchost.exe
(verified)  Microsoft® Windows® Operating System     3068    C:\WINDOWS\SYSTEM32\svchost.exe
(verified)  Microsoft® Windows® Operating System      156    C:\WINDOWS\SYSTEM32\svchost.exe
(verified)  Microsoft® Windows® Operating System      544    C:\WINDOWS\SYSTEM32\winlogon.exe
(verified)  Windows® Internet Explorer               1428    C:\Program Files\Internet Explorer\iexplore.exe
(verified)  Windows® Internet Explorer               3772    C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (1428) connected on port 80 (HTTP) --> 74.125.225.41
Process iexplore.exe (1428) connected on port 80 (HTTP) --> 184.85.95.139
Process iexplore.exe (1428) connected on port 80 (HTTP) --> 96.17.77.27
Process iexplore.exe (1428) connected on port 80 (HTTP) --> 184.73.239.233
Process iexplore.exe (1428) connected on port 80 (HTTP) --> 199.7.71.190
Process iexplore.exe (1428) connected on port 80 (HTTP) --> 184.73.239.233
Process iexplore.exe (1428) connected on port 80 (HTTP) --> 199.7.59.190
Process iexplore.exe (1428) connected on port 80 (HTTP) --> 92.122.50.162

Process svchost.exe (772) listens on ports: 3389 (Terminal Server)
Process svchost.exe (816) listens on ports: 135 (RPC)
Process tgcmd.exe (3684) listens on ports: 641


Autoruns and critical files
---------------------------
             Adobe Version Cue™                      C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
            AcroTray - Adobe Acrobat Distiller help  C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
            Adobe Systems, Inc. Adobe Gamma Loader   C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
            CorelCENTRAL TM 9                        C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
            CorelCENTRAL TM 9                        C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
            Dell - DVDSentry                         C:\WINDOWS\SYSTEM32\DSentry.exe
            Dell Support                             C:\Program Files\Common Files\Dell\EUSW\Support.exe
            Desktop Application Director 9           C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
            DirectCD                                 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
            Flash® Player Installer/Uninstaller      C:\WINDOWS\system32\Macromed\Flash\FlashUtil10w_Plugin.exe
            Google Updater                           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            Intelliquest Reminder Application        C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
            iTunes                                   C:\Program Files\iTunes\iTunesHelper.exe
            Java(TM) Platform SE 6 U4                C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
            LogMeIn                                  C:\WINDOWS\system32\LMIinit.dll
            Messenger                                C:\Program Files\Messenger\MSMSGS.EXE
            Microsoft Office XP                      C:\Program Files\Microsoft Office\Office10\OSA.EXE
            Microsoft® Windows® Operating System     C:\WINDOWS\System32\CRYPT32.dll
            Microsoft® Windows® Operating System     C:\WINDOWS\system32\cryptnet.dll
            Microsoft® Windows® Operating System     C:\WINDOWS\system32\cscdll.dll
            Microsoft® Windows® Operating System     C:\WINDOWS\System32\dimsntfy.dll
            Microsoft® Windows® Operating System     C:\WINDOWS\System32\logon.scr
            Microsoft® Windows® Operating System     C:\WINDOWS\system32\SHELL32.dll
            Microsoft® Windows® Operating System     c:\windows\system32\userinit.exe
            Microsoft® Windows® Operating System     C:\WINDOWS\system32\WlNotify.dll
            OGAEXEC.exe                              C:\WINDOWS\system32\OGAEXEC.exe
            Pop-Up Stopper Free Edition              C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
            PowerReg Scheduler                       C:\Documents and Settings\Daniel\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
            quickstart.exe                           C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
            QuickTime                                C:\Program Files\QuickTime\qttask.exe
            Registry Shaver                          C:\Program Files\REGSHAVE\REGSHAVE.EXE
            Support.com Scheduler and Command Dispa  C:\Program Files\support.com\bin\tgcmd.exe
            SupportSoft sprtcmd                      C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
            VIPRE Antivirus                          C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
(verified)  Google Update                            C:\Program Files\Google\Update\GoogleUpdate.exe
(verified)  Microsoft Genuine Advantage              C:\WINDOWS\system32\WgaLogon.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\BROWSEUI.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\SYSTEM32\ctfmon.exe
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\logonui.exe
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\sclgntfy.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\System32\stobject.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\WPDShServiceObj.dll
(verified)  Windows® Internet Explorer               C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
            AcDcToday ActiveX Control Module         C:\WINDOWS\Downloaded Program Files\AcDcToday.ocx
            AcroIEFavClient.dll                      C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
            AcroIEHelper Library                     C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
            Adobe Acrobat                            C:\Program Files\Internet Explorer\plugins\nppdf32.dll
            Adobe Acrobat                            C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
            Adobe® Flash® Player ActiveX             C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
            Allen i-Discover                         C:\Program Files\Internet Explorer\plugins\NPAla.dll
            AutoCAD Today                            C:\WINDOWS\Downloaded Program Files\AcPreview.ocx
            BitDefender QuickScan                    C:\WINDOWS\Downloaded Program Files\qsax.dll
            Google Chrome Frame                      C:\Program Files\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll
            Google Earth Plugin                      C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
            Google Update                            C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
            Google Updater                           C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
            GoogleToolbarNotifier                    C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
            i-drop control                           C:\WINDOWS\Downloaded Program Files\idrop.ocx
            IEAWSDC.DLL                              C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
            InstBanr ActiveX Control Module          C:\WINDOWS\Downloaded Program Files\InstBanr.ocx
            InstFred ActiveX Control Module          C:\WINDOWS\Downloaded Program Files\InstFred.ocx
            Java(TM) Platform SE 6 U4                C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
            LiveReg                                  C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll
            LMIProxyHelper.exe                       C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\oxsroyum.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
            LMIProxyHelper.exe                       C:\Program Files\Mozilla Firefox\plugins\LMIProxyHelper.exe
            LMIProxyHelper.exe                       C:\WINDOWS\Downloaded Program Files\LMIProxyHelper.exe
            Messenger                                C:\Program Files\Messenger\MSMSGS.EXE
            MetaStream 3 Plugin                      C:\Program Files\Mozilla Firefox\plugins\npViewpoint_03000F10.dll
            MetaStream 3 Plugin                      C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
            Microsoft (R) Windows (R) 95, Windows (  C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\oxsroyum.default\extensions\LogMeInClient@logmein.com\plugins\unicows.dll
            Microsoft (R) Windows (R) 95, Windows (  C:\Program Files\Mozilla Firefox\plugins\unicows.dll
            Microsoft (R) Windows (R) 95, Windows (  C:\WINDOWS\Downloaded Program Files\unicows.dll
            Microsoft(R) Money                       C:\WINDOWS\Downloaded Program Files\pmupd806.exe
            Microsoft® Windows Media Player Firefox  C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
            Microsoft® Windows® Operating System     C:\WINDOWS\System32\mswsock.dll
            Microsoft® Windows® Operating System     C:\WINDOWS\System32\nwprovau.dll
            Microsoft® Windows® Operating System     C:\WINDOWS\system32\rsvpsp.dll
            Microsoft® Windows® Operating System     C:\WINDOWS\System32\winrnr.dll
            npitunes.dll                             C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
            npRACtrl.dll                             C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\oxsroyum.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
            npRACtrl.dll                             C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
            NPSWF32.dll                              C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
            QuickTime Plug-in 7.2                    C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
            RACtrl.dll                               C:\WINDOWS\Downloaded Program Files\RACtrl.dll
            ractrlkeyhook.dll                        C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\oxsroyum.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
            ractrlkeyhook.dll                        C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
            RealJukebox NS Plugin                    C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
            RealJukebox NS Plugin                    C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
            RealPlayer Version Plugin                C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
            RealPlayer Version Plugin                C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
            RealPlayer(tm) G2 LiveConnect-Enabled P  C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
            RealPlayer(tm) G2 LiveConnect-Enabled P  C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
            RNT Live Collaboration                   C:\WINDOWS\Downloaded Program Files\RntX.dll
            Silverlight Plug-In                      c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
            Snapfish Plugin for Firefox              C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
            sprtexternal Module                      C:\WINDOWS\Downloaded Program Files\sprtexternal.dll
            SymAData Module                          C:\WINDOWS\Downloaded Program Files\SymAData.dll
            tgctlsi Module                           C:\WINDOWS\Downloaded Program Files\tgctlsi.dll
            Turner Media Plugin 1.0.0.10             C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
            Windows Genuine Advantage validation pl  C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
            Windows Presentation Foundation          c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
            Windows® Internet Explorer               C:\WINDOWS\system32\ieframe.dll
            Yahoo! Toolbar                           C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
            YInstHelper Module                       C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Missing files
-------------
File not found: C:\Documents and Settings\Daniel\Local Settings\Application Data\SupportSoft\ddoctorv2\Daniel\ssGet.exe
  --> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"Download"

File not found: C:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart
  --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Comodo Personal Firewall"

File not found: C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
  --> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"ServUTrayIcon"



Offline holeinshoe

  • Bronze Member
  • Posts: 16
Re: [In Progress] Trojan.Win32.Generic!SB.0 infection
« Reply #8 on: March 04, 2012, 09:31:01 pm »
Scan
----
MD5: 5dcd085ad9edd8b0bd097e3d5748b532  C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\oxsroyum.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
MD5: 5591f27442f5e5a25f16d1e676e1800a  C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\oxsroyum.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
MD5: 5914d0dcea6471f6c4be69a8a941a37d  C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\oxsroyum.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
MD5: e1102cedf0c818984c2aca2a666d4c5f  C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\oxsroyum.default\extensions\LogMeInClient@logmein.com\plugins\unicows.dll
MD5: 0419b153fbcad8c197e2212ebb5a23db  C:\Documents and Settings\Daniel\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
MD5: 44bcff08947790e74bd7cc7532d2b793  C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
MD5: fc7850324464e4d19a24a03d882b5cc4  C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
MD5: d16903b9431f799877ad6df13d16bda0  C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ATL.DLL
MD5: cfe5228556c93d03d6753e7953ccd4a9  C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
MD5: f2e08c274be0c6a15bd7ad88bbb0d3fe  C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\adistres.dll
MD5: 6288c33daa9d4d1405fb240977b46997  C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
MD5: fc9d93d13127e3252466d4a33039b54b  C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
MD5: d0f9f362023bf94cf58a1c3cdbbebe06  C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
MD5: e42f7b36b4d8866184e8df9776ca4226  C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
MD5: ec426ad27a93ae0d5af80ba3985186cd  C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll
MD5: c2fa196f8dd651f04e120c7214f18fd1  C:\Program Files\Comcast\Desktop Doctor\bin\LIBEAY32.dll
MD5: b2a36b8631e419808c50b8539bf9054b  C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
MD5: 3f88d3d7c8dc3f00aaf911f87050e853  C:\Program Files\Comcast\Desktop Doctor\bin\sprtevent.dll
MD5: 0a27e09ef67c8601d5922e7c13620825  C:\Program Files\Comcast\Desktop Doctor\bin\sprtfod.dll
MD5: 822864a90ec876032b370855bc4f7109  C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MD5: c3642edfe1f7fe8d2fc67d9541f7a8e6  C:\Program Files\Comcast\Desktop Doctor\bin\sprtsched.dll
MD5: c3716ec0d36ad924b6888d794563e647  C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
MD5: e8b876be73b87242e1abe519e1816e29  C:\Program Files\Comcast\Desktop Doctor\bin\sprtsync.dll
MD5: 4afe8423ea964c95dc0c6db0374b3ad7  C:\Program Files\Comcast\Desktop Doctor\bin\sprttrigger.dll
MD5: 47765eca8b3d855deb4397eca9c2ba36  C:\Program Files\Comcast\Desktop Doctor\bin\sprtui.dll
MD5: cbd9fa343c0786ec4e7e89a560fe14cd  C:\Program Files\Comcast\Desktop Doctor\bin\sprtupdate.dll
MD5: 5ddc0a8d2cd60bda593ddaf45821ce08  C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
MD5: 5cd0cd0ec4dc5df459b3ac016764f5aa  C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
MD5: 3a4982df893f198a2dfbccd4ce10f93a  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
MD5: 2105f746e58ed1cae31dc00efe530a7f  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll
MD5: 0267fe36edcd25de84ab31bf0c9c095d  C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
MD5: a01f6031098da2736c9a619d4c1b9342  C:\Program Files\Common Files\Dell\EUSW\Support.exe
MD5: 1a263bd87c082fa7ab38093014c8fc79  C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
MD5: 99f61912c73c2fe1818c3a9fc615fc89  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MD5: c1c706751f0499747da9442c2679a0b7  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MD5: 23c1ed2abcabaf64e6803d1f7858b455  C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
MD5: 9e7ad06fa0193e3d8c62c85140287d5b  C:\Program Files\Corel\WordPerfect Office 2000\programs\calframe.dll
MD5: 43774ce68c1e98209093db1cd3fac0b7  C:\Program Files\Corel\WordPerfect Office 2000\programs\calui.dll
MD5: 2cf14458318d84e7c8e3ac304190dac9  C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
MD5: 3fd14febd70a3342c8ce39218ddce2e3  C:\Program Files\Corel\WordPerfect Office 2000\programs\clfxdata.dll
MD5: 2f843204c40d1ee645c2a62838ea5a17  C:\Program Files\Corel\WordPerfect Office 2000\programs\crlctl90.dll
MD5: e086c4cb8351b24dd1e31a29ff778c83  C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
MD5: 33bf510408928c5a114941a749128fb5  C:\Program Files\Corel\WordPerfect Office 2000\programs\icaplib.dll
MD5: 81c8e48474efb6a067f5cea77e6062af  C:\Program Files\Corel\WordPerfect Office 2000\programs\WStr9.dll
MD5: 37ee6cf926bcb441bfa81d022b71c507  C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
MD5: 8558aed89fd5004f517184f354faf6af  C:\Program Files\FinePixViewer\QuickDCF.exe
MD5: 465f7165cb6664217db94aeac071d93d  C:\Program Files\GFI Software\VIPRE\Definitions\lgpl.dll
MD5: 1e5e794e88d44d2fee68c548f19c5246  C:\Program Files\GFI Software\VIPRE\Definitions\lib7zip.dll
MD5: ddbafb9ab0aebff20f7277de1ae689b4  C:\Program Files\GFI Software\VIPRE\Definitions\libBase64.dll
MD5: c65ef57bf82fc5073ec14bc72d3369ae  C:\Program Files\GFI Software\VIPRE\Definitions\libEmail.dll
MD5: 3652317566ef95e83a6cfcfdea95101d  C:\Program Files\GFI Software\VIPRE\Definitions\libMachoUniv.dll
MD5: 8fe347ba66c1bb263c3e899a9f3c902d  C:\Program Files\GFI Software\VIPRE\Definitions\libMsCab.dll
MD5: a48b38e7d320f35e4d6e4e7d76b8200f  C:\Program Files\GFI Software\VIPRE\Definitions\libMsi.dll
MD5: d4af250e7fe944095c9634412a1e4de5  C:\Program Files\GFI Software\VIPRE\Definitions\libNSIS.dll
MD5: a069b0d70f444aa1ca447358cc554c6c  C:\Program Files\GFI Software\VIPRE\Definitions\libOleA.dll
MD5: ede89fadb616ad30fc07fbfeb05f6d41  C:\Program Files\GFI Software\VIPRE\Definitions\libRar.dll
MD5: 79a7e4516006a0fccee6cc43baaeaa01  C:\Program Files\GFI Software\VIPRE\Definitions\libRTF.dll
MD5: 580e1f379ef6cb66ceb380cc2bcb89ef  C:\Program Files\GFI Software\VIPRE\Definitions\libtd.dll
MD5: 32e6334f2a13a1b0ff48c546099f49ef  C:\Program Files\GFI Software\VIPRE\Definitions\libVvs.dll
MD5: a62a2d4331f563c051bf0a9ee87b1d39  C:\Program Files\GFI Software\VIPRE\Definitions\libZip.dll
MD5: 04c84ba54ecdac2ee7e6a30d017daf86  C:\Program Files\GFI Software\VIPRE\Definitions\remediation.dll
MD5: 60dc4f7db7d9200c982457793cb67a61  C:\Program Files\GFI Software\VIPRE\Definitions\vcore.dll
MD5: 6b59e42d12d76455e1657df2bfd47c90  C:\Program Files\GFI Software\VIPRE\kbu.dll
MD5: 9ce7bd04edf43a81685030ff09e7f4d7  C:\Program Files\GFI Software\VIPRE\mimepp.dll
MD5: 7809e484a1c765c7e8289e81d00f0bf4  C:\Program Files\GFI Software\VIPRE\Plugins\PI_PatchMonitor.dll
MD5: e0decab154b8346cba80cb15e1683295  C:\Program Files\GFI Software\VIPRE\Plugins\PI_Recovery.dll
MD5: 88bf2213eeaa8d9772d25528ab2baf90  C:\Program Files\GFI Software\VIPRE\SBAMRes.dll
MD5: e745f6fa032378f79af7f4640a525935  C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
MD5: c81e910f6207a32bf7ebe4a1ec3094e7  C:\Program Files\GFI Software\VIPRE\SBAMSvcPS.dll
MD5: ee48fabe458cb7fcd385e82e21dd9ccc  C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
MD5: fc237d7408ae1bdf66d84d850b87cbdc  C:\Program Files\GFI Software\VIPRE\sbap.dll
MD5: 0e83412d113fac03d7eef896142720e5  C:\Program Files\GFI Software\VIPRE\SBArva.dll
MD5: 0e8d09e1fb358726d6ed16b16ed7e99e  C:\Program Files\GFI Software\VIPRE\SbHips.dll
MD5: 70bb55aef22fc0a14c374c6de2fcb7a0  C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
MD5: cdbad59f0a177d65f22f3487488d2ebf  C:\Program Files\GFI Software\VIPRE\SBRE.dll
MD5: b94508c31931b82cb680f74de06e4126  C:\Program Files\GFI Software\VIPRE\SBTE.dll
MD5: 0f5dd7e6390daeaf5f940b8b832f3081  C:\Program Files\GFI Software\VIPRE\SBTIS.DLL
MD5: 2d713cacd934aef9b63b914112e8d4dd  C:\Program Files\GFI Software\VIPRE\SpursDownload.dll
MD5: a5fe51b8ce661a935a165803c65a4bf1  C:\Program Files\GFI Software\VIPRE\unrar.dll
MD5: 77c877580a7e77fa4eced585e7f00346  C:\Program Files\GFI Software\VIPRE\Vipre.dll
MD5: 85af65676cf876d239e99af9a443a2b9  C:\Program Files\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll
MD5: 408ddd80eede47175f6844817b90213e  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
MD5: 2437be68d5a37a75fad51c5f0e9a03ed  C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 358878e398ab0fb8b1ee176c2e3edf48  C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
MD5: 27626506e07795bb6357f7f2ef78a90b  C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
MD5: 737351f39fef765234037770abdd72bd  C:\Program Files\Intel\NCS\Sync\NetSvc.exe
MD5: 630a79b805ce654edb42d27ed0269a0e  C:\Program Files\Internet Explorer\ieproxy.dll
MD5: d4e3c718a6fa3d9908bf5a33dddb56bc  C:\Program Files\Internet Explorer\plugins\NPAla.dll
MD5: 120e05477ebaec62a104994fe6bc5638  C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: d99e62c440b4a0463baa47b1256ff0a7  C:\Program Files\Internet Explorer\xpshims.dll
MD5: bb013ee2f4c221eafc82b37fcaa0e22c  C:\Program Files\iPod\bin\iPodService.exe
MD5: 2b6396358e3dda3620da7c583213ac7d  C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
MD5: e421c3a56a02f8aee07c7f8fc318a072  C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
MD5: a5f44e24650d5c0bd1f7fa503986d26d  C:\Program Files\iTunes\iTunesHelper.exe
MD5: 0db2f30ba7259d8fd6db054da4aa364b  C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 88ad628119bff811a0abd1c4160cf5cd  C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 2771f260285fbf5450d99aaaa9246056  C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: 9cc69118fdcbf17119f814fc0a65ca06  C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
MD5: f10499962c264bb9e7cbbb9c4a428567  C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
MD5: 696166c6faa0f64abadfa77619869a7b  C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe
MD5: cffed388f163e0f03173152be5e6eb08  C:\Program Files\LogMeIn Backup\LogMeInBackupService.exe
MD5: 500f1e4461075d602ce77109a9a3d634  C:\Program Files\LogMeIn\x86\RaMaint.exe
MD5: 3e930c641079443d4de036167a69caa2  C:\Program Files\Messenger\MSMSGS.EXE
MD5: 72a0df237f9118f18ad136e99266e816  C:\Program Files\Microsoft Office\Office10\msohev.dll
MD5: 5bc65464354a9fd3beaa28e18839734a  C:\Program Files\Microsoft Office\Office10\OSA.EXE
MD5: ed327201724ea05d509b7939abe49e98  c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
MD5: 8af8fea948b0c49d2597abbacb0ca8e3  C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 5ac757ae411cbc603c33c85f81f8657d  C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 398e71ede86231363cb9f8015bc084bb  C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 0e99a9ad298ffd26e5175ff878fd1ee6  C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 1a6eb3dcdf9ca245a72256c201bc634a  C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: 215b04a884d317d4178cea98d72fc1c6  C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: c87056e9c1275f677b22709062045d1d  C:\Program Files\Mozilla Firefox\mozutils.dll
MD5: e5660e4ff41b78a4ef124cad74ef8235  C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: dd423b329545f2a418d8f21dd6eacefb  C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 6d562d2205ff1fe01ba98895365dac65  C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 4b794824f6dad4cdf778c4859659efcc  C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: a5a6d3c5f09ac5aaa27257145d65c5aa  C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 8405298d1fc081eded576e5235b5eb86  C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 9370c8b9f4a0ac3d29286a9001585b07  C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 196f6e8fbc7043a867c8f428e40530e8  C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 5dcd085ad9edd8b0bd097e3d5748b532  C:\Program Files\Mozilla Firefox\plugins\LMIProxyHelper.exe
MD5: 99f97c9fe748c37528c338a423577fcb  C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
MD5: 3d517fb31183102863a874c3325c3719  C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
MD5: 120e05477ebaec62a104994fe6bc5638  C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: e2b8c15caab06c6389184f23bac5ad6f  C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 5efb2fb3bb35200434fce38d4819979c  C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: acd6480ab0f33851630f7783660b4ebb  C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
MD5: 3d304c8a8aa570169d87b0fc1701a864  C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
MD5: 4b2f61dca7db661570828dce5d302525  C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
MD5: d9a954a5de1a449f3ca6d77003e94605  C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
MD5: 0633acdf6934b7e44e65acbd795b6c6f  C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
MD5: 6856ba1edd67e3799e276cf456593f81  C:\Program Files\Mozilla Firefox\plugins\npViewpoint_03000F10.dll
MD5: 5914d0dcea6471f6c4be69a8a941a37d  C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
MD5: e1102cedf0c818984c2aca2a666d4c5f  C:\Program Files\Mozilla Firefox\plugins\unicows.dll
MD5: 8758a45cbd80fbd634b7effae79eb993  C:\Program Files\Mozilla Firefox\smime3.dll
MD5: d420fe6e813343b1f9cea3435ed81f84  C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 358288745995fbf7708499d08eac747e  C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: d45aec71a660954540621a1625ea89a9  C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: ef15a64d4a5bf58f82c8c3863e1f9d25  C:\Program Files\Mozilla Firefox\xul.dll
MD5: ed9d340c80311cc28bfb2d280fd7ef2e  C:\Program Files\OpenOffice.org 2.4\program\basegfx680mi.dll
MD5: 5f68156cc863a4893ef5d28811aadb52  C:\Program Files\OpenOffice.org 2.4\program\behelper.uno.dll
MD5: c18405c284e03a035674626b6f8e2fec  C:\Program Files\OpenOffice.org 2.4\program\bootstrap.uno.dll
MD5: 8dc11b97a27a76a6228bdfffc31dc5c9  C:\Program Files\OpenOffice.org 2.4\program\comphelp4MSC.dll
MD5: 9d68ce7cb9619d4f9285be56671290f8  C:\Program Files\OpenOffice.org 2.4\program\configmgr2.uno.dll
MD5: 0fe2a4ad829a8bf048e8403e4fb84863  C:\Program Files\OpenOffice.org 2.4\program\cppu3.dll
MD5: f12529486a4d9be21eccac79c1659a8a  C:\Program Files\OpenOffice.org 2.4\program\cppuhelper3MSC.dll
MD5: e5d3d7f604d7a3c818b5c55dd81c3998  C:\Program Files\OpenOffice.org 2.4\program\emser680mi.dll
MD5: 911bb572c13e9e91191bcf68793092e5  C:\Program Files\OpenOffice.org 2.4\program\fwe680mi.dll
MD5: eaea2603588ba21614df0ddc4dab5c3e  C:\Program Files\OpenOffice.org 2.4\program\fwi680mi.dll
MD5: 460934aa0b8d57224cd5c2649d1d611a  C:\Program Files\OpenOffice.org 2.4\program\fwk680mi.dll
MD5: f31978065ce48e8c36266b543f7bce8c  C:\Program Files\OpenOffice.org 2.4\program\fwl680mi.dll
MD5: 08b65dcf5dc0f716c54ecf49472e6741  C:\Program Files\OpenOffice.org 2.4\program\fwm680mi.dll
MD5: 53a7980bc4c678105ad17d1de896da5f  C:\Program Files\OpenOffice.org 2.4\program\i18nisolang1MSC.dll
MD5: e0116a7ddc53879d680cd21c0c6ed0b1  C:\Program Files\OpenOffice.org 2.4\program\icudt36l.dll
MD5: c21051f8b6aab3ed876452fe42fabfe9  C:\Program Files\OpenOffice.org 2.4\program\icuuc36.dll
MD5: 3371552974a3ed2fe87e34da2eee9352  C:\Program Files\OpenOffice.org 2.4\program\j680mi_g.dll
MD5: c76073efc3ab10c969518158769f799c  C:\Program Files\OpenOffice.org 2.4\program\jvmaccess3MSC.dll
MD5: 58164e82f388a977c5256e38836b0e01  C:\Program Files\OpenOffice.org 2.4\program\jvmfwk3.dll
MD5: 9904e288bb07d42779d13d5763725fe6  C:\Program Files\OpenOffice.org 2.4\program\libxml2.dll
MD5: 608b269126a4065160c304db0f46d05a  C:\Program Files\OpenOffice.org 2.4\program\localebe1.uno.dll
MD5: 322f0e371797265b205f5498036ecfc9  C:\Program Files\OpenOffice.org 2.4\program\msci_uno.dll
MD5: 2e2979f7b243b041c3bf224c7f074071  C:\Program Files\OpenOffice.org 2.4\program\oleautobridge.uno.dll
MD5: 17d3603f48f24549af8348ad39a634a9  C:\Program Files\OpenOffice.org 2.4\program\purpenvhelper3MSC.dll
MD5: f5ceccfe0cf964b209dcab226d4c1de3  C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
MD5: 195b5314a8f829219d6b8e36a7680768  C:\Program Files\OpenOffice.org 2.4\program\reg3.dll
MD5: c8a56d81eef4c5eb2287e6c0b2728384  C:\Program Files\OpenOffice.org 2.4\program\sal3.dll
MD5: 02e625683443b6be6ff736a18b81411e  C:\Program Files\OpenOffice.org 2.4\program\salhelper3MSC.dll
MD5: effce695ecfdaeb538af73c0dee03c66  C:\Program Files\OpenOffice.org 2.4\program\sax.uno.dll
MD5: ffd445c89589f7359897f45c9f005a11  C:\Program Files\OpenOffice.org 2.4\program\sb680mi.dll
MD5: 536e2baebcf66a32ad950c8fe8e94f22  C:\Program Files\OpenOffice.org 2.4\program\sfx680mi.dll
MD5: 6caad84e67a4c29efede6c7cdc369158  C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
MD5: a1e80d64fcd01cd6ad83ccc46051366f  C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
MD5: fe4f7aadab104194d899e5b8b8b51cf0  C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
MD5: 0b5f1bce79993015a8dbcc1ea51578a3  C:\Program Files\OpenOffice.org 2.4\program\sot680mi.dll
MD5: 0c79e141a79474c8b6631b1a4796e6fe  C:\Program Files\OpenOffice.org 2.4\program\stlport_vc7145.dll
MD5: e8fa2f9a79cd0ce16cbcff551f8ff8e1  C:\Program Files\OpenOffice.org 2.4\program\stocservices.uno.dll
MD5: fd2dfe22ab73342729328eb22737f10c  C:\Program Files\OpenOffice.org 2.4\program\store3.dll
MD5: 695c56f1a838b98b5799606768c7cca6  C:\Program Files\OpenOffice.org 2.4\program\svl680mi.dll
MD5: 094402089a4770ab3d6783be16843505  C:\Program Files\OpenOffice.org 2.4\program\svt680mi.dll
MD5: 11a2f4c79a392d6a12091866e8aa31db  C:\Program Files\OpenOffice.org 2.4\program\sysmgr1.uno.dll
MD5: f012310327a544795ca9ebdad18f97fd  C:\Program Files\OpenOffice.org 2.4\program\tk680mi.dll
MD5: 4da65aeda1ef1ec1acdddee47283373d  C:\Program Files\OpenOffice.org 2.4\program\tl680mi.dll
MD5: 6203c8e0f0d5a90eb5b2408ecc1d9de3  C:\Program Files\OpenOffice.org 2.4\program\ucb1.dll
MD5: 8269bde824a52183b75f9e1f5e92c960  C:\Program Files\OpenOffice.org 2.4\program\ucbhelper4MSC.dll
MD5: fd398e3b9049180e497555b1a379ac95  C:\Program Files\OpenOffice.org 2.4\program\ucpfile1.dll
MD5: 9d52fde7f5d145307b452a48c4790f19  C:\Program Files\OpenOffice.org 2.4\program\unsafe_uno_uno.dll
MD5: d1d05f7b2d3f8116a37bf51196da6458  C:\Program Files\OpenOffice.org 2.4\program\utl680mi.dll
MD5: de83dbb874f6c090c72638cf3d0b4840  C:\Program Files\OpenOffice.org 2.4\program\uwinapi.dll
MD5: e02cfb9f80453081e2b902335a2a04bd  C:\Program Files\OpenOffice.org 2.4\program\vcl680mi.dll
MD5: 495a9d6e831986285299cde745c06995  C:\Program Files\OpenOffice.org 2.4\program\vos3MSC.dll
MD5: a0de8d4950cbc1e908c9cf5a1b72de36  C:\Program Files\OpenOffice.org 2.4\program\xcr680mi.dll
MD5: e436db5d972bdbb83aed402f9024602e  C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
MD5: 8abfc776b307813d365751250356c988  C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XA\psgain3.dll
MD5: cfe94eed87d1dbf01770bb037bc8ad21  C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XA\psie6.dll
MD5: c5771cd79b86e94a8fdd57b6aefe0381  C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XA\psns4.dll
MD5: 06467bd6e47f82ff2fd0237d1ada6832  C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XA\PSNS7.dll
MD5: 6512a7dd8ab13cd24d89fde39bd777f2  C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XA\pswmsg.dll
MD5: 2d20891061917ba9bcae019feff311c4  C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll
MD5: 1bf43fa9cf3d2e56d5b5aa3543407225  C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx
MD5: c449b0285a3457a7a0a4b98d92435624  C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 99e671be6c578fc66ca24d2bfb5f80ee  C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx
MD5: 13de9c784b15ecc72a3ef70455d6d68a  C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx
MD5: ad6148ec4f1f479e764b62a58336841a  C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx
MD5: 9f97418382e5e6b6f0f7a9e10c756b4d  C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx
MD5: f5a503f84f603ed47224ec3de3c472bb  C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx
MD5: ffe3388ffd97fdd6e9c37ddd05311c9e  C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx
MD5: 06df3bb0f91c6b5237860a4325c9be3f  C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx
MD5: 7aaffa5ff4f1c5fc8b1c1c42f1167504  C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx
MD5: de9ad88532c0d9c92b219141a5acb809  C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx
MD5: 2cef48a5aa5c07f3c4863678080c4d51  C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx
MD5: 138b0a16b322e50d9c48f8c019293258  C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx
MD5: 858a6a797097e144f2a1cb9a4c4a9d3c  C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx
MD5: a500da7debadba691ee43178a75fd253  C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx
MD5: b081d605562c7e42d49b53de4f5cc063  C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx
MD5: 667cd3bc1f067ffcbcef2b107f75977c  C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.qtx
MD5: 63f53ed0a839b41db2365c64ba0d302c  C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx
MD5: d8947e45fc75a65d3208fb52e1a40858  C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx
MD5: 941f2bfa43bb8abde5ff702c830447c8  C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx
MD5: 8644df210ea6e46544c89a786cffa85f  C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx
MD5: 49ccfbe5d5225b9d3cc78c09dee147d0  C:\Program Files\QuickTime\qttask.exe
MD5: e2b8c15caab06c6389184f23bac5ad6f  C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 3d304c8a8aa570169d87b0fc1701a864  C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 4b2f61dca7db661570828dce5d302525  C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
MD5: 552e9ca7b91120fb7d49cd5c10018dc3  C:\Program Files\REGSHAVE\REGSHAVE.EXE
MD5: 5c108285912bf248466129efd255b219  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\CDUDFLIB.dll
MD5: be3238a165afb321f1696cc1ff9ef271  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
MD5: 428edc561bb77711633e50e569b75769  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\UDFRWLIB.dll
MD5: b8ce229eb356ac23926e3fe89b4669b0  C:\Program Files\support.com\bin\tgcmd.exe
MD5: 45daab5a2b1815e6a0fd6f2165a13f17  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
MD5: e9000819976ed91686f34a6c727b45ab  C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
MD5: 1e06def75ccf5796c75c2e46e57c5c0a  C:\Program Files\Yahoo!\Companion\Installs\cpn0\pubmod.dll
MD5: 1ab322d59eb28e6695a66e22a72d8485  C:\Program Files\Yahoo!\Companion\Installs\cpn0\ypubc.dll
MD5: 045efaae4617c8883dfc840c6685c390  C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
MD5: e436db5d972bdbb83aed402f9024602e  C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
MD5: ff7075265691c741afd2f756559a10d5  C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
MD5: 310c15fd8358b2c4cd7a5b98a112883f  C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: bd1e2bb8c96105353078ad23ff5489d0  C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MD5: 16f96c1496cbd0965285ab19a9271d02  C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MD5: 9631b15db7c43c267636ff43c3075e07  C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MD5: f054572a92573ca32d5f3aa8c15d2bac  C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MD5: 090f0c209849df6bf42c4bc3a212ed24  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MD5: 375fd11c25f5e43e0d1620fd6114baba  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MD5: d773437cf8acad89d87a830b663fd225  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MD5: 7edf1a41e9c31dce28bd71d6142534cc  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MD5: 24291b61ab7a21cdeb3fac7a03995bbe  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MD5: 1662f856443dd09a68d99f5f713c0a52  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MD5: b6717998521608d6fbb47df831317d13  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MD5: 55c9b75102b54fa486a0bc5462e95fe4  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MD5: e247301b09b5cffa332a00f1b7bb55f7  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MD5: 34dcf0e4754f8fa599e33aa444742481  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MD5: 58ed45bfb06ec7c6b7d151b77247e4b3  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MD5: 8da93d9a662e4ba18802bc6c2ccacd66  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MD5: 5ac46a3a31bc58e512c4cafd87327922  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MD5: 04de2774c2a6602da45e9e76d46bc071  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MD5: 7e1174e9a3d17855680e144aa5d130a1  C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MD5: c1c4025b5f5311ac8bcc318b0c244d58  C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MD5: 179cc375c81b39902825abfe3a7cd49d  C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MD5: 2849f13593d2712ccb97ffbdd3c1232e  C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MD5: 50d2943d426ba91771ad87fdec802ac3  C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MD5: 2045a75f511fb99f5b3369e49e0837a2  C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MD5: eb97291e3c9e0035b47b45dbb1af710d  C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MD5: 47b341f0931d6d11364145ffc6bbb1e7  C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MD5: 516fd7927172bbbe2d335ea94d816b9e  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MD5: 3943907a519731f925511e75db92e6f4  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MD5: 3d950983cbfac3a1aa35696810c2e9bf  C:\WINDOWS\Downloaded Program Files\AcDcToday.ocx
MD5: e24d3b63bc9aa3fc9c0ed1871b7b4fe7  C:\WINDOWS\Downloaded Program Files\AcPreview.ocx
MD5: c52dbb7905b2ad6e476d4450e4d4b7a5  C:\WINDOWS\Downloaded Program Files\idrop.ocx
MD5: bcd0a5c3c1715c363cb3f321abe31514  C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
MD5: 7f9441faf5865b07dac75edb1deff408  C:\WINDOWS\Downloaded Program Files\InstBanr.ocx
MD5: 7277db945e523480c7b23dc718b192c3  C:\WINDOWS\Downloaded Program Files\InstFred.ocx
MD5: 5dcd085ad9edd8b0bd097e3d5748b532  C:\WINDOWS\Downloaded Program Files\LMIProxyHelper.exe
MD5: c8febea460aad5c1b6817f9676e03f78  C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll
MD5: 15a227de3b2434bbdd345d3bf432fd47  C:\WINDOWS\Downloaded Program Files\pmupd806.exe
MD5: bb7fcdcd4de287340b5c1bb1949ad3c6  C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: c85e52e65db0b65586f89ac31d7aa98d  C:\WINDOWS\Downloaded Program Files\RACtrl.dll
MD5: 8876464e526f1f1742d52656fbdf69c7  C:\WINDOWS\Downloaded Program Files\RntX.dll
MD5: 2057258750da5e9f61ee522d5e61ff35  C:\WINDOWS\Downloaded Program Files\sprtexternal.dll
MD5: d39c8355d0587b6a3fd2325da7e2919c  C:\WINDOWS\Downloaded Program Files\SymAData.dll
MD5: f9583cbb3ff35e9bee62019a7a77fe66  C:\WINDOWS\Downloaded Program Files\tgctlsi.dll
MD5: e1102cedf0c818984c2aca2a666d4c5f  C:\WINDOWS\Downloaded Program Files\unicows.dll
MD5: 4c0658e518fa9d08e884db717a7087ae  C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
MD5: 219af0f9a54ebeeb3e7e20025d801034  c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
MD5: 860fad57b4668a9f5f350a9d5444ae89  c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
MD5: ea3af33a9341b88d23fdc20d6ec826fe  c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
MD5: 2bac92e8ac5e16ed60062e9141b8d5f6  c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: bf88feadc7786ea328bdcc5cb116de89  c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 36ba8022693af7e967359ff3f97531d7  c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll
MD5: 327de7a9766cc9aa302c8d7f3925c8ce  c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67  c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: f7b835130ea8a6d900ed425cff42e394  c:\windows\srchasst\srchctls.dll
MD5: 36fb831c6bda449730dead22901c7fc0  c:\windows\srchasst\srchui.dll
MD5: 381915766c2a5e47a7db95423ce09a16  C:\WINDOWS\System32\AdobePDF.dll
MD5: 9b2e14f4d66a59306584566a705f8cdd  C:\WINDOWS\system32\bitsprx2.dll
MD5: 97ae3a4180cab360f44f7f03e5e0f409  C:\WINDOWS\system32\bitsprx4.dll
MD5: 0746ce042ac108e82676ac3f12f1873c  C:\WINDOWS\system32\cdral.DLL
MD5: 11212802dedd15934af1268c664f5d63  C:\WINDOWS\system32\CDRTC.DLL
MD5: 582304f6f1946fa5068cf143d729d7ed  C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
MD5: 93afb83fbc1f9443cac722fca63d73bf  C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0  C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006  C:\WINDOWS\system32\corpol.dll
MD5: a90e118f12d355f9946dfb30a8f94609  C:\WINDOWS\System32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b  C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11  C:\WINDOWS\system32\cscdll.dll
MD5: dd40363abad230a84c5e2178b11efa88  C:\WINDOWS\system32\CSRSRV.dll
MD5: 0607cbc6fa20114cb491efe4b2f9efad  C:\WINDOWS\system32\d3d9.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52  C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d  C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac  C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2  c:\windows\system32\dnsrslvr.dll
MD5: 914a9709fc3bf419ad2f85547f2a4832  C:\WINDOWS\System32\DRIVERS\61883.sys
MD5: 11c04b17ed2abbb4833694bcd644ac90  C:\WINDOWS\system32\drivers\aeaudio.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9  C:\WINDOWS\System32\drivers\afd.sys
MD5: 2d030c2f6b036ca0bc243e1b16d924d1  C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys
MD5: f8e6956a614f15a0860474c5e2a7de6b  C:\WINDOWS\System32\DRIVERS\avc.sys
MD5: f934d1b230f84e1d19dd00ac5a7a83ed  C:\WINDOWS\System32\DRIVERS\bridge.sys
MD5: 2fe6d5be0629f706197b30c0aa05de30  C:\WINDOWS\System32\drivers\BrPar.sys
MD5: 98b46b331404a951cabad8b4877e1276  C:\WINDOWS\System32\DRIVERS\e100b325.sys
MD5: 6e883bf518296a40959131c2304af714  C:\WINDOWS\System32\DRIVERS\el90xbc5.sys
MD5: 4ac51459805264affd5f6fdfb9d9235f  C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
MD5: 4236e014632f4163f53ebb717f41594c  C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys
MD5: 06b7ef73ba5f302eecc294cdf7e19702  C:\WINDOWS\System32\DRIVERS\i81xnt5.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0  C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
MD5: 1477849772712bac69c144dcf2c9ce81  C:\WINDOWS\System32\DRIVERS\msdv.sys
MD5: 0109c4f3850dfbab279542515386ae22  C:\WINDOWS\System32\DRIVERS\ndistapi.sys
MD5: 53d5f1278d9edb21689bbbcecc09108d  C:\WINDOWS\System32\DRIVERS\omci.sys
MD5: c90018bafdc7098619a4a95b046b30f3  C:\WINDOWS\System32\DRIVERS\p3.sys
MD5: da86016f0672ada925f589ede715f185  C:\WINDOWS\system32\drivers\pfc.sys
MD5: b5dfb86a6caeae9b2bf3dedb43be6393  C:\WINDOWS\System32\Drivers\PxHelp20.sys
MD5: 84a24af5ef9f18f441ff28f3a7ce9c62  C:\WINDOWS\system32\drivers\sbaphd.sys
MD5: a0bb2fb6749e357d4342e1eabaaea79e  C:\WINDOWS\system32\drivers\sbapifs.sys
MD5: 1fd538c4feb36b793d2121f20bbdc16f  C:\WINDOWS\system32\drivers\SBREdrv.sys
MD5: 4db526c1d725ba71b301cf9ff883715a  C:\WINDOWS\system32\drivers\sbtis.sys
MD5: 31fd0707c7dbe715234f2823b27214fe  C:\WINDOWS\system32\drivers\smwdm.sys
MD5: e78cd3bb53a208dfab8fc826384307e0  C:\WINDOWS\System32\DRIVERS\sonyhcb.sys
MD5: 610f515fcd95d37f3252e1c250ef8c61  C:\WINDOWS\System32\DRIVERS\sonyhcs.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7  C:\WINDOWS\System32\DRIVERS\srv.sys
MD5: b226f8a4d780acdf76145b58bb791d5b  C:\WINDOWS\system32\drivers\symlcbrd.sys
MD5: bee793d4a059caea55d6ac20e19b3a8f  C:\WINDOWS\System32\DRIVERS\usb8023.sys
MD5: 7b5b44efe5eb9dadfb8ee29700885d23  C:\WINDOWS\System32\DRIVERS\wADV01nt.sys
MD5: eb1f6bab6c22ede0ba551b527475f7e9  C:\WINDOWS\System32\DRIVERS\wADV02NT.sys
MD5: 03ce989d846c1aa81145cb22fcb86d06  C:\WINDOWS\System32\DRIVERS\wADV05NT.sys
MD5: d83bdd5c059667a2f647a6be5703a4d2  C:\WINDOWS\System32\DRIVERS\wATV01nt.sys
MD5: ed968d23354daa0d7c621580c012a1f6  C:\WINDOWS\System32\DRIVERS\wATV02NT.sys
MD5: d738273f218a224c1ddac04203f27a84  C:\WINDOWS\System32\DRIVERS\wATV04nt.sys
MD5: 0052d118995cbab152daabe6106d1442  C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys
MD5: 525849b4469de021d5d61b4db9be3a9d  C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys
MD5: 589c2bcdb5bd602bf7b63d210407ef8c  C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys
MD5: 3bc0b332cac05c40a0c42122a6c4bfc0  C:\WINDOWS\SYSTEM32\DSentry.exe
MD5: f5b754cdea20bbb3a31e16a776ede6d6  c:\windows\system32\ESENT.dll
MD5: 303a63f4b913aa5d8998161cb77a8ce7  C:\WINDOWS\system32\feclient.dll
MD5: 328753f4b6578b7c7d931a2310e674c4  C:\WINDOWS\system32\Fxdb.dll
MD5: 2d583e2844fdd592d1629eb6b10e5702  C:\WINDOWS\system32\fxsroute.dll
MD5: 0ce5f8ae9c371a965d17e3f2ed134809  C:\WINDOWS\system32\fxst30.dll
MD5: 1144ef6b4bb72e33b41912ae1ae4f97a  C:\WINDOWS\system32\FXSTIFF.dll
MD5: 00d09bd84554d76671dc18f60ba1dbb9  C:\WINDOWS\system32\hyperxmonnt.dll
MD5: 2c849ef63c0086287e427bf65fc64d09  C:\WINDOWS\system32\ieframe.dll
MD5: b43140c2edc49c4b7c140f1f4e3f6877  C:\WINDOWS\system32\iepeers.dll
MD5: e236ecb439a9e824fab18c49d6526136  C:\WINDOWS\system32\iertutil.dll
MD5: 63e8d944afbeebb243f25c4ed07e74c5  C:\WINDOWS\system32\inetmib1.dll
MD5: b6932761058dc21beaa7a1245b1b20e6  C:\WINDOWS\system32\infosoft.dll
MD5: 1206e36eb45cd0372fa200b3b0bb7841  C:\WINDOWS\system32\javacypt.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9  C:\WINDOWS\System32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae  C:\WINDOWS\system32\kerberos.dll
MD5: 20fa028cb6506591a99c51432a3c0174  C:\WINDOWS\system32\LangWrbk.dll
MD5: d553fdd22b0961aa4075a5f5def14e75  C:\WINDOWS\system32\LMIport.dll
MD5: 9fad7dff67555ff1e06bc4a3893024a7  C:\WINDOWS\System32\logon.scr
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160  C:\WINDOWS\system32\LSASRV.dll
MD5: 74145e1d71e2c5f26c0d2875fd682b8e  C:\WINDOWS\system32\Macromed\Flash\FlashUtil10w_Plugin.exe
MD5: af43092e55306659cf366f9b42e4a981  C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: 76848cb1aa5818db47d5f5986e0a7485  C:\WINDOWS\System32\MFC42.DLL
MD5: 1e744353bd534405187a404667da3dc3  C:\WINDOWS\system32\mgmtapi.dll
MD5: 69a5adf546505f4c69ef3046bf798b49  C:\WINDOWS\system32\MPRUI.dll
MD5: c5648be5409e0aabda8c9047bac8f603  C:\WINDOWS\system32\msadp32.acm
MD5: 2aee8855ac827608803bb0dee9995c32  C:\WINDOWS\system32\msfeeds.dll
MD5: a9259cd226283cd4f798c00909754a94  C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e  C:\WINDOWS\system32\msi.dll
MD5: e75aa32c6b79c846f5314ca4da92f29e  C:\WINDOWS\system32\msjava.dll
MD5: 943337d786a56729263071623bbb9de5  C:\WINDOWS\System32\mswsock.dll
MD5: 20fd44370267ccd0a64a1b31861c21d2  C:\WINDOWS\system32\netmsg.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74  c:\windows\system32\netshell.dll
MD5: 1414e666316ca7d9823dbd2d4ada5971  C:\WINDOWS\system32\NETUI2.dll
MD5: 5e28284f9b5f9097640d58a73d38ad4c  C:\WINDOWS\SYSTEM32\notepad.exe
MD5: f8f0d25ca553e39dde485d8fc7fcce89  C:\WINDOWS\system32\ntdll.dll
MD5: 06e587f41466569f32beaac7260e8aec  C:\WINDOWS\System32\nwprovau.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014  C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a  C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6  C:\WINDOWS\system32\OLEACC.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6  C:\WINDOWS\system32\OLEAUT32.dll
MD5: f1dac7969c1337af790bd1d981aa780c  C:\WINDOWS\System32\qmgrprxy.dll
MD5: 34ffb6aba2da398bb33422e1e9275ba9  C:\WINDOWS\System32\quartz.dll
MD5: b8ae25c09b8c26ff72820430294e4ef6  C:\WINDOWS\system32\rassapi.dll
MD5: c7c84df7233f4834cd190f3dccaf50ca  C:\WINDOWS\system32\rdpwsx.dll
MD5: d4502f124289a31976130cccb014c9aa  C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594  C:\WINDOWS\system32\rsvpsp.dll
MD5: a645a78fcdabad67067324d7e6cd9f79  C:\WINDOWS\system32\schannel.dll
MD5: f0a0ebf086597e645bc14b0d98f8ba58  C:\WINDOWS\System32\ScrRun.dll
MD5: 26cb10fa893f940ab09713ff46dcdade  C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa  C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf  C:\WINDOWS\system32\SHSVCS.dll
MD5: e238f4d49a5879ee2fc4ad14ff28f6a1  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LMIproc.dll
MD5: 60784f891563fb1b767f70117fc2428f  C:\WINDOWS\SYSTEM32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527  c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106  C:\WINDOWS\System32\sti.dll
MD5: d0049860b63dd87a73a5d165c829c65f  C:\WINDOWS\system32\t2embed.dll
MD5: 8357809e111e09393633039769d96281  C:\WINDOWS\system32\tcpmib.dll
MD5: 407bc2813b30bc2f8a341d5091828caa  C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89  c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d  C:\WINDOWS\system32\USP10.dll
MD5: 31cf51dcda1424b813cc97b20f71b431  C:\WINDOWS\System32\vbscript.dll
MD5: 9af7d69ba8e58573721c8b6785db4dc3  C:\WINDOWS\system32\VMHELPER.DLL
MD5: 1d4af8c2d2a57edf055ccd75467a45e8  C:\WINDOWS\System32\vsdatant.sys
MD5: 880f7ed2df24db14af96c6d797958796  C:\WINDOWS\System32\wbem\wbemdisp.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d  C:\WINDOWS\System32\WINHTTP.dll
MD5: f362d50fbdc6e34918df41bde1770e5c  C:\WINDOWS\system32\WININET.DLL
MD5: 4a953f13942867ba8fb41f141ec1b80c  C:\WINDOWS\System32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de  C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366  C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196  C:\WINDOWS\system32\WlNotify.dll
MD5: 6472932f2b6084ea1fb3f7f9493ac640  C:\WINDOWS\System32\wshom.ocx
MD5: 277f3e3333f1d10ca428568197fcce70  C:\WINDOWS\system32\wsnmp32.dll
MD5: fb4ac7969a7cbadb6ea5636ed6163257  C:\WINDOWS\system32\XceedZip.dll
MD5: 7facb452456ef5c053af3ee4b228fe0d  C:\WINDOWS\System32\XPOB2RES.DLL
MD5: 16403217ab6fc5c30c14c6b12098ad4b  C:\WINDOWS\System32\xpsp2res.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 1.56 KB recvd
Scanned 905 files and modules - 195 seconds

==============================================================================


RogueKiller V7.2.1 [02/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Daniel [Admin rights]
Mode: Scan -- Date: 03/04/2012 22:11:14

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Download ("C:\Documents and Settings\Daniel\Local Settings\Application Data\SupportSoft\ddoctorv2\Daniel\ssGet.exe" 120 "hxxp://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe") -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2038766453-2915000045-2127540699-1007[...]\Run : Download ("C:\Documents and Settings\Daniel\Local Settings\Application Data\SupportSoft\ddoctorv2\Daniel\ssGet.exe" 120 "hxxp://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe") -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3120026A +++++
--- User ---
[MBR] a383a678cd224af9ca496c06637b93d2
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 114400 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1151
Re: [In Progress] Trojan.Win32.Generic!SB.0 infection
« Reply #9 on: March 05, 2012, 07:23:01 am »

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here   and save it to your desktop.

  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files

    • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    [/list]Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
    Click Advanced Tab. Expand the Miscellaneous item.
    UN-check the line Java quick starter

    Press Apply then OK.  Close the applet when done.

    To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml
    When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.



    Step 2
    Disable your AntiVirus and AntiSpyware applications ( GFI-VIPRE), usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    Do NOT turn off the firewall

    Using Internet Explorer browser only, go to ESET Online Scanner website:
    {Windows 7 & Vista users should start IE by Start  >> Internet Explorer >> Right-Click and select Run As Administrator.}
    • Press the ESET Online scanner" button
    • Check the I accept the terms box. Accept the Terms of Use and press Start button;

    • Approve the install of the required ActiveX Control, then follow on-screen instructions;
    • Un-check the Remove found threats option.

    • Checkmark Scan Archives option.

    • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology

    click Scan.

    • After the scan completes, the Details tab in the Results window will display what was found and removed.
      • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
      Look at contents of this file using Notepad or Wordpad.

      The Frequently Asked Questions for ESET Online Scanner can be viewed here
      http://www.eset.com/onlinescan/cac4.php?page=faq

      • From ESET Tech Support:  If you have ESET NOD32 installed, you should disable it prior to running this scanner. 

      Otherwise the scan will take twice as long to do: 
      everytime the ESET online scanner opens a file on your computer to scan it,  NOD32 on your machine will rescan the file as a result. 

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)   

    • If you use Firefox, you have to install IETab, an add-on.  This is to enable ActiveX support.
    [/list]
     
    After the scan is done, re-enable your antivirus program.

    Reply with copy of the Eset scan log.
    ~Maurice Naggar
    MS-MVP (October 2002 - September 2010)

    Offline holeinshoe

    • Bronze Member
    • Posts: 16
    Re: [In Progress] Trojan.Win32.Generic!SB.0 infection
    « Reply #10 on: March 06, 2012, 07:30:00 pm »
    I have tried to uninstall all of the Java versions listed, but one part does not have a "change/remove" option.  Do you have any suggestions for doing that.

    I have installed the current Java program

    Here is the log from the ESET scan-

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=e113e3d7e9a54e4dabff5af9888a169a
    # end=stopped
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-03-06 02:42:38
    # local_time=2012-03-05 09:42:38 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=258 16777085 20 2 6248831 6248831 0 0
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 0 4 179366556 179366556 0 0
    # scanned=10051
    # found=0
    # cleaned=0
    # scan_time=929
    esets_scanner_update returned -1 esets_gle=53251
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=e113e3d7e9a54e4dabff5af9888a169a
    # end=stopped
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-03-06 03:32:03
    # local_time=2012-03-05 10:32:03 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=258 16777085 20 2 6251059 6251059 0 0
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 0 4 179368784 179368784 0 0
    # scanned=47913
    # found=1
    # cleaned=0
    # scan_time=1668
    C:\Anderson Folder\downloads\ServUSetup.exe   multiple threats (unable to clean)   00000000000000000000000000000000   I
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=e113e3d7e9a54e4dabff5af9888a169a
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-03-06 09:00:49
    # local_time=2012-03-06 04:00:49 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=258 16777085 20 2 6252960 6252960 0 0
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 0 4 179370685 179370685 0 0
    # scanned=177975
    # found=1
    # cleaned=0
    # scan_time=19479
    C:\Anderson Folder\downloads\ServUSetup.exe   multiple threats (unable to clean)   00000000000000000000000000000000   I

    Thanks

    H

    Offline Maurice Naggar

    • Malware Removal Staff
    • Silver Member
    • Posts: 1151
    Re: [In Progress] Trojan.Win32.Generic!SB.0 infection
    « Reply #11 on: March 07, 2012, 07:01:50 am »
    You need to tell me just "which" Java you had an issue with.  And we can address that later.
    For now, I'll have you run one tool and one report utility.

    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    Do NOT turn off the firewall

    If you have a prior copy of Combofix, delete it now !

    Have infinite patience during the run & scan by Combofix. It has many phases:  some 50+ stages
    It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
    You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
    Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

    If this is on a notebook system, make sure first the notebook is connected to wall-power  (AC power)


    Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

    Link 1

    Link 2







    * IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
    If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

    • Disable your AntiVirus and AntiSpyware[/b] applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


    • Double click on Combo-Fix.exe & follow the prompts.


    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




    Click on Yes, to continue scanning for malware.

    Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.


    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
    -------------------------------------------------------

    A caution - Do not run Combofix more than once.
    Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

    The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
    If this occurs, please reboot to restore the desktop. 

    RE-Enable your AntiVirus and AntiSpyware applications.

    Download Security Check by screen317 and save it to your Desktop: here or here
    • Run Security Check
    • Follow the onscreen instructions inside of the command window.
    • A Notepad document should open automatically called checkup.txt; close Notepad.  We will need this log, too, so remember where you've saved it!
    If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

    Then copy/paste the following into your post (in order):
    • the contents of C:\Combofix.txt  and Checkup.txt
    ~Maurice Naggar
    MS-MVP (October 2002 - September 2010)

    Offline holeinshoe

    • Bronze Member
    • Posts: 16
    Re: [In Progress] Trojan.Win32.Generic!SB.0 infection
    « Reply #12 on: March 09, 2012, 12:03:05 am »
    My computer crashed while running the Combofix.  A warning screen stated that a phyical memory dump occurred (if I remember correctly).   I am wondering about re-running the Combofix at this point, but you said"Do not run Combofix more than once" in your previous post.  What should I do next?

    Offline Maurice Naggar

    • Malware Removal Staff
    • Silver Member
    • Posts: 1151
    Re: [In Progress] Trojan.Win32.Generic!SB.0 infection
    « Reply #13 on: March 09, 2012, 05:44:21 am »
    Regarding the Combofix run attempt:
    Did you turn off the GFI/Vipre anti-virus before the Combofix run?
    Did you happen to notice how far C-F had got before "the computer crashed"?   Maybe you had noticed which phase number it was on?

    At the very start you noted:
    "Over the past weekend my A/V kept a program from opening that it said was a trojan.  It said that "this is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability."  Every half-hour the same warning popped up.  I ran spybot last night and fixed  some items that it said need attention.  Since then no A/V notifications have shown up."

    a) Trojan.Win32.Generic!SB.0 infection is described by GFI Labs as follows
    "Trojan.Win32.Generic!SB.0 is the generic detection for password-stealing Trojan horse programs that install keyloggers which record keystrokes and send the data to the malicious operators who distributed the malware."

    b) According to the information provided, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

    You are strongly advised to do the following immediately.
    1. Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.
     
    2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.
     
    3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.
    * Take any other steps you think appropriate for an attempted identity theft.

    You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions. I would recommend that you do a full reformat and reinstall of Windows rather than clean the system.

    I suggest that you backup important files and reinstall everything from scratch.


    Here is some additional information:

    What Is A Backdoor Trojan?

    Danger: Remote Access Trojans

    Consumers – Identity Theft

    When should I re-format? How should I reinstall?

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    Rootkits: The Obscure Hacker Attack

    Help: I Got Hacked. Now What Do I Do?

    Help: I Got Hacked. Now What Do I Do? Part II

    Microsoft Says Recovery from Malware Becoming Impossible

    However, if you do not have the resources to reformat your computer and reinstall your operating system and programs  and would like me to attempt to clean it, I will be happy to do so.

    Should you have any questions, please feel free to ask.
    ~Maurice Naggar
    MS-MVP (October 2002 - September 2010)

    Offline holeinshoe

    • Bronze Member
    • Posts: 16
    Re: [In Progress] Trojan.Win32.Generic!SB.0 infection
    « Reply #14 on: March 10, 2012, 09:31:21 pm »
    Regarding running the Combo Stoppage, I was here during the beginning stages of its scan and had turned off the AV until restart.  It was taking a LOOOOOOONNNNGGGG time to run, but needing some shut-eye, I left it to run on its own.  I looked at it the next day, it had progressed to stage (or was it phase) 3 of the scan I think, and the computer was running really slow.   Then the crash occured.   I did not check the AV program to see whether it was still off line at that time.  Of course, after I started the computer back up it was on.

    I appreciate your advice/warning concerning this infection.  Makes me wonder what firewall/antivirus program would have protected my computer.  You might not be able to answer this question, but does the fact that my AV stopped a *.exe file from operating give me any hope that info has not been passed on and that the Trojan was stopped before doing any damage?

    Thanks for you help.