hj log + malware

A

alex12345

New Member
can anyone find smth or is it time to get a new computer?


Malwarebytes' Anti-Malware 1.41
Database version: 2887
Windows 5.1.2600 Service Pack 2

6/10/2009 8:34:37 AM
mbam-log-2009-10-06 (08-34-37).txt

Scan type: Quick Scan
Objects scanned: 113868
Time elapsed: 15 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:21 AM, on 6/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1078081533-2111687655-854245398-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1078081533-2111687655-854245398-500 Startup: Reboot.exe (User 'Administrator')
O4 - S-1-5-21-1078081533-2111687655-854245398-500 User Startup: Reboot.exe (User 'Administrator')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143243688453
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 9644 bytes
 
Telling us what you think the problem is might help us determine whats wrong. We need to know what issues you are having. Is this an old system?
 
sorry john, i should have said i notice my computer running pathetically slowly at times. it takes 20 sec to open a folder or open the address bar.
malware bytes recently gave me a false positive on some applications, which i deleted b4 i learned they wern't malware.
can malware bytes restore them, apparantly they where interent related program files?
would cleaning out the heating fan help my CPU work faster?
it's just frustrating trying to do work and the computer doesn't respond to my commands.

comp stats
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name RAD2400
System Manufacturer AWARD_
System Model AWRDACPI
System Type X86-based PC
Processor x86 Family 15 Model 3 Stepping 4 GenuineIntel ~2399 Mhz
BIOS Version/Date Phoenix Technologies, LTD 6.00 PG, 5/11/2004
SMBIOS Version 2.2
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
User Name RAD2400\owner
Time Zone AUS Eastern Daylight Time
Total Physical Memory 1,280.00 MB
Available Physical Memory 491.29 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.81 GB
Page File C:\pagefile.sys


Is my computer just extremely lazy?
 
Startup Malwarebytes again and update it (your definitions are old)
Run a Full scan
Remove all found Malwares at the end of the scan

Upgrade your Java Version here: http://java.com/en/download/inc/windows_upgrade_ie.jsp
Once installed, download >> JavaRa
After selecting "English" language, then select "Remove Older Versions"

Uninstall Spybots S&D and Registry Mechanic

Run HJT again (scan only)
And place a check (tick) next to the following and press Fix:
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - S-1-5-21-1078081533-2111687655-854245398-500 Startup: Reboot.exe (User 'Administrator')
O4 - S-1-5-21-1078081533-2111687655-854245398-500 User Startup: Reboot.exe (User 'Administrator')
Click to expand...
Close HJT

Restart

Download this Hosts file: http://mvps.org/winhelp2002/hosts.zip
Unzip, then run MVPS.bat

Then. Start > Run > services.msc
  • Scroll down to "DNS Client", Right-click and select: Properties
    Click the drop-down arrow for "Startup type"
    Select: Manual click Apply/Ok
  • Scroll down to "Help and Support", Right-click and select: Properties
    Click the drop-down arrow for "Startup type"
    Select: Manual click Apply...
    Then click on the Recovery Tab (still in "Help and Support" service)
    Change the 3 failure boxes to "Take No Action"
    Click Apply > OK
Close Services Window

Then Start > Run > CHKDSK /R (note: 1 space before "/") >OK
Type "Y" (without the quotes)
Close the command window

Restart
Your computer will automatically run a Check Disk, do not press any keys
Your computer may restart once more at the end of the scan

Once started again
Download and run CCleaner, to clean out all temp files
Then (still in CCleaner) click on the large "Registry" button
Click on "Scan for issues" then Fix all found issues (backup not required)
Run "Scan for issues" and "Fix" another two more times (it takes about 3 times, to get it all ;))
Close CCleaner

Go to Start > Run > Control Panel > Scheduled Tasks
Right click on any tasks and remove (delete) all tasks
Close Scheduled Tasks window

Open IE > Tools > Internet Options > Advanced > Reset
Restart IE
Go to MS and do all Windows updates (including SP3 and IE8)

Download Combofix, direct link here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disable your antivirus or just allow the process to run (ie if Avira pops up with a warning just allow Combofix to run)
Combofix will save a log file to C:\Combofix folder, please attach >
attach.gif
this log to a new reply.

Then Start > Run > Combofix /u (to uninstall it)

Download >> Smart Defrag
Install, but remove the two ticks on Yahoo, during installation
Once installed, click on "Schedule" button, and remove "Enable Schedule" check mark
Click on "Options" button, and remove "Auto start with Windows"
Apply > OK
Then run a "Deep Optimize" (note this part may take a while, possibly 2 hours, you may want to turn off Internet (modem) and also stop any screen saver)

Restart

You should be fine from there ;)
 
thank you Kimsland for your instruction, i'm just about to start, i guess i'll get back to you in 24hrs when i've done what you recommended.
greatly appreciated!
Alexander
 
Finished!!
i'm quite sure i did everything word for word.
The programs you mentioned, that i downloaded seem very interesting, should i use them every once in a while or will i kill my computer trying? MVPS.bat, CHKDSK, CCleaner Scheduled Tasks, Combofix and Smart Defrag?

this is ComboFix.exe report

ComboFix 09-10-06.04 - owner 08/10/2009 0:17.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.725 [GMT 11:00]
Running from: c:\documents and settings\owner\My Documents\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\{3CB8A~1
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Installer\100bf0d.msp
c:\windows\Installer\101007b.msp
c:\windows\Installer\1028229.msp
c:\windows\Installer\1039c63.msp
c:\windows\Installer\104970f.msp
c:\windows\Installer\109d2c.msp
c:\windows\Installer\11030a.msp
c:\windows\Installer\111279c.msp
c:\windows\Installer\1128cd9.msp
c:\windows\Installer\1191dc2.msp
c:\windows\Installer\11a095a.msp
c:\windows\Installer\11b6d8e.msp
c:\windows\Installer\11c7a4b.msp
c:\windows\Installer\11de7f4.msp
c:\windows\Installer\11dfdde.msp
c:\windows\Installer\11e8f6.msp
c:\windows\Installer\120e4d9.msp
c:\windows\Installer\121ac4f.msp
c:\windows\Installer\1292fd5.msp
c:\windows\Installer\12b3058.msp
c:\windows\Installer\12c2fa.msp
c:\windows\Installer\12e9230.msp
c:\windows\Installer\1308100.msp
c:\windows\Installer\1365715.msp
c:\windows\Installer\1370bfd.msp
c:\windows\Installer\13ac29d.msp
c:\windows\Installer\13b8c84.msp
c:\windows\Installer\140fbb1.msp
c:\windows\Installer\144d152.msp
c:\windows\Installer\14558d1.msp
c:\windows\Installer\147afb.msp
c:\windows\Installer\147ca10.msp
c:\windows\Installer\1494361.msp
c:\windows\Installer\1496476.msp
c:\windows\Installer\149e260.msp
c:\windows\Installer\14c75dd.msp
c:\windows\Installer\1536967.msp
c:\windows\Installer\153efbe.msp
c:\windows\Installer\15a7aca.msp
c:\windows\Installer\1610c5f.msp
c:\windows\Installer\1621766.msp
c:\windows\Installer\162ec5.msp
c:\windows\Installer\164683.msp
c:\windows\Installer\16987c.msp
c:\windows\Installer\16b74dc.msp
c:\windows\Installer\16fb339.msp
c:\windows\Installer\175eece.msp
c:\windows\Installer\177cc87.msp
c:\windows\Installer\178efba.msp
c:\windows\Installer\1797d63.msp
c:\windows\Installer\17a4d08.msp
c:\windows\Installer\17b503f.msp
c:\windows\Installer\17d34af.msp
c:\windows\Installer\17dbe13.msp
c:\windows\Installer\17ee1f1.msp
c:\windows\Installer\17fd395.msp
c:\windows\Installer\180a9a.msp
c:\windows\Installer\18551f4.msp
c:\windows\Installer\18867cf.msp
c:\windows\Installer\189040f.msp
c:\windows\Installer\18b2bc1.msp
c:\windows\Installer\18d522c.msp
c:\windows\Installer\18d668e.msp
c:\windows\Installer\1925928.msp
c:\windows\Installer\194a9c.msp
c:\windows\Installer\194e32f.msp
c:\windows\Installer\1960086.msp
c:\windows\Installer\196d450.msp
c:\windows\Installer\1997039.msp
c:\windows\Installer\19bac2f.msp
c:\windows\Installer\19cc7b1.msp
c:\windows\Installer\19f1942.msp
c:\windows\Installer\19f7656.msp
c:\windows\Installer\1a7550.msp
c:\windows\Installer\1a76018.msp
c:\windows\Installer\1aa7518.msp
c:\windows\Installer\1aa876.msp
c:\windows\Installer\1aa932.msp
c:\windows\Installer\1aa97b3.msp
c:\windows\Installer\1aab53e.msp
c:\windows\Installer\1b46d86.msp
c:\windows\Installer\1b62817.msp
c:\windows\Installer\1b7e1ec.msp
c:\windows\Installer\1b8bc2.msp
c:\windows\Installer\1b9b545.msp
c:\windows\Installer\1ba5d1e.msp
c:\windows\Installer\1bfaff8.msp
c:\windows\Installer\1c0d5ea.msp
c:\windows\Installer\1c22a20.msp
c:\windows\Installer\1c31115.msp
c:\windows\Installer\1c396df.msp
c:\windows\Installer\1cae904.msp
c:\windows\Installer\1cc7cc.msp
c:\windows\Installer\1d103f.msp
c:\windows\Installer\1d4edc6.msp
c:\windows\Installer\1d8ea0a.msp
c:\windows\Installer\1dedb28.msp
c:\windows\Installer\1def83.msp
c:\windows\Installer\1e29717.msp
c:\windows\Installer\1e3e08f.msp
c:\windows\Installer\1e4db98.msp
c:\windows\Installer\1e5236f.msp
c:\windows\Installer\1e54dab.msp
c:\windows\Installer\1e74c5a.msp
c:\windows\Installer\1e7da71.msp
c:\windows\Installer\1e7f52c.msp
c:\windows\Installer\1e85a8.msp
c:\windows\Installer\1ea8a6e.msp
c:\windows\Installer\1ebde65.msp
c:\windows\Installer\1f1afe5.msp
c:\windows\Installer\1f40407.msp
c:\windows\Installer\1f454f.msp
c:\windows\Installer\1f537e3.msp
c:\windows\Installer\1f64329.msp
c:\windows\Installer\1f7155e.msp
c:\windows\Installer\1f8241e.msp
c:\windows\Installer\1fa52c6.msp
c:\windows\Installer\1fd07c4.msp
c:\windows\Installer\20e6c96.msp
c:\windows\Installer\213de43.msp
c:\windows\Installer\2145e70.msp
c:\windows\Installer\214afad.msp
c:\windows\Installer\214fb8a.msp
c:\windows\Installer\21822ea.msp
c:\windows\Installer\21b6dc0.msp
c:\windows\Installer\21c7c80.msp
c:\windows\Installer\21e41bf.msp
c:\windows\Installer\21ec69f.msp
c:\windows\Installer\2207ab.msp
c:\windows\Installer\222d88d.msp
c:\windows\Installer\223ce19.msp
c:\windows\Installer\22536f0.msp
c:\windows\Installer\2284941.msp
c:\windows\Installer\22fdc3.msp
c:\windows\Installer\2325297.msp
c:\windows\Installer\234edb4.msp
c:\windows\Installer\23bbfad.msp
c:\windows\Installer\23e293a.msp
c:\windows\Installer\23e556b.msp
c:\windows\Installer\240443b.msp
c:\windows\Installer\2431d5b.msp
c:\windows\Installer\246db1e.msp
c:\windows\Installer\2475e77.msp
c:\windows\Installer\24a3e.msp
c:\windows\Installer\24a9d28.msp
c:\windows\Installer\24c22.msp
c:\windows\Installer\252818a.msp
c:\windows\Installer\25375.msp
c:\windows\Installer\2565e9.msp
c:\windows\Installer\259ce.msp
c:\windows\Installer\259d258.msp
c:\windows\Installer\25a32a8.msp
c:\windows\Installer\25e33dd.msp
c:\windows\Installer\25fc5e7.msp
c:\windows\Installer\26027.msp
c:\windows\Installer\2602e17.msp
c:\windows\Installer\261df22.msp
c:\windows\Installer\262ed37.msp
c:\windows\Installer\263d1.msp
c:\windows\Installer\26603.msp
c:\windows\Installer\267102d.msp
c:\windows\Installer\2688633.msp
c:\windows\Installer\26bc0fb.msp
c:\windows\Installer\26d23c7.msp
c:\windows\Installer\26e9e.msp
c:\windows\Installer\26fc7.msp
c:\windows\Installer\270a2.msp
c:\windows\Installer\2713e.msp
c:\windows\Installer\271e0ab.msp
c:\windows\Installer\274c787.msp
c:\windows\Installer\27881.msp
c:\windows\Installer\27a594f.msp
c:\windows\Installer\27c3b.msp
c:\windows\Installer\27cb8.msp
c:\windows\Installer\2800e01.msp
c:\windows\Installer\28023.msp
c:\windows\Installer\28245.msp
c:\windows\Installer\2832f65.msp
c:\windows\Installer\28398ec.msp
c:\windows\Installer\2843878.msp
c:\windows\Installer\28589d.msp
c:\windows\Installer\285a33.msp
c:\windows\Installer\28718.msp
c:\windows\Installer\28755c6.msp
c:\windows\Installer\28843df.msp
c:\windows\Installer\289c7.msp
c:\windows\Installer\289fe7f.msp
c:\windows\Installer\28aa2.msp
c:\windows\Installer\28ae7d.msp
c:\windows\Installer\28af29.msp
c:\windows\Installer\28bad29.msp
c:\windows\Installer\28bcb.msp
c:\windows\Installer\28c58.msp
c:\windows\Installer\28c86.msp
c:\windows\Installer\28d454.msp
c:\windows\Installer\28d52.msp
c:\windows\Installer\28d80.msp
c:\windows\Installer\28f3d16.msp
c:\windows\Installer\29020.msp
c:\windows\Installer\290c7ae.msp
c:\windows\Installer\290fb.msp
c:\windows\Installer\2911a.msp
c:\windows\Installer\29502.msp
c:\windows\Installer\2956a53.msp
c:\windows\Installer\297d46e.msp
c:\windows\Installer\2982f.msp
c:\windows\Installer\298a579.msp
c:\windows\Installer\29a4762.msp
c:\windows\Installer\29a4d8c.msp
c:\windows\Installer\29a81.msp
c:\windows\Installer\29c65.msp
c:\windows\Installer\29c79f1.msp
c:\windows\Installer\29d30.msp
c:\windows\Installer\29d6f.msp
c:\windows\Installer\29e59.msp
c:\windows\Installer\2a0405f.msp
c:\windows\Installer\2a08354.msp
c:\windows\Installer\2a0ca.msp
c:\windows\Installer\2a0fe31.msp
c:\windows\Installer\2a128.msp
c:\windows\Installer\2a35bf7.msp
c:\windows\Installer\2a3a2e.msp
c:\windows\Installer\2a752.msp
c:\windows\Installer\2a7de24.msp
c:\windows\Installer\2a9f2.msp
c:\windows\Installer\2ab2f05.msp
c:\windows\Installer\2ab5ceb.msp
c:\windows\Installer\2ae8e4d.msp
c:\windows\Installer\2af471d.msp
c:\windows\Installer\2afade.msp
c:\windows\Installer\2afe59.msp
c:\windows\Installer\2b0e7.msp
c:\windows\Installer\2b25dd3.msp
c:\windows\Installer\2b2db.msp
c:\windows\Installer\2b2eb.msp
c:\windows\Installer\2b368.msp
c:\windows\Installer\2b3951a.msp
c:\windows\Installer\2b3f4.msp
c:\windows\Installer\2b404.msp
c:\windows\Installer\2b4cf40.msp
c:\windows\Installer\2b63e90.msp
c:\windows\Installer\2b684.msp
c:\windows\Installer\2b81b.msp
c:\windows\Installer\2baf9.msp
c:\windows\Installer\2bb86.msp
c:\windows\Installer\2bbd559.msp
c:\windows\Installer\2bcaf.msp
c:\windows\Installer\2be06.msp
c:\windows\Installer\2be26.msp
c:\windows\Installer\2be35.msp
c:\windows\Installer\2bf00.msp
c:\windows\Installer\2bf0d62.msp
c:\windows\Installer\2bf2be6.msp
c:\windows\Installer\2c1f69.msp
c:\windows\Installer\2c24c.msp
c:\windows\Installer\2c27d34.msp
c:\windows\Installer\2c29a.msp
c:\windows\Installer\2c317.msp
c:\windows\Installer\2c3e2.msp
c:\windows\Installer\2c40f9c.msp
c:\windows\Installer\2c44c28.msp
c:\windows\Installer\2c569.msp
c:\windows\Installer\2c81323.msp
c:\windows\Installer\2c951.msp
c:\windows\Installer\2cc58c.msp
c:\windows\Installer\2cd87.msp
c:\windows\Installer\2cf819a.msp
c:\windows\Installer\2d02c.msp
c:\windows\Installer\2d283d.msp
c:\windows\Installer\2d344.msp
c:\windows\Installer\2d382.msp
c:\windows\Installer\2d3a2.msp
c:\windows\Installer\2d436be.msp
c:\windows\Installer\2d5e3f1.msp
c:\windows\Installer\2d6be.msp
c:\windows\Installer\2d6de.msp
c:\windows\Installer\2d6ed.msp
c:\windows\Installer\2d71e9.msp
c:\windows\Installer\2d7a9.msp
c:\windows\Installer\2d7f7.msp
c:\windows\Installer\2d9381d.msp
c:\windows\Installer\2d9d94f.msp
c:\windows\Installer\2d9fea9.msp
c:\windows\Installer\2dc5c.msp
c:\windows\Installer\2dc7650.msp
c:\windows\Installer\2dcba.msp
c:\windows\Installer\2dd65b1.msp
c:\windows\Installer\2dd85.msp
c:\windows\Installer\2ddd3.msp
c:\windows\Installer\2dde3.msp
c:\windows\Installer\2de11.msp
c:\windows\Installer\2df240b.msp
c:\windows\Installer\2df4a.msp
c:\windows\Installer\2df784.msp
c:\windows\Installer\2e0061e.msp
c:\windows\Installer\2e089b.msp
c:\windows\Installer\2e2b5.msp
c:\windows\Installer\2e4c38f.msp
c:\windows\Installer\2e4c8.msp
c:\windows\Installer\2e53237.msp
c:\windows\Installer\2e593.msp
c:\windows\Installer\2e96c.msp
c:\windows\Installer\2edb114.msp
c:\windows\Installer\2edd40e.msp
c:\windows\Installer\2ef553f.msp
c:\windows\Installer\2efa5.msp
c:\windows\Installer\2f13aa9.msp
c:\windows\Installer\2f1e81f.msp
c:\windows\Installer\2f28b64.msp
c:\windows\Installer\2f355b9.msp
c:\windows\Installer\2f399b7.msp
c:\windows\Installer\2f63a72.msp
c:\windows\Installer\2f73de7.msp
c:\windows\Installer\2f7c4.msp
c:\windows\Installer\2f9ce56.msp
c:\windows\Installer\2fa06.msp
c:\windows\Installer\2fb7d.msp
c:\windows\Installer\2fc67.msp
c:\windows\Installer\2fd0d45.msp
c:\windows\Installer\2fdf4c7.msp
c:\windows\Installer\2ff0107.msp
c:\windows\Installer\2ff85f6.msp
c:\windows\Installer\30105ef.msp
c:\windows\Installer\3043657.msp
c:\windows\Installer\30485.msp
c:\windows\Installer\305cd.msp
c:\windows\Installer\3064a.msp
c:\windows\Installer\30679.msp
c:\windows\Installer\307e1.msp
c:\windows\Installer\3084e.msp
c:\windows\Installer\30afd.msp
c:\windows\Installer\30d9d.msp
c:\windows\Installer\30ea4c0.msp
c:\windows\Installer\31085a5.msp
c:\windows\Installer\310b4b4.msp
c:\windows\Installer\311de9.msp
c:\windows\Installer\3124d46.msp
c:\windows\Installer\314b8d7.msp
c:\windows\Installer\314c1.msp
c:\windows\Installer\314d1.msp
c:\windows\Installer\3157447.msp
c:\windows\Installer\315bb.msp
c:\windows\Installer\316c7d1.msp
c:\windows\Installer\31752.msp
c:\windows\Installer\317646f.msp
c:\windows\Installer\318fc74.msp
c:\windows\Installer\31a30.msp
c:\windows\Installer\31ab753.msp
c:\windows\Installer\31ef3.msp
c:\windows\Installer\31f02.msp
c:\windows\Installer\31f7f.msp
c:\windows\Installer\3214fb.msp
c:\windows\Installer\32540e5.msp
c:\windows\Installer\325e8.msp
c:\windows\Installer\32694.msp
c:\windows\Installer\326d2.msp
c:\windows\Installer\327cc.msp
c:\windows\Installer\32837ee.msp
c:\windows\Installer\328f2f1.msp
c:\windows\Installer\329475a.msp
c:\windows\Installer\329b1.msp
c:\windows\Installer\32aba.msp
c:\windows\Installer\32b1479.msp
c:\windows\Installer\32c5d55.msp
c:\windows\Installer\32f7e4b.msp
c:\windows\Installer\331748e.msp
c:\windows\Installer\3332952.msp
c:\windows\Installer\3343ef8.msp
c:\windows\Installer\33569.msp
c:\windows\Installer\33634.msp
c:\windows\Installer\33663.msp
c:\windows\Installer\3368f8f.msp
c:\windows\Installer\3371e.msp
c:\windows\Installer\3379b.msp
c:\windows\Installer\337ca.msp
c:\windows\Installer\337efcb.msp
c:\windows\Installer\33970.msp
c:\windows\Installer\33a6a.msp
c:\windows\Installer\33c87b2.msp
c:\windows\Installer\33cc4cb.msp
c:\windows\Installer\33f5c.msp
c:\windows\Installer\341077e.msp
c:\windows\Installer\34259.msp
c:\windows\Installer\34279.msp
c:\windows\Installer\34363.msp
c:\windows\Installer\344da.msp
c:\windows\Installer\345a5.msp
c:\windows\Installer\345d4.msp
c:\windows\Installer\347a651.msp
c:\windows\Installer\34855.msp
c:\windows\Installer\348f130.msp
c:\windows\Installer\3491a15.msp
c:\windows\Installer\349549d.msp
c:\windows\Installer\34b50ea.msp
c:\windows\Installer\34c1bcc.msp
c:\windows\Installer\34c4c.msp
c:\windows\Installer\34d17.msp
c:\windows\Installer\34eb841.msp
c:\windows\Installer\350b856.msp
c:\windows\Installer\352672f.msp
c:\windows\Installer\35361.msp
c:\windows\Installer\3539a02.msp
c:\windows\Installer\353d640.msp
c:\windows\Installer\3561850.msp
c:\windows\Installer\357e5.msp
c:\windows\Installer\35a66.msp
c:\windows\Installer\35b8cbd.msp
c:\windows\Installer\35e464f.msp
c:\windows\Installer\35f09.msp
c:\windows\Installer\35fdd6.msp
c:\windows\Installer\3611c.msp
c:\windows\Installer\3615b.msp
c:\windows\Installer\3618a.msp
c:\windows\Installer\362e1.msp
c:\windows\Installer\365cf.msp
c:\windows\Installer\36718.msp
c:\windows\Installer\367ee99.msp
c:\windows\Installer\36d6b72.msp
c:\windows\Installer\36dadba.msp
c:\windows\Installer\36dbf.msp
c:\windows\Installer\36eaf4c.msp
c:\windows\Installer\36fcbc8.msp
c:\windows\Installer\3725c95.msp
c:\windows\Installer\37272.msp
c:\windows\Installer\3727916.msp
c:\windows\Installer\37281.msp
c:\windows\Installer\3729335.msp
c:\windows\Installer\372b69.msp
c:\windows\Installer\37418.msp
c:\windows\Installer\379714.msp
c:\windows\Installer\379a6.msp
c:\windows\Installer\37c55.msp
c:\windows\Installer\37d75c4.msp
c:\windows\Installer\37e2a.msp
c:\windows\Installer\37fff.msp
c:\windows\Installer\380b918.msp
c:\windows\Installer\380ca.msp
c:\windows\Installer\38371d.msp
c:\windows\Installer\383d7.msp
c:\windows\Installer\385adc5.msp
c:\windows\Installer\387fd.msp
c:\windows\Installer\38b2a.msp
c:\windows\Installer\38b6b7f.msp
c:\windows\Installer\38d291e.msp
c:\windows\Installer\38dab.msp
c:\windows\Installer\38fda05.msp
c:\windows\Installer\39394bb.msp
c:\windows\Installer\39481.msp
c:\windows\Installer\39482.msp
c:\windows\Installer\3953ec2.msp
c:\windows\Installer\397421.msp
c:\windows\Installer\3993ae6.msp
c:\windows\Installer\3998741.msp
c:\windows\Installer\39988b8.msp
c:\windows\Installer\399db5c.msp
c:\windows\Installer\39b76.msp
c:\windows\Installer\39b88ce.msp
c:\windows\Installer\39d8e13.msp
c:\windows\Installer\39dbf36.msp
c:\windows\Installer\3a1ede3.msp
c:\windows\Installer\3a2794b.msp
c:\windows\Installer\3a5e7b6.msp
c:\windows\Installer\3a663.msp
c:\windows\Installer\3a6be9d.msp
c:\windows\Installer\3a6d0.msp
c:\windows\Installer\3a7ca.msp
c:\windows\Installer\3a89f6.msp
c:\windows\Installer\3abc55c.msp
c:\windows\Installer\3ad883.msp
c:\windows\Installer\3b0a4.msp
c:\windows\Installer\3b2ec2b.msp
c:\windows\Installer\3b50bbf.msp
c:\windows\Installer\3b5f3.msp
c:\windows\Installer\3b8f17d.msp
c:\windows\Installer\3b9480.msp
c:\windows\Installer\3bae2fd.msp
c:\windows\Installer\3bb23.msp
c:\windows\Installer\3bf718d.msp
c:\windows\Installer\3c036f1.msp
c:\windows\Installer\3c16d.msp
c:\windows\Installer\3c2c4.msp
c:\windows\Installer\3c40c.msp
c:\windows\Installer\3c71a.msp
c:\windows\Installer\3c77fde.msp
c:\windows\Installer\3cd53.msp
c:\windows\Installer\3ce9c.msp
c:\windows\Installer\3cf19f.msp
c:\windows\Installer\3d32f.msp
c:\windows\Installer\3d38d.msp
c:\windows\Installer\3d57bc.msp
c:\windows\Installer\3d6db5.msp
c:\windows\Installer\3d84488.msp
c:\windows\Installer\3db4e7d.msp
c:\windows\Installer\3dc19.msp
c:\windows\Installer\3e1f5.msp
c:\windows\Installer\3e272.msp
c:\windows\Installer\3e37b.msp
c:\windows\Installer\3e4bef.msp
c:\windows\Installer\3e715.msp
c:\windows\Installer\3e8cb.msp
c:\windows\Installer\3e9e8e4.msp
c:\windows\Installer\3eaaf.msp
c:\windows\Installer\3ed3f.msp
c:\windows\Installer\3ef0c13.msp
c:\windows\Installer\3f73b6.msp
c:\windows\Installer\3fb5027.msp
c:\windows\Installer\4001b.msp
c:\windows\Installer\4002a47.msp
c:\windows\Installer\40319.msp
c:\windows\Installer\405520a.msp
c:\windows\Installer\4056709.msp
c:\windows\Installer\411e353.msp
c:\windows\Installer\41396ef.msp
c:\windows\Installer\41addf9.msp
c:\windows\Installer\41ba7f0.msp
c:\windows\Installer\41c8d.msp
c:\windows\Installer\41eb0.msp
c:\windows\Installer\423b1.msp
c:\windows\Installer\426ba88.msp
c:\windows\Installer\4272b.msp
c:\windows\Installer\42805a.msp
c:\windows\Installer\42e8b05.msp
c:\windows\Installer\42ff042.msp
c:\windows\Installer\43a4c5.msp
c:\windows\Installer\43aa4.msp
c:\windows\Installer\43bcd.msp
c:\windows\Installer\43e8c.msp
c:\windows\Installer\4423ee7.msp
c:\windows\Installer\44a25.msp
c:\windows\Installer\45106b.msp
c:\windows\Installer\4545dc2.msp
c:\windows\Installer\455ec.msp
c:\windows\Installer\45b95d.msp
c:\windows\Installer\45dc85.msp
c:\windows\Installer\45ebc0e.msp
c:\windows\Installer\468b9.msp
c:\windows\Installer\46d7dd.msp
c:\windows\Installer\475be2.msp
c:\windows\Installer\47d4ff0.msp
c:\windows\Installer\4809e5.msp
c:\windows\Installer\48a275a.msp
c:\windows\Installer\48a313d.msp
c:\windows\Installer\48a903.msp
c:\windows\Installer\4a209.msp
c:\windows\Installer\4ad34.msp
c:\windows\Installer\4b0b0f.msp
c:\windows\Installer\4b8d81c.msp
c:\windows\Installer\4c02aaf.msp
c:\windows\Installer\4c8d3a.msp
c:\windows\Installer\4dfb61.msp
c:\windows\Installer\4fb15.msp
c:\windows\Installer\4fce2df.msp
c:\windows\Installer\50779ee.msp
c:\windows\Installer\50a3c89.msp
c:\windows\Installer\50b52.msp
c:\windows\Installer\50bcf3f.msp
c:\windows\Installer\5168d.msp
c:\windows\Installer\517ff5d.msp
c:\windows\Installer\51804.msp
c:\windows\Installer\51a58c.msp
c:\windows\Installer\51c75b2.msp
c:\windows\Installer\51db1.msp
c:\windows\Installer\51e84ad.msp
c:\windows\Installer\527e2.msp
c:\windows\Installer\52850.msp
c:\windows\Installer\52c86.msp
c:\windows\Installer\52c9c.msp
c:\windows\Installer\52ca94.msp
c:\windows\Installer\52dbe.msp
c:\windows\Installer\52f35.msp
c:\windows\Installer\53c938.msp
c:\windows\Installer\540016.msp
c:\windows\Installer\544b161.msp
c:\windows\Installer\5481b09.msp
c:\windows\Installer\55ec1.msp
c:\windows\Installer\56bb2.msp
c:\windows\Installer\56e13.msp
c:\windows\Installer\56f644.msp
c:\windows\Installer\5768f.msp
c:\windows\Installer\577e60.msp
c:\windows\Installer\57b52.msp
c:\windows\Installer\57d65.msp
c:\windows\Installer\582b4.msp
c:\windows\Installer\5b9758.msp
c:\windows\Installer\5bd7d16.msp
c:\windows\Installer\5da5a.msp
c:\windows\Installer\5e177c7.msp
c:\windows\Installer\5e8b2.msp
c:\windows\Installer\5f17a0.msp
c:\windows\Installer\5f3cd.msp
c:\windows\Installer\5f554.msp
c:\windows\Installer\5fe2e.msp
c:\windows\Installer\60070.msp
c:\windows\Installer\60e57e0.msp
c:\windows\Installer\61075b.msp
c:\windows\Installer\615c7bf.msp
c:\windows\Installer\61e29ed.msp
c:\windows\Installer\62bd96.msp
c:\windows\Installer\65e30.msp
c:\windows\Installer\6692c.msp
c:\windows\Installer\69e5ae.msp
c:\windows\Installer\6a9ba0.msp
c:\windows\Installer\6ae82.msp
c:\windows\Installer\6b5ef32.msp
c:\windows\Installer\6ba213.msp
c:\windows\Installer\6bc8c.msp
c:\windows\Installer\6c7f73.msp
c:\windows\Installer\7066b8.msp
c:\windows\Installer\7156a.msp
c:\windows\Installer\728ed7.msp
c:\windows\Installer\72b1d1.msp
c:\windows\Installer\734e20.msp
c:\windows\Installer\749bde.msp
c:\windows\Installer\74d184.msp
c:\windows\Installer\754adb.msp
c:\windows\Installer\76119.msp
c:\windows\Installer\76772.msp
c:\windows\Installer\772d75.msp
c:\windows\Installer\77e7fb.msp
c:\windows\Installer\799202.msp
c:\windows\Installer\7a8c1.msp
c:\windows\Installer\7ab7d5.msp
c:\windows\Installer\7b0161.msp
c:\windows\Installer\7b4a70.msp
c:\windows\Installer\7d4ff4.msp
c:\windows\Installer\7de77.msp
c:\windows\Installer\7ee26.msp
c:\windows\Installer\7ee838.msp
c:\windows\Installer\7f8c5.msp
c:\windows\Installer\804cc9.msp
c:\windows\Installer\8180b5.msp
c:\windows\Installer\83215.msp
c:\windows\Installer\83adf.msp
c:\windows\Installer\83b5a6.msp
c:\windows\Installer\844b91a.msp
c:\windows\Installer\84abd.msp
c:\windows\Installer\864be.msp
c:\windows\Installer\87dbf7.msp
c:\windows\Installer\88229.msp
c:\windows\Installer\889f38.msp
c:\windows\Installer\88b31.msp
c:\windows\Installer\8a8712.msp
c:\windows\Installer\8c27e.msp
c:\windows\Installer\8d1261.msp
c:\windows\Installer\8db6cf.msp
c:\windows\Installer\8e40f.msp
c:\windows\Installer\8f6cc.msp
c:\windows\Installer\8f8507.msp
c:\windows\Installer\9103a8.msp
c:\windows\Installer\9148b0.msp
c:\windows\Installer\91ca4.msp
c:\windows\Installer\93cde.msp
c:\windows\Installer\94f8b.msp
c:\windows\Installer\95306.msp
c:\windows\Installer\9540f.msp
c:\windows\Installer\95a78.msp
c:\windows\Installer\978275.msi
c:\windows\Installer\98512.msp
c:\windows\Installer\996cdb.msp
c:\windows\Installer\997b90.msp
c:\windows\Installer\99ad2f.msp
c:\windows\Installer\99b1b.msp
c:\windows\Installer\99b5f9.msp
c:\windows\Installer\9aaf9c.msp
c:\windows\Installer\9c8d2.msp
c:\windows\Installer\9dcc7.msp
c:\windows\Installer\a035cb.msp
c:\windows\Installer\a12098.msp
c:\windows\Installer\a2daeb.msp
c:\windows\Installer\a2f3b2.msp
c:\windows\Installer\a31fc.msp
c:\windows\Installer\a38582.msp
c:\windows\Installer\a74b2.msp
c:\windows\Installer\a89d29.msp
c:\windows\Installer\ab52a4.msp
c:\windows\Installer\acc791.msp
c:\windows\Installer\ad334b.msp
c:\windows\Installer\ad79ab.msp
c:\windows\Installer\af3584.msp
c:\windows\Installer\b17ddd.msp
c:\windows\Installer\b2d2af.msp
c:\windows\Installer\b45344.msp
c:\windows\Installer\b4986c.msp
c:\windows\Installer\b6075d.msp
c:\windows\Installer\b67ecf.msp
c:\windows\Installer\bb61b.msp
c:\windows\Installer\bbdb5e.msp
c:\windows\Installer\be4c2f.msp
c:\windows\Installer\c0e1fd.msp
c:\windows\Installer\c136f3.msp
c:\windows\Installer\c1831.msp
c:\windows\Installer\c4348.msp
c:\windows\Installer\c474a9.msp
c:\windows\Installer\c4818a.msp
c:\windows\Installer\c4fb6d.msp
c:\windows\Installer\c655ae.msp
c:\windows\Installer\c76190.msp
c:\windows\Installer\c81dac.msp
c:\windows\Installer\c9b767.msp
c:\windows\Installer\ca815e.msp
c:\windows\Installer\cdba32.msp
c:\windows\Installer\d1405c.msp
c:\windows\Installer\d3466d.msp
c:\windows\Installer\d37741.msp
c:\windows\Installer\d398f2.msp
c:\windows\Installer\d43e1b.msp
c:\windows\Installer\d498c.msp
c:\windows\Installer\d65f93.msp
c:\windows\Installer\d6d540.msp
c:\windows\Installer\d774dc.msp
c:\windows\Installer\d8232d.msp
c:\windows\Installer\d8ec97.msp
c:\windows\Installer\db6e70.msp
c:\windows\Installer\e23d0d.msp
c:\windows\Installer\e26ec.msp
c:\windows\Installer\e35321.msp
c:\windows\Installer\e3d39b.msp
c:\windows\Installer\e4ce95.msp
c:\windows\Installer\e5287d.msp
c:\windows\Installer\e647e7.msp
c:\windows\Installer\e6c93c.msp
c:\windows\Installer\e767fd.msp
c:\windows\Installer\e97050.msp
c:\windows\Installer\eb749c.msp
c:\windows\Installer\ec2ee.msp
c:\windows\Installer\ee8269.msp
c:\windows\Installer\eea487.msp
c:\windows\Installer\eec945.msp
c:\windows\Installer\ef6017.msp
c:\windows\Installer\f1d935.msp
c:\windows\Installer\f231e4.msp
c:\windows\Installer\f2bbe4.msp
c:\windows\Installer\f3734d.msp
c:\windows\Installer\f41a0d.msp
c:\windows\Installer\faf656.msp
c:\windows\Installer\fba032.msp
c:\windows\Installer\fbcee4.msp
c:\windows\Installer\fd43b1.msp
c:\windows\Installer\fda809.msp
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\wpd99.drv
 
Infected copy of c:\windows\system32\autochk.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\autochk.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 06:30 . 2009-10-07 06:30 -------- d-----w- c:\program files\CCleaner
2009-10-05 16:16 . 2009-10-05 16:31 17200624 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe
2009-10-05 16:16 . 2009-10-05 16:16 8406648 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-10-05 16:11 . 2009-10-05 16:12 10309448 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-10-05 16:06 . 2009-10-05 16:06 64000 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-10-05 16:06 . 2009-10-05 16:06 52288 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-10-05 16:06 . 2009-10-05 16:06 50688 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-10-05 16:06 . 2009-10-05 16:06 114688 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-09-14 09:07 . 2009-07-21 10:21 38208 ----a-w- c:\documents and settings\owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-14 09:07 . 2009-09-14 09:07 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\NOS
2009-09-14 09:06 . 2009-09-14 09:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-14 09:01 . 2009-09-14 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-14 09:01 . 2009-09-14 09:01 -------- d-----w- c:\program files\NOS
2009-09-10 00:35 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 00:31 . 2009-01-20 10:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 00:29 . 2009-09-06 13:08 152576 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-06 18:58 . 2009-02-15 18:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-06 18:53 . 2006-01-12 14:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-06 18:51 . 2006-01-12 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-06 14:40 . 2008-04-20 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-05 16:05 . 2008-05-04 21:36 488968 ----a-w- c:\documents and settings\owner\Application Data\Real\Update\setup\setup.exe
2009-10-05 15:57 . 2008-03-06 10:43 2608 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-02 00:48 . 2009-08-04 13:36 -------- d-----w- c:\documents and settings\owner\Application Data\Tinn-R
2009-09-17 01:47 . 2008-10-16 09:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-14 10:15 . 2005-05-14 10:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-14 03:55 . 2005-05-03 13:11 52288 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 04:46 . 2009-02-08 15:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 04:54 . 2008-10-16 09:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 04:53 . 2008-10-16 09:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 07:03 . 2007-01-10 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-09-08 07:03 . 2006-11-30 03:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-09-07 07:13 . 2009-09-07 07:13 -------- d-----w- c:\program files\Nitro PDF
2009-09-07 07:11 . 2009-09-07 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-09-07 07:07 . 2009-09-07 07:07 -------- d-----w- c:\documents and settings\owner\Application Data\pdf995
2009-09-07 06:59 . 2009-09-07 06:59 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-09-07 06:59 . 2009-09-07 06:59 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-09-07 06:59 . 2009-09-07 06:59 -------- d-----w- c:\program files\pdf995
2009-09-06 14:03 . 2006-02-14 06:12 -------- d-----w- c:\program files\Java
2009-09-06 09:03 . 2005-09-04 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-06 04:43 . 2007-10-09 08:07 -------- d-----w- c:\program files\NCH Swift Sound
2009-09-04 12:47 . 2009-09-04 12:47 -------- d-----w- c:\program files\Trend Micro
2009-09-01 15:12 . 2008-03-19 01:24 -------- d-----w- c:\program files\Safari
2009-09-01 15:08 . 2009-09-01 15:08 -------- d-----w- c:\program files\iTunes
2009-09-01 15:08 . 2009-09-01 15:08 -------- d-----w- c:\program files\iPod
2009-09-01 15:08 . 2007-09-10 08:41 -------- d-----w- c:\program files\Common Files\Apple
2009-09-01 15:05 . 2005-06-18 13:02 -------- d-----w- c:\program files\QuickTime
2009-08-17 00:37 . 2009-08-17 00:37 -------- d-----w- c:\program files\MSBuild
2009-08-17 00:37 . 2009-08-17 00:37 -------- d-----w- c:\program files\Reference Assemblies
2009-08-17 00:31 . 2009-08-17 00:31 -------- d-----w- c:\program files\MSXML 6.0
2009-08-06 08:24 . 2005-05-03 12:59 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 08:24 . 2005-05-03 12:59 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 08:24 . 2005-05-25 18:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 08:24 . 2005-05-12 22:23 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 08:24 . 2004-09-11 19:38 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 08:24 . 2002-08-29 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 08:23 . 2005-05-03 12:59 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 08:23 . 2006-03-25 00:07 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 08:23 . 2005-05-25 17:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 08:23 . 2004-09-11 19:38 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2002-08-29 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 13:43 . 2005-05-03 12:59 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2008-04-25 08:15 . 2006-11-21 04:30 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-17 1228800]
"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-13 99840]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2006-03-01 684032]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2005-05-16 40960]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2006-02-23 57344]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-05-13 67072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Reboot.exe [2002-8-20 432128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^V-Gear TV Remote Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\V-Gear TV Remote Control.lnk
backup=c:\windows\pss\V-Gear TV Remote Control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^owner^Start Menu^Programs^Startup^BEE Service.lnk]
path=c:\documents and settings\owner\Start Menu\Programs\Startup\BEE Service.lnk
backup=c:\windows\pss\BEE Service.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"ServiceLayer"=3 (0x3)
"MGABGEXE"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"GoogleDesktopManager-022208-143751"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"gupdate1c98d3f3d9daa2e"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 1:00 PM 277504]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [6/09/2007 9:15 PM 5504]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [10/05/2005 11:30 PM 450400]
S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys [6/03/2008 9:31 PM 217728]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [29/08/2002 11:00 PM 14336]
S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\drivers\GLKbFilter.sys [6/03/2008 9:34 PM 11264]
S4 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/11/2006 3:29 PM 29744]
S4 gupdate1c98d3f3d9daa2e;Google Update Service (gupdate1c98d3f3d9daa2e);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 5:25 AM 133104]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [3/04/2006 7:12 PM 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-10-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 09:32]

2009-10-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 08:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\qs5tqu8s.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 00:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-2111687655-854245398-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9DC9D7B-C910-F338-816B-BD30707E62BE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaidacmhehhbcepokm"=hex:6b,61,66,6b,68,68,63,66,66,61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00
"haochlblafkmdjkk"=hex:6b,61,66,6b,68,68,63,66,66,61,6d,66,67,6d,66,6b,6c,6e,
6a,62,62,61,00,00

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.1\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:a8,00,ba,00,b1,00,a1,00,b6,00,1f,00,6f,00,e3,00,ca,00,76,00,
4a,00,d3,00,21,00,b8,00,d3,00,ee,00,bb,00,a1,00,ff,00,19,00,bd,00,e4,00,60,\

[HKEY_LOCAL_MACHINE\software\VSN International\GenStat\Version 9.2\License\Trial Data* VSN International Ltd.*]
"Hidden Value"=hex:b6,00,58,00,cc,00,0d,00,ea,00,83,00,7a,00,dd,00,c2,00,c6,00,
88,00,9e,00,21,00,c6,00,98,00,31,00,f1,00,fb,00,fc,00,07,00,10,00,15,00,4a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1856)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\PDesk\PDKERNEL.DLL
c:\windows\system32\PDesk\PDTOOLS.DLL
c:\windows\system32\PDesk\PDRESENG.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2009-10-07 0:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-07 13:44

Pre-Run: 67,741,810,688 bytes free
Post-Run: 68,419,436,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

987 --- E O F --- 2009-10-06 16:01
 
alex12345 said:
Finished!!
i'm quite sure i did everything word for word.
The programs you mentioned, that i downloaded seem very interesting, should i use them every once in a while or will i kill my computer trying? MVPS.bat, CHKDSK, CCleaner Scheduled Tasks, Combofix and Smart Defrag?

this is ComboFix.exe report
Click to expand...
Looking at the parts I put in Bold first ;)

I said "ATTACH", I even put a little Attach pic >
attach.gif

This huge pasted log you have put in (two replies) is very difficult to read (unless I copy it all and then paste it to Notepad myself)
Oh well, but you did say "word for word"

Yes those programs can be used again, but:
  • MVPS: This program updates around ~ once a month, even if you don't update it, it won't really matter (as you are already being protected from many ads online, with this current one)
    ie: Just check the site once in a while, the current Hosts file (on the site) is dated: Sept-02-2009 (which is pretty good)
  • CHKDSK: Actually, the main reason your files get "crosslinked" or corrupted requiring this tool; is when your computer does get shut down normally (which happens a lot on these Malware issues)
    If you shutdown normally, then you shouldn't need to use it for another ~ 6 months
  • CCleaner: I'll be truthful, I run this everyday (just the cleaner part) The Registry part I only run when a program install or uninstall corrupts or something similar
  • Scheduled Tasks: Periodically check "Scheduled Tasks" (say on every new program install)
    Even the free Defrag program I gave (linked) to you, created a Scheduled Task, but I then stated to remove the tick in the program, so you wouldn't have seen it
  • Combofix: This program should be used and then uninstalled (as I've stated to do)
    The problem is, Combofix updates regularly, and if you have the old version (or last updated version) still installed, it won't work properly
    This program is also very very critical, you should not quote it to others to "try this" or anything. Depending upon the fault and User's filesystem, Combofix can corrupt all Windows files! (I confirmed yours was ok to use) Therefore don't use this one again, unless advised by a specialized malware helper
  • Smart Defrag: This program can be used when you do large files move, or big installs/uninstalls, or say every 3 months or so.
    It works fantastically (as you probably noticed) the first time you use it
    After that, it doesn't usually show big big improvements.

Now, your log :)

It was pretty badly infected, and the reason for this infection?
>>>>>>>>>> LIMEWIRE

As you are using File Sharing program(s), you will likely get re-infected again
I discussed "Limewire" HERE, basically if you continue using "File Sharing" programs then you'll be back again and again, with Malware infection (depending upon your downloading habits - and I'm certain that yours are not good)

Please uninstall Limewire, to make your system more protected from getting Malware (its not even the best of the worst FileShare programs anyway)
If you decide to continue using this type of program, most Malware removal specialists will not help you.

The safest way to use these types of programs, is on a Liux distro. Or even "Ubuntu Live Boot CD", of which is free to download. Windows is not good with these FileShare programs, and will always be on the borderline of Malware infections


Oh, you forgot to say if all seems well now, and if its running ok now? :)
 
You must log in or register to reply here.
Back
Top