Tech Support Forum banner
Status
Not open for further replies.
1 - 14 of 14 Posts

·
Registered
Joined
·
8 Posts
I think I have some sort of virus/malware. Ran combo fix and it generated the following log. Any assistance would be greatly appreciated. Thanks in advance.

ComboFix 09-11-03.01 - Edward Michaels 11/03/2009 18:20.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.667 [GMT -5:00]
Running from: c:\documents and settings\Edward Michaels\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\patch.exe
c:\windows\run.log

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-11-03 19:03 . 2009-11-03 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-03 19:00 . 2009-11-03 19:00 -------- d-----w- c:\program files\Common Files\iS3
2009-11-03 19:00 . 2009-11-03 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-30 23:49 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-30 16:21 . 2009-10-30 16:21 -------- d-----w- c:\documents and settings\Edward Michaels\Application Data\Malwarebytes
2009-10-30 16:21 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 16:21 . 2009-10-30 17:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-30 16:21 . 2009-10-30 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 16:21 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 17:37 . 2009-10-29 17:37 -------- d-----w- c:\documents and settings\Edward Michaels\dwhelper
2009-10-21 14:15 . 2009-10-21 14:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-21 14:06 . 2009-10-21 14:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-16 03:03 . 2009-10-16 03:04 -------- d-----w- c:\program files\CyberScrub Privacy Suite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 23:18 . 2004-12-23 03:00 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-11-03 23:18 . 2004-12-23 03:00 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-11-03 23:13 . 2008-11-30 18:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-03 19:06 . 2009-11-03 19:05 560 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-11-03 19:05 . 2009-11-03 19:05 656 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-03 15:39 . 2005-06-23 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-10-21 22:04 . 2008-12-01 02:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-21 21:51 . 2009-09-06 23:39 -------- d-----w- c:\documents and settings\Edward Michaels\Application Data\DVD Flick
2009-10-16 03:04 . 2005-06-06 23:01 -------- d-----w- c:\documents and settings\Edward Michaels\Application Data\CyberScrub
2009-09-24 22:43 . 2009-09-24 21:38 -------- d-----w- c:\documents and settings\Edward Michaels\Application Data\Move Networks
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 23:39 . 2009-09-06 23:39 -------- d-----w- c:\program files\DVD Flick
2009-09-06 23:26 . 2007-11-02 17:51 -------- d-----w- c:\program files\DivX
2009-09-06 23:25 . 2009-09-06 23:25 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-06 21:18 . 2004-12-23 02:57 -------- d-----w- c:\program files\Java
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 23:52 . 2009-01-30 00:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-22 23:52 . 2008-11-30 07:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-22 23:52 . 2008-11-30 07:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 23:24 . 2004-08-10 11:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-10 11:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-05-24 15:28 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-10 11:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-10 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-10 11:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-02-03 23:11 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2004-08-10 11:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-02-01 15:50 . 2008-02-01 15:47 24 --sh--w- c:\windows\SC60F1302.tmp
2009-01-10 01:29 . 2008-11-30 22:59 172924960 --sha-w- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Privacy Suite RiskMonitor"="c:\program files\CyberScrub Privacy Suite\Launch.exe" [2008-07-29 45192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-12-07 258118]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2004-03-11 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE [2005-6-22 135680]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 23:52 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [11/30/2008 2:54 AM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/29/2009 7:02 PM 297752]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 Sus2pl;Susteen Universal Cable II;c:\windows\SYSTEM32\DRIVERS\sus2pl.sys [8/18/2006 11:20 PM 43392]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: bitdefender.com
FF - ProfilePath - c:\documents and settings\Edward Michaels\Application Data\Mozilla\Firefox\Profiles\cacqilln.Default User\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Edward Michaels\Application Data\Move Networks\plugins\npqmp071503000010.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-zzzHPSETUP - D:\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 18:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\12133444-BF36-4d4e-B7FB-A3424C645DE4]
@DACL=(02 0000)
@SACL=
"DisplayName"="GemMaster Mystic"
"UninstallString"="\"c:\\Program Files\\GemMaster\\uninstallgemmaster.exe\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver]
@DACL=(02 0000)
"DisplayName"="ATI Display Driver"
"UninstallString"="rundll32 c:\\WINDOWS\\system32\\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean"
"DisplayVersion"="8.051-040825a-017826C-Dell"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\AudioHQ]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{FD851F7E-F887-405D-9E1C-488811113EF3}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{FD851F7E-F887-405D-9E1C-488811113EF3}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\B3EE3001-DC24-4cd1-8743-5692C716659F]
@DACL=(02 0000)
@SACL=
"DisplayName"="Otto"
"UninstallString"="\"c:\\Program Files\\EnglishOtto\\uninstallotto.exe\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource]
@DACL=(02 0000)
"PRODUCT_GUID"="{56F3E1FF-54FE-4384-A153-6CCABA097814}"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{7A900EAB-DA37-4554-AF19-9C337476D05D}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{7A900EAB-DA37-4554-AF19-9C337476D05D}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Detector]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource DVD-Audio Player]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{169F8893-C1C5-4847-972C-EA1E008112AC}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{169F8893-C1C5-4847-972C-EA1E008112AC}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Go!]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Player Skin Pack]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{67AEFC4C-69E4-11D7-85F4-00E018013273}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{67AEFC4C-69E4-11D7-85F4-00E018013273}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MiniDisc Center]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{AC157741-3285-4D6A-B934-9174587A3493}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{AC157741-3285-4D6A-B934-9174587A3493}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Restore Defaults]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Diagnostics_Audigy2]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{9154ED7C-926E-49CC-B677-0CF3C5267457}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{9154ED7C-926E-49CC-B677-0CF3C5267457}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\DTS Console]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\EAX]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\EQUALIZER]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\ESPNMotion]
@DACL=(02 0000)
@SACL=
"DisplayName"="ESPNMotion"
"UninstallString"="c:\\PROGRA~1\\ESPNMO~1\\UNWISE.EXE /u c:\\PROGRA~1\\ESPNMO~1\\INSTALL.LOG"
"DisplayVersion"="2.1.6.0011"
"Publisher"="ESPN Internet Ventures"
"DisplayIcon"="c:\\PROGRA~1\\ESPNMO~1\\espn.ico,-0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}]
@DACL=(02 0000)
"UninstallString"="c:\\Program Files\\Common Files\\InstallShield\\Driver\\8\\Intel 32\\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033 "
"DisplayName"="Broadcom Advanced Control Suite 2"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{2E086814-7392-4E0F-ADB8-54A81E47406C}\\Setup.ilg"
"Comments"="Broadcom Advanced Control Suite 2 (BACS) "
"Contact"="Dell Customer Support"
"DisplayVersion"="7.58.01"
"HelpTelephone"="..."
"InstallDate"="20041222"
"InstallLocation"="c:\\Program Files\\Broadcom\\BACS\\"
"InstallSource"=""
"ProductID"=""
"Publisher"="Broadcom"
"Readme"="c:\\Program Files\\Broadcom\\BACS\\Readme.txt "
"URLInfoAbout"="www.broadcom.com"
"URLUpdateInfo"="http://www.support.dell.com"
"HelpLink"=expand:"http://www.support.dell.com"
"EstimatedSize"=dword:00000000
"Language"=dword:00000000
"Version"=dword:073a0001
"VersionMajor"=dword:00000007
"VersionMinor"=dword:0000003a
"DisplayIcon"=""
"RegOwner"=" "
"RegCompany"=" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB834707]
@DACL=(02 0000)
"DisplayName"="Windows XP Hotfix - KB834707"
"UninstallString"="c:\\WINDOWS\\$NtUninstallKB834707$\\spuninst\\spuninst.exe"
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.microsoft.com?kbid=834707"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="20040929.110854"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB888310]
@DACL=(02 0000)
"DisplayName"="Windows XP Hotfix - KB888310"
"UninstallString"=""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.microsoft.com?kbid=888310"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="20041027.095746"
"NoRemove"=dword:00000001
"NoRemoveInitialValue"=dword:00000001
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\MC05Upd1]
@DACL=(02 0000)
"DisplayName"="Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)"
"UninstallString"=""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"NoRemove"=dword:00000001
"NoRemoveInitialValue"=dword:00000001
"Installed"=dword:00000001
"ParentDisplayName"="Windows XP Media Center Edition 2005"
"ParentKeyName"="Windows XP Media Center Edition 2005"
"DisplayIcon"="c:\\WINDOWS\\ehome\\ehshell.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistantDE]
@DACL=(02 0000)
"DisplayName"="My Way Search Assistant"
"HelpLink"="http://help.myway.com/"
"Publisher"="My Way"
"UninstallString"="rundll32 c:\\PROGRA~1\\MyWaySA\\SrchAsDe\\1.bin\\desrcas.dll,O "
"UrlInfoAbout"="http://info.myway.com/index/id/terms.html"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SFBM]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{7201B853-5833-11D6-A285-00A0CC51B2FE}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{7201B853-5833-11D6-A285-00A0CC51B2FE}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]
@DACL=(02 0000)
@SACL=
"QuietDisplayName"="Shockwave Flash"
"QuietUninstallString"="RunDll32 advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\swflash.inf,DefaultUninstall,5"
"RequiresIESysFile"="4.70.0.1155"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Audigy 2 ZS]
@DACL=(02 0000)
"PRODUCT_GUID"="{9E2514D9-DC24-4634-B348-61F3EF0F1628}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Audigy 2 ZS Windows Drivers]
@DACL=(02 0000)
"UninstallString"="\"c:\\Program Files\\Creative\\SBAudigy2ZS\\Program\\Ctzapxx.EXE\" /W /U /S "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SPEAKER]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SPKR_CALIBRATOR]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SURMIXER]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{A1185190-514F-11D6-A285-00A0CC51B2FE}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{A1185190-514F-11D6-A285-00A0CC51B2FE}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\THX_Console]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{B3549608-69D3-11D7-AB2D-0090271A23A2}\\setup.ilg"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{B3549608-69D3-11D7-AB2D-0090271A23A2}\\setup.exe\" -l0x9 /remove"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\\setup.exe\" "
"DisplayName"="ATI Control Panel"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\\setup.ilg"
"DisplayVersion"="6.14.10.5120"
"DisplayIcon"="c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiprbxx.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{169F8893-C1C5-4847-972C-EA1E008112AC}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{169F8893-C1C5-4847-972C-EA1E008112AC}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{169F8893-C1C5-4847-972C-EA1E008112AC}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{435E969D-867E-4364-8E74-3DC8A69C5BDB}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}]
@DACL=(02 0000)
"ProductName"="Creative MediaSource"
"ProductVersion"="1.0"
"CREATIVE_MEDIASOURCE"="Creative MediaSource"
"Count"="CREATIVE_MEDIASOURCE,CTCMSGO,MEDIA_DETECTOR,MEDIASOURCE_PLAYER_SKINPACK,"
"CTCMSGO"="Creative MediaSource Go!"
"MEDIA_DETECTOR"="Creative MediaSource Detector"
"MEDIASOURCE_PLAYER_SKINPACK"="Creative MediaSource Player Skin Pack"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{56F3E1FF-54FE-4384-A153-6CCABA097814}\\setup.exe\" -l0x9 /remove"
"DisplayName"="Creative MediaSource"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{56F3E1FF-54FE-4384-A153-6CCABA097814}\\setup.ilg"
"DisplayIcon"="c:\\Program Files\\Creative\\MediaSource\\CTCMS.exe"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{67AEFC4C-69E4-11D7-85F4-00E018013273}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{67AEFC4C-69E4-11D7-85F4-00E018013273}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{67AEFC4C-69E4-11D7-85F4-00E018013273}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\\setup.exe\" -uninstall"
"DisplayName"="PowerDVD 5.3"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\\setup.ilg"
"DisplayIcon"="c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe,0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{7201B853-5833-11D6-A285-00A0CC51B2FE}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{7201B853-5833-11D6-A285-00A0CC51B2FE}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{7201B853-5833-11D6-A285-00A0CC51B2FE}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{7A900EAB-DA37-4554-AF19-9C337476D05D}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{7A900EAB-DA37-4554-AF19-9C337476D05D}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{7A900EAB-DA37-4554-AF19-9C337476D05D}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\\setup.exe\" -l0409 -INTELUNINST"
"DisplayName"="Intel Application Accelerator"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\\setup.ilg"
"TargetDir"="c:\\Program Files\\Intel\\Intel Application Accelerator"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9154ED7C-926E-49CC-B677-0CF3C5267457}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{9154ED7C-926E-49CC-B677-0CF3C5267457}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{9154ED7C-926E-49CC-B677-0CF3C5267457}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9E2514D9-DC24-4634-B348-61F3EF0F1628}]
@DACL=(02 0000)
"ProductName"="Sound Blaster Audigy 2 ZS"
"ProductVersion"="5.0"
"DiskID"="SBA2-DLS3D-W1-LB"
"DiskIDLoc"="c:\\DELL\\N7433\\"
"MINIDISC"="Creative MiniDisc Center"
"DIAGNOSTICS_AUDIGY2"="Diagnostics_Audigy2"
"WAVESTUDIO"="Creative WaveStudio"
"SFBANK_MGR"="SFBM"
"SPKR_CALIBRATOR"="SPKR_CALIBRATOR"
"EAX_CONSOLE"="EAX"
"SURROUND_MIXER"="SURMIXER"
"SPEAKER_SETTINGS"="SPEAKER"
"RESTOREDEFAULTS"="Creative Restore Defaults"
"AUDIOHQU"="AudioHQ"
"DVD_AUDIO_PLAYER"="Creative MediaSource DVD-Audio Player"
"THX_CONSOLE"="THX_Console"
"GRAPHIC_EQUALIZER"="EQUALIZER"
"DTSNEO6_SETTINGS"="DTS Console"
"MIDISAMPLE"="MIDI Samples"
"SFBANK"="SoundFont Banks"
"WINDRV"="Sound Blaster Audigy 2 ZS Windows Drivers"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\\setup.exe\" -l0x9 "
"DisplayName"="Sound Blaster Audigy 2 ZS"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\\setup.ilg"
"DisplayIcon"="c:\\Program Files\\Creative\\SBAudigy2ZS\\Audigy.ICO"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{A1185190-514F-11D6-A285-00A0CC51B2FE}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{A1185190-514F-11D6-A285-00A0CC51B2FE}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{A1185190-514F-11D6-A285-00A0CC51B2FE}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{AC157741-3285-4D6A-B934-9174587A3493}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{AC157741-3285-4D6A-B934-9174587A3493}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{AC157741-3285-4D6A-B934-9174587A3493}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{B3549608-69D3-11D7-AB2D-0090271A23A2}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{B3549608-69D3-11D7-AB2D-0090271A23A2}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{B3549608-69D3-11D7-AB2D-0090271A23A2}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\09\\01\\Intel32\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\\setup.exe\" -l0x9 remove"
"DisplayName"="Musicmatch for Windows Media Player"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\\setup.ilg"
"ProductGuid"="{E93E5EF6-D361-481E-849D-F16EF5C78EBC}"
"InstallLocation"="c:\\Program Files\\Musicmatch\\MUSICMATCH Music Services"
"DisplayVersion"="0.00.000"
"Version"=dword:00000000
"MajorVersion"=dword:00000000
"MinorVersion"=dword:00000000
"LogMode"=dword:00000001
"DisplayIcon"="c:\\Program Files\\Musicmatch\\MUSICMATCH Music Services\\MMsmall.ico"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{FD851F7E-F887-405D-9E1C-488811113EF3}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{FD851F7E-F887-405D-9E1C-488811113EF3}\\setup.exe\" -l0x9 "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{FD851F7E-F887-405D-9E1C-488811113EF3}\\setup.ilg"
.
Completion time: 2009-11-03 18:32
ComboFix-quarantined-files.txt 2009-11-03 23:31

Pre-Run: 199,183,474,688 bytes free
Post-Run: 199,239,122,944 bytes free
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello em423456,

Who advised you to run ComboFix? Are you being helped at another forum?
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #3 ·
I am not being helped at another forum. I ran avg, spybot, malwarebites, trendmicro housecall, (and tried to run bitdefender online scan but couldn't get the activex control to download) because i was getting browser redirects and none of those programs came up with anything and the problem still existed. So a did some research about redirects and various sites recommended running combofix in an effort to diagnose the problem. However, it was also recommended to have the log reviewed after running it and this site was one of the recommended sites to submit it to.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
I hope one of those sites wasn't one that told you to purchase StopZilla. If you did, get your money back.

For future reference, I can understand doing research and trying to fix things yourself, but when you see tools being recommended, once you download the tool, take the time to read its Disclaimer. This tool specifically states that it should only be run in a supervised environment, and there are good reasons for that. In particular, see Post #2 of our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help :)

To continue, something messed up the permissions to the uninstall keys of most all of your programs, and you're missing a critical file. Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


It's IMPORTANT to carry out the instructions in the sequence listed below.


***************************************************

Open notepad and copy/paste the text in the code box below into it:


MIA::
c:\windows\system32\eventlog.dll

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\12133444-BF36-4d4e-B7FB-A3424C645DE4]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\AudioHQ]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\B3EE3001-DC24-4cd1-8743-5692C716659F]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Detector]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource DVD-Audio Player]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Go!]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Player Skin Pack]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MiniDisc Center]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Restore Defaults]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Diagnostics_Audigy2]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\DTS Console]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\EAX]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\EQUALIZER]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\ESPNMotion]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB834707]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB888310]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\MC05Upd1]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistantDE]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SFBM]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Audigy 2 ZS]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Audigy 2 ZS Windows Drivers]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SPEAKER]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SPKR_CALIBRATOR]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SURMIXER]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\THX_Console]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{169F8893-C1C5-4847-972C-EA1E008112AC}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{435E969D-867E-4364-8E74-3DC8A69C5BDB}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{67AEFC4C-69E4-11D7-85F4-00E018013273}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{7201B853-5833-11D6-A285-00A0CC51B2FE}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{7A900EAB-DA37-4554-AF19-9C337476D05D}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9154ED7C-926E-49CC-B677-0CF3C5267457}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9E2514D9-DC24-4634-B348-61F3EF0F1628}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{A1185190-514F-11D6-A285-00A0CC51B2FE}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{AC157741-3285-4D6A-B934-9174587A3493}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{B3549608-69D3-11D7-AB2D-0090271A23A2}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{FD851F7E-F887-405D-9E1C-488811113EF3}]

Comment::
End copy here

Reboot::


Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Be especially sure to turn off TeaTimer or you'll be hit with about 60 alerts with all the registry changes we are about to make.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, please copy/paste the contents of the C:\ComboFix.txt directly into the reply box.

How is the system behaving? What symptoms remain?
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #5 ·
I believe I followed your instructions properly. Thank you for your assistance. Other than the computer switching my default browser from firefox to internet explorer things seem better, no redirects so far. Here is the log combofix generated:

ComboFix 09-11-06.03 - Edward Michaels 11/07/2009 13:05.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.552 [GMT -5:00]
Running from: c:\documents and settings\Edward Michaels\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Edward Michaels\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\eventlog.dll was missing
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 18:11 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-11-07 18:11 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-06 13:48 . 2009-10-21 13:39 2064152 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcorex.dll
2009-11-04 20:22 . 2009-11-04 20:24 -------- d-----w- c:\program files\Softwin
2009-11-04 19:54 . 2009-11-04 19:56 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-11-04 19:54 . 2009-11-04 19:54 -------- d-----w- c:\documents and settings\Edward Michaels\Application Data\TweakNow RegCleaner
2009-11-03 19:03 . 2009-11-03 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-03 19:00 . 2009-11-03 19:00 -------- d-----w- c:\program files\Common Files\iS3
2009-11-03 19:00 . 2009-11-03 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-30 23:49 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-30 16:21 . 2009-10-30 16:21 -------- d-----w- c:\documents and settings\Edward Michaels\Application Data\Malwarebytes
2009-10-30 16:21 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 16:21 . 2009-10-30 17:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-30 16:21 . 2009-10-30 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 16:21 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 17:37 . 2009-10-29 17:37 -------- d-----w- c:\documents and settings\Edward Michaels\dwhelper
2009-10-21 14:15 . 2009-10-21 14:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-21 14:06 . 2009-10-21 14:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-17 16:01 . 2009-10-17 16:00 2025752 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgtray.exe
2009-10-16 03:03 . 2009-10-16 03:04 -------- d-----w- c:\program files\CyberScrub Privacy Suite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 18:20 . 2008-11-30 18:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-07 18:12 . 2004-12-23 03:00 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-11-07 18:12 . 2004-12-23 03:00 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-11-04 19:54 . 2006-03-06 22:16 31184 ----a-w- c:\documents and settings\Edward Michaels\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 19:52 . 2006-08-13 02:14 -------- d-----w- c:\program files\TweakNow RegCleaner Std
2009-11-04 17:58 . 2007-03-11 02:35 -------- d-----w- c:\program files\MSECache
2009-11-03 19:06 . 2009-11-03 19:05 560 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-11-03 19:05 . 2009-11-03 19:05 656 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-03 15:39 . 2005-06-23 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-10-21 22:04 . 2008-12-01 02:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-21 21:51 . 2009-09-06 23:39 -------- d-----w- c:\documents and settings\Edward Michaels\Application Data\DVD Flick
2009-10-16 03:04 . 2005-06-06 23:01 -------- d-----w- c:\documents and settings\Edward Michaels\Application Data\CyberScrub
2009-09-24 22:43 . 2009-09-24 21:38 -------- d-----w- c:\documents and settings\Edward Michaels\Application Data\Move Networks
2009-09-24 21:38 . 2009-09-24 21:38 127872 ----a-w- c:\documents and settings\Edward Michaels\Application Data\Move Networks\uninstall.exe
2009-09-24 21:38 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Edward Michaels\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 21:18 . 2009-09-06 21:18 152576 ----a-w- c:\documents and settings\Edward Michaels\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 11:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 23:52 . 2009-01-30 00:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-22 23:52 . 2008-11-30 07:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-22 23:52 . 2008-11-30 07:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-02-01 15:50 . 2008-02-01 15:47 24 --sh--w- c:\windows\SC60F1302.tmp
2009-01-10 01:29 . 2008-11-30 22:59 172924960 --sha-w- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583]
"Privacy Suite RiskMonitor"="c:\program files\CyberScrub Privacy Suite\Launch.exe" [2008-07-29 45192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-12-07 258118]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-05 2028312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"combofix"="c:\combofix\CF3240.exe" [2009-11-07 389120]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2004-03-11 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE [2005-6-22 135680]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 23:52 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [11/30/2008 2:54 AM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/29/2009 7:02 PM 297752]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 Sus2pl;Susteen Universal Cable II;c:\windows\SYSTEM32\DRIVERS\sus2pl.sys [8/18/2006 11:20 PM 43392]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: bitdefender.com
FF - ProfilePath - c:\documents and settings\Edward Michaels\Application Data\Mozilla\Firefox\Profiles\cacqilln.Default User\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Edward Michaels\Application Data\Move Networks\plugins\npqmp071503000010.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 13:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(280)
c:\windows\system32\WININET.dll
c:\program files\EPSON\Ink Monitor\inkpeek.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
.
**************************************************************************
.
Completion time: 2009-11-07 13:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 18:25
ComboFix2.txt 2009-11-03 23:32

Pre-Run: 194,217,046,016 bytes free
Post-Run: 194,648,555,520 bytes free

- - End Of File - - D253F0E7C2C694F4B547EDC392BE5FCC
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
You're welcome, em423456.

Glad to hear the system is behaving as expected now. Still, given the severity of the infections this system sustained, it's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #7 ·
Ran kaspersky and this is the report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 9, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 08, 2009 15:36:11
Records in database: 3177034
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 68931
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:04:57

No threats found. Scanned area is clean.

Selected area has been scanned.


However I am now having trouble connecting to techsupportforum.com using internet explorer. Not other sites just yours. I was able to send this using firefox. Any ideas?
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
You're welcome, em423456. :)

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and IE.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • SpywareBlaster is a preventative program. It sets flags in the registry to prevent the running of a specific list of bad spyware related ActiveX controls. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.


- Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

- Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.




- Most importantly, Think Prevention

-----------------------------------------------------


**Kindly respond one more time and let me know if we may consider this thread resolved.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #10 ·
I Will follow your final instructions and research how to be proactive in virus/malware and spyware prevention in an attempt to avoid this situation in the future. Thank you once again
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #11 ·
Since my last post I have developed a new problem. Having difficulty updating my microsoft office xp. Do you think it is related to my previous problem? Also tried to update acrobat reader and keep getting error 1606 message.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
What happens when you try to update Microsoft Office?
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #13 ·
Well, I must have done something incorrectly the first time i tried to upadate office xp because now microsoft says it is up to date and no further updates are available at this time. I am still unable to install acrobat reader.

As far as system performance overall I have not experienced further problems.
 
1 - 14 of 14 Posts
Status
Not open for further replies.
Top