Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.vundo.b Removal


  • This topic is locked This topic is locked
31 replies to this topic

#1 jiminphilly

jiminphilly

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 14 May 2008 - 10:35 PM

Hi, my name is Jim and via a google search for Vundo I came across this site. My antivirus (symantec) is giving me constant notification of an infection with Vundo.B .. I have been working with a friend on attempting to remove this but from what I have read, this is a very tricky spyware/trojan to remove. We've created a bat file to clean the random files that keep getting created but we can't seem to get rid of the source file..

My antivirus is indicating the file in question is

C:\WINDOWS\sytstem32\ssttr.dll is associated with the Vundo virus. It will not clean, quarantine or access it.

I've tried the Vundo fix program and the symantec fix program- both indicate my computer is clean. I obviously know to the contrary.

Any assistance would be appreciated.

My hijack this scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:37 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [08864977] rundll32.exe "C:\WINDOWS\system32\spmcchqm.dll",b
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5316] command /c del "C:\WINDOWS\system32\cvdxsvwj.dll_old"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159401686875
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159401680171
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATI Multimedia\RemCtrl\x10nets.exe (file missing)

--
End of file - 13165 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:40 AM

Posted 15 May 2008 - 11:00 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please go to this page and scroll down to step 6.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Follow the directions there to run DSS and then post those logs back here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 jiminphilly

jiminphilly
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 15 May 2008 - 01:20 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please go to this page and scroll down to step 6.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Follow the directions there to run DSS and then post those logs back here in your next reply.



Thank you for the quick reply! I am at work but will post this tonight. I am amazed at the wealth of information on this site. Thanks again.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:40 AM

Posted 16 May 2008 - 01:58 AM

Just post back when you can. I'll be around. :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 jiminphilly

jiminphilly
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 18 May 2008 - 11:20 AM

Just post back when you can. I'll be around. :thumbsup:


Here is the scan and thanks again.
Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-05-18 12:11:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
121: 2008-05-18 16:12:12 UTC - RP729 - Deckard's System Scanner Restore Point
120: 2008-05-09 10:55:53 UTC - RP728 - Software Distribution Service 3.0
119: 2008-05-05 20:37:38 UTC - RP727 - Software Distribution Service 3.0
118: 2008-04-30 01:06:10 UTC - RP726 - Software Distribution Service 3.0
117: 2008-04-28 01:00:41 UTC - RP725 - System Checkpoint


-- First Restore Point --
1: 2008-04-20 18:29:16 UTC - RP609 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:45 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {30779976-CCE1-4791-BD61-2D3B741867EC} - (no file)
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7CE1C020-21B9-42A1-B7C2-638D9777FC00} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA592D0D-398B-4F5C-8D77-E4DEE4C10DBE} - (no file)
O2 - BHO: (no name) - {AAE003BC-82F2-44D4-9E97-3F8774E524B2} - (no file)
O2 - BHO: (no name) - {BA16B49B-9608-4B58-8559-298B9C20114C} - C:\WINDOWS\system32\ssttr.dll
O2 - BHO: (no name) - {c1c19391-02e1-43c0-9a81-0fb7fc343408} - (no file)
O2 - BHO: {4090b74d-cd27-2d38-9dc4-b563d26a600e} - {e006a62d-365b-4cd9-83d2-72dcd47b0904} - C:\WINDOWS\system32\frmvcdcm.dll
O2 - BHO: (no name) - {E92C0BA9-5D2E-4C98-ADA2-449F8C4D0FCF} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [08864977] rundll32.exe "C:\WINDOWS\system32\spmcchqm.dll",b
O4 - HKLM\..\Run: [BM0bb57aeb] Rundll32.exe "C:\WINDOWS\system32\wrfyypxm.dll",s
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5316] command /c del "C:\WINDOWS\system32\cvdxsvwj.dll_old"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159401686875
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159401680171
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATI Multimedia\RemCtrl\x10nets.exe (file missing)

--
End of file - 15034 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\Trend Micro\HijackThis\backups\) ------

backup-20080427-232010-337 O4 - HKCU\..\RunOnce: [SpybotDeletingB5316] command /c del "C:\WINDOWS\system32\cvdxsvwj.dll_old"
backup-20080427-232010-557 O4 - HKLM\..\Run: [08864977] rundll32.exe "C:\WINDOWS\system32\xqavjcjt.dll",b
backup-20080427-232010-640 O4 - HKLM\..\Run: [BM0bb57aeb] Rundll32.exe "C:\WINDOWS\system32\rubptdhd.dll",s
backup-20080427-232010-732 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
backup-20080427-234122-256 O4 - HKCU\..\RunOnce: [SpybotDeletingB5316] command /c del "C:\WINDOWS\system32\cvdxsvwj.dll_old"
backup-20080427-234122-476 O4 - HKLM\..\Run: [08864977] rundll32.exe "C:\WINDOWS\system32\ufrhwmyo.dll",b
backup-20080427-234122-559 O4 - HKLM\..\Run: [BM0bb57aeb] Rundll32.exe "C:\WINDOWS\system32\vfrhcdju.dll",s
backup-20080427-235535-557 O4 - HKLM\..\Run: [BM0bb57aeb] Rundll32.exe "C:\WINDOWS\system32\vfrhcdju.dll",s
backup-20080427-235536-388 O4 - HKCU\..\RunOnce: [SpybotDeletingB5316] command /c del "C:\WINDOWS\system32\cvdxsvwj.dll_old"
backup-20080514-201806-101 O4 - HKLM\..\Run: [08864977] rundll32.exe "C:\WINDOWS\system32\brebmarf.dll",b
backup-20080514-201806-986 O4 - HKLM\..\Run: [BM0bb57aeb] Rundll32.exe "C:\WINDOWS\system32\gammuoqb.dll",s
backup-20080514-221420-367 O4 - HKLM\..\Run: [BM0bb57aeb] Rundll32.exe "C:\WINDOWS\system32\gammuoqb.dll",s
backup-20080514-222530-275 O2 - BHO: {286645cd-487c-3699-6ad4-4234305321ab} - {ba123503-4324-4da6-9963-c784dc546682} - C:\WINDOWS\system32\ilarqfnp.dll
backup-20080514-222530-346 O2 - BHO: (no name) - {c1c19391-02e1-43c0-9a81-0fb7fc343408} - (no file)
backup-20080514-222530-403 O2 - BHO: (no name) - {30779976-CCE1-4791-BD61-2D3B741867EC} - (no file)
backup-20080514-222530-500 O2 - BHO: (no name) - {F1480995-CDF0-4949-8465-E0AB144061FB} - C:\WINDOWS\system32\ssttr.dll
backup-20080514-222530-569 O2 - BHO: (no name) - {7CE1C020-21B9-42A1-B7C2-638D9777FC00} - (no file)
backup-20080514-222530-763 O2 - BHO: (no name) - {E92C0BA9-5D2E-4C98-ADA2-449F8C4D0FCF} - (no file)
backup-20080514-222530-779 O2 - BHO: (no name) - {AAE003BC-82F2-44D4-9E97-3F8774E524B2} - (no file)
backup-20080514-222530-789 O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - (no file)
backup-20080514-222530-964 O2 - BHO: (no name) - {AA592D0D-398B-4F5C-8D77-E4DEE4C10DBE} - (no file)
backup-20080514-230354-136 O4 - HKCU\..\RunOnce: [SpybotDeletingB5316] command /c del "C:\WINDOWS\system32\cvdxsvwj.dll_old"

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - unable to read value
.vbs - VBSFile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ELhid (EL hid Service) - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELkbd (EL KB Service) - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmon (EL Monitor Service) - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmou (EL Mouse Service) - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager (32-bit)>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 WmBEnum (Logitech Virtual Bus Enumerator Driver) - c:\windows\system32\drivers\wmbenum.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
R3 WmXlCore (Logitech WingMan Translation Layer Driver) - c:\windows\system32\drivers\wmxlcore.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>

S0 ntcdrdrv - c:\windows\system32\drivers\ntcdrdrv.sys (file missing)
S3 DrmRDriverV32 - c:\windows\system32\drivers\drmrdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
S3 DrmRVideo32 - c:\windows\system32\drivers\drmrvideo32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 MovRVDrv32 - c:\windows\system32\drivers\movrvdrv32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SndTDriverV32 - c:\windows\system32\drivers\sndtdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ELService (Intel® Quick Resume technology) - c:\program files\intel\inteldh\intel® quick resume technology drivers\elservice.exe <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S3 x10nets (X10 Device Network Service) - c:\progra~1\ati multimedia\remctrl\x10nets.exe (file missing)
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Realtek High Definition Audio
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A3B&REV_1000\4&141C4A87&0&0201
Manufacturer: Realtek
Name: Realtek High Definition Audio
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A3B&REV_1000\4&141C4A87&0&0201
Service: IntcAzAudAddService

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ROOT\NTCDRDRV\0000
Manufacturer: Unknown Manufacturer
Name: SCSI/RAID Host Controller
PNP Device ID: ROOT\NTCDRDRV\0000
Service: ntcdrdrv


-- Scheduled Tasks -------------------------------------------------------------

2008-05-18 12:11:38 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-03-10 13:36:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-12-19 02:42:06 360 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 12:06:43 101952 --a------ C:\WINDOWS\system32\frmvcdcm.dll
2008-05-18 12:06:41 92736 --a------ C:\WINDOWS\system32\xqwqabna.dll
2008-05-18 12:03:41 2112 --a------ C:\WINDOWS\system32\ynemjncg.exe
2008-05-18 11:53:18 3648 --a------ C:\WINDOWS\system32\xrgruxvv.dll
2008-05-18 11:53:11 98880 --a------ C:\WINDOWS\system32\wrfyypxm.dll
2008-05-16 06:51:26 90688 --a------ C:\WINDOWS\system32\gjjpgqnv.dll
2008-05-16 06:45:30 2112 --a------ C:\WINDOWS\system32\baeeulgo.exe
2008-05-16 06:45:26 102464 --a------ C:\WINDOWS\system32\bvivfgop.dll
2008-05-16 06:43:28 96832 --a------ C:\WINDOWS\system32\oaifcbqt.dll
2008-05-16 06:43:27 0 --a------ C:\WINDOWS\system32\iwatxvef.dll
2008-05-14 18:08:54 92224 --a------ C:\WINDOWS\system32\brebmarf.dll
2008-05-14 18:05:54 2112 --a------ C:\WINDOWS\system32\cwaedovi.exe
2008-05-14 17:59:54 96832 --a------ C:\WINDOWS\system32\gammuoqb.dll
2008-05-14 17:57:48 0 --a------ C:\WINDOWS\system32\igswlnic.dll
2008-05-11 19:12:35 101952 --a------ C:\WINDOWS\system32\switnkqf.dll
2008-05-11 19:12:31 91712 --a------ C:\WINDOWS\system32\apurilye.dll
2008-05-11 19:12:26 2112 --a------ C:\WINDOWS\system32\pegixhbw.exe
2008-05-10 08:40:04 2112 --a------ C:\WINDOWS\system32\ysyfaemy.exe
2008-05-10 08:38:15 102464 --a------ C:\WINDOWS\system32\nwvbucnb.dll
2008-05-10 08:38:07 100416 --a------ C:\WINDOWS\system32\lrijcoff.dll
2008-05-09 23:40:55 0 d-------- C:\Program Files\RogueRemover FREE
2008-04-29 18:57:08 0 d-------- C:\VundoFix Backups
2008-04-29 07:53:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 07:53:15 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-29 06:57:45 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Template
2008-04-28 21:31:27 0 --a------ C:\WINDOWS\system32\rkykntbm.dll
2008-04-28 21:31:24 0 --a------ C:\WINDOWS\system32\wpcogdos.dll
2008-04-27 21:14:57 0 --a------ C:\WINDOWS\system32\jnsehwyx.dll
2008-04-26 17:28:46 0 --a------ C:\WINDOWS\system32\migtmrou.dll
2008-04-26 17:25:46 0 --a------ C:\WINDOWS\system32\xyyuimvt.dll
2008-04-26 12:27:10 0 d-------- C:\Program Files\Trend Micro
2008-04-25 17:35:52 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-23 01:06:38 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-23 01:05:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-23 00:28:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 00:28:53 408908 --ahs---- C:\WINDOWS\system32\qtutv.ini2
2008-04-23 00:23:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-23 00:20:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-23 00:20:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-23 00:17:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-23 00:17:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-22 07:10:15 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2008-04-20 14:29:05 1350947 --ahs---- C:\WINDOWS\system32\rttss.ini2
2008-04-20 14:29:03 274432 --a------ C:\WINDOWS\system32\ssttr.dll
2008-04-20 14:26:47 0 --a------ C:\WINDOWS\system32\ljjjkih.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-10 08:48:20 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-09 22:48:59 136 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2008-04-25 17:35:53 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-25 17:35:46 0 d-------- C:\Program Files\Yahoo!
2008-04-23 01:06:47 0 d-------- C:\Program Files\Lavasoft
2008-04-23 01:06:44 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2008-04-23 01:06:38 0 d-------- C:\Program Files\Common Files
2008-04-23 01:05:30 0 d-------- C:\Program Files\Common Files\Real
2008-04-22 23:29:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-19 21:21:13 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-04-08 07:23:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\RipIt4Me
2008-04-06 18:56:18 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Logitech
2008-04-06 18:56:12 0 d-------- C:\Program Files\Common Files\LogiShared
2008-04-06 18:55:52 0 d-------- C:\Program Files\Logitech
2008-04-06 18:53:24 0 d-------- C:\Program Files\Common Files\Logitech
2008-03-26 21:26:35 0 d-------- C:\Program Files\America's Army
2008-03-26 03:01:31 0 d-------- C:\Program Files\Windows Live
2008-03-24 19:20:16 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-24 19:19:30 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-24 00:52:05 0 d-------- C:\Program Files\Cucusoft
2008-03-21 00:29:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\FaxCtr
2008-03-20 22:19:57 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lexmark Productivity Studio
2008-03-20 22:09:58 0 d-------- C:\Program Files\Lexmark Toolbar
2008-03-20 21:04:18 0 d-------- C:\Program Files\Lexmark 3500-4500 Series
2008-03-20 21:04:04 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-03-20 21:03:17 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-03-17 00:36:33 8 --a------ C:\WINDOWS\system32\nvModes.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30779976-CCE1-4791-BD61-2D3B741867EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CE1C020-21B9-42A1-B7C2-638D9777FC00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA592D0D-398B-4F5C-8D77-E4DEE4C10DBE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAE003BC-82F2-44D4-9E97-3F8774E524B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA16B49B-9608-4B58-8559-298B9C20114C}]
04/20/2008 02:29 PM 274432 --a------ C:\WINDOWS\system32\ssttr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c1c19391-02e1-43c0-9a81-0fb7fc343408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e006a62d-365b-4cd9-83d2-72dcd47b0904}]
05/18/2008 12:06 PM 101952 --a------ C:\WINDOWS\system32\frmvcdcm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E92C0BA9-5D2E-4C98-ADA2-449F8C4D0FCF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 05:01 PM]
"ftutil2"="ftutil2.dll" [06/07/2004 10:05 AM C:\WINDOWS\system32\ftutil2.dll]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/23/2006 09:13 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/23/2006 09:17 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [02/21/2006 12:59 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/22/2005 06:14 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [05/21/2003 01:21 AM]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [05/23/2005 01:20 PM]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [07/28/2006 10:56 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 07:50 PM]
"Motive SmartBridge"="C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe" [06/23/2006 12:33 PM]
"P17Helper"="SPIRun.dll" [07/03/2006 01:43 PM C:\WINDOWS\system32\SPIRun.dll]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [05/11/2007 03:20 PM]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [07/27/2004 07:50 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/23/2008 01:03 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 09:16 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [05/07/2007 02:07 PM]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [03/05/2007 08:40 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [05/07/2007 02:10 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"08864977"="C:\WINDOWS\system32\spmcchqm.dll" []
"BM0bb57aeb"="C:\WINDOWS\system32\wrfyypxm.dll" [05/18/2008 11:53 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 08:25 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB5316"=command /c del "C:\WINDOWS\system32\cvdxsvwj.dll_old"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [4/6/2004 3:49:02 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [4/6/2008 6:56:04 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/6/2008 6:53:09 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
"C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
"c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EA Link\Core.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]
C:\Program Files\Kuma Games\hcsystray\Kuma_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaManager]
C:\Program Files\Verizon\Media Manager\MediaManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
C:\Program Files\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Creative Service for CDROM Access"=2 (0x2)
"McrdSvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-05-18 12:14:25 ------------

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:40 AM

Posted 19 May 2008 - 06:27 AM

You are badly infected, so this will take a few steps. But we'll get you fixed up. :thumbsup:


You must disable Spybot's Teatimer function before proceeding with this fix. Otherwise it will intefere with hijackthis.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


=====================


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {30779976-CCE1-4791-BD61-2D3B741867EC} - (no file)
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - (no file)
O2 - BHO: (no name) - {7CE1C020-21B9-42A1-B7C2-638D9777FC00} - (no file)
O2 - BHO: (no name) - {AA592D0D-398B-4F5C-8D77-E4DEE4C10DBE} - (no file)
O2 - BHO: (no name) - {AAE003BC-82F2-44D4-9E97-3F8774E524B2} - (no file)
O2 - BHO: (no name) - {BA16B49B-9608-4B58-8559-298B9C20114C} - C:\WINDOWS\system32\ssttr.dll
O2 - BHO: (no name) - {c1c19391-02e1-43c0-9a81-0fb7fc343408} - (no file)
O2 - BHO: {4090b74d-cd27-2d38-9dc4-b563d26a600e} - {e006a62d-365b-4cd9-83d2-72dcd47b0904} - C:\WINDOWS\system32\frmvcdcm.dll
O2 - BHO: (no name) - {E92C0BA9-5D2E-4C98-ADA2-449F8C4D0FCF} - (no file)
O4 - HKLM\..\Run: [08864977] rundll32.exe "C:\WINDOWS\system32\spmcchqm.dll",b
O4 - HKLM\..\Run: [BM0bb57aeb] Rundll32.exe "C:\WINDOWS\system32\wrfyypxm.dll",s
O15 - Trusted Zone: http://*.trymedia.com (HKLM)



Reboot your computer.


======================


Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 jiminphilly

jiminphilly
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 19 May 2008 - 10:57 PM

ComboFix 08-05-19.4 - HP_Administrator 2008-05-19 23:40:06.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2626 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\anbaqwqx.ini
C:\WINDOWS\system32\apurilye.dll
C:\WINDOWS\system32\baeeulgo.exe
C:\WINDOWS\system32\brebmarf.dll
C:\WINDOWS\system32\bvivfgop.dll
C:\WINDOWS\system32\cupcupnc.ini
C:\WINDOWS\system32\cwaedovi.exe
C:\WINDOWS\system32\doxuordi.ini
C:\WINDOWS\system32\eylirupa.ini
C:\WINDOWS\system32\fhawyxol.dll
C:\WINDOWS\system32\framberb.ini
C:\WINDOWS\system32\frmvcdcm.dll
C:\WINDOWS\system32\fsfhfsyv.ini
C:\WINDOWS\system32\gammuoqb.dll
C:\WINDOWS\system32\gjjpgqnv.dll
C:\WINDOWS\system32\idrouxod.dll
C:\WINDOWS\system32\ilarqfnp.dll
C:\WINDOWS\system32\lrijcoff.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mqhccmps.ini
C:\WINDOWS\system32\nwvbucnb.dll
C:\WINDOWS\system32\oaifcbqt.dll
C:\WINDOWS\system32\oymwhrfu.ini
C:\WINDOWS\system32\pcnepncr.ini
C:\WINDOWS\system32\pegixhbw.exe
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\rggybobp.ini
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\sodgocpw.ini
C:\WINDOWS\system32\spuctxcr.dll
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\switnkqf.dll
C:\WINDOWS\system32\tjcjvaqx.ini
C:\WINDOWS\system32\unstggtg.ini
C:\WINDOWS\system32\vnqgpjjg.ini
C:\WINDOWS\system32\wilecsda.ini
C:\WINDOWS\system32\wrfyypxm.dll
C:\WINDOWS\system32\xqwqabna.dll
C:\WINDOWS\system32\xrgruxvv.dll
C:\WINDOWS\system32\ynemjncg.exe
C:\WINDOWS\system32\ysyfaemy.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-19 19:27 . 2008-05-19 19:27 2,624 --a------ C:\WINDOWS\system32\kmslnrha.exe
2008-05-18 12:07 . 2008-05-18 12:07 <DIR> d-------- C:\Deckard
2008-05-16 06:43 . 2008-05-17 17:26 0 --a------ C:\WINDOWS\system32\iwatxvef.dll
2008-05-14 17:57 . 2008-05-17 17:26 0 --a------ C:\WINDOWS\system32\igswlnic.dll
2008-05-10 22:30 . 2008-04-07 21:20 4,681,603,072 --a------ C:\BEE_MOVIE.ISO
2008-05-10 22:30 . 2008-03-29 13:39 4,681,527,296 --a------ C:\NOC0NNW1.ISO
2008-05-10 14:14 . 2008-05-10 14:30 4,681,852,928 --a------ C:\CHARLIE_WILSONS_WAR.ISO
2008-05-10 10:44 . 2008-05-10 11:00 4,681,469,952 --a------ C:\LIONS_FOR_LAMBS_WS.ISO
2008-05-10 09:03 . 2008-05-10 09:18 4,681,439,232 --a------ C:\THERE_WILL_BE_BLOOD_DOM_D1.ISO
2008-05-09 23:40 . 2008-05-09 23:41 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-04-29 18:57 . 2008-04-29 22:11 <DIR> d-------- C:\VundoFix Backups
2008-04-29 07:53 . 2008-04-29 07:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-29 07:53 . 2008-04-29 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 06:57 . 2008-04-29 06:57 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Template
2008-04-28 21:31 . 2008-05-09 07:16 0 --a------ C:\WINDOWS\system32\wpcogdos.dll
2008-04-28 21:31 . 2008-05-09 07:15 0 --a------ C:\WINDOWS\system32\rkykntbm.dll
2008-04-27 21:14 . 2008-05-09 07:14 0 --a------ C:\WINDOWS\system32\jnsehwyx.dll
2008-04-26 17:28 . 2008-05-09 07:14 0 --a------ C:\WINDOWS\system32\migtmrou.dll
2008-04-26 17:25 . 2008-05-09 07:16 0 --a------ C:\WINDOWS\system32\xyyuimvt.dll
2008-04-26 12:27 . 2008-04-26 12:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 17:35 . 2008-04-25 17:37 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-23 01:06 . 2008-04-23 01:06 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-23 01:05 . 2008-04-23 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-23 00:28 . 2008-04-23 00:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 00:28 . 2008-04-23 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 00:23 . 2008-04-23 00:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-23 00:17 . 2008-04-23 00:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-21 07:49 . 2008-05-19 19:30 109,757 --a------ C:\WINDOWS\BM0bb57aeb.xml
2008-04-20 14:26 . 2008-05-09 07:14 0 --a------ C:\WINDOWS\system32\ljjjkih.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 04:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-10 02:48 136 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2008-04-25 21:35 --------- d-----w C:\Program Files\Yahoo!
2008-04-25 21:35 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-23 05:06 --------- d-----w C:\Program Files\Lavasoft
2008-04-23 05:06 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2008-04-23 05:05 --------- d-----w C:\Program Files\Common Files\Real
2008-04-23 04:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 03:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-08 11:23 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\RipIt4Me
2008-04-06 22:56 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-04-06 22:56 --------- d-----w C:\Program Files\Common Files\LogiShared
2008-04-06 22:56 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Logitech
2008-04-06 22:55 --------- d-----w C:\Program Files\Logitech
2008-04-06 22:53 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-06 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-05 17:39 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-04-05 17:39 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-05 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-27 01:26 --------- d-----w C:\Program Files\America's Army
2008-03-26 07:01 --------- d-----w C:\Program Files\Windows Live
2008-03-24 23:20 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-24 23:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-24 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-24 04:52 --------- d-----w C:\Program Files\Cucusoft
2008-03-21 04:29 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\FaxCtr
2008-03-21 02:19 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lexmark Productivity Studio
2008-03-21 02:09 --------- d-----w C:\Program Files\Lexmark Toolbar
2008-03-21 01:04 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-03-21 01:04 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series
2008-03-21 01:03 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-03-21 01:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-02-26 11:26 472,576 ----a-w C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2008-01-14 01:55 1,491,592 ----a-w C:\Program Files\install_flash_player.exe
2008-01-11 23:13 2,724,328 ----a-w C:\Program Files\ccsetup203.exe
2008-01-10 01:37 2,501,344 ----a-w C:\Program Files\ReGetDx_327.exe
2008-01-04 06:49 1,621,713 ----a-w C:\Program Files\mp3tagv239setup.exe
2007-12-30 06:37 43,265,912 ----a-w C:\Program Files\5.05.54.00_ntune_winxp_international.exe
2007-12-30 06:30 45,943,224 ----a-w C:\Program Files\169.21_forceware_winxp_32bit_english_whql.exe
2007-12-07 04:34 5,611,896 ----a-w C:\Program Files\camfrog.exe
2007-12-06 18:17 1,265,184 ----a-w C:\Program Files\mediamanager.exe
2007-12-06 00:37 13,413,048 ----a-w C:\Program Files\Google_Earth_BZXD.exe
2007-12-05 23:47 13,413,048 ----a-w C:\Program Files\Google_Earth_BZXV.exe
2007-11-27 00:33 151,104 ----a-w C:\Program Files\cc_20071126_1933.reg
2007-11-22 07:35 2,725,528 ----a-w C:\Program Files\ccsetup202.exe
2007-11-17 00:00 35,344,304 ----a-w C:\Program Files\zunesetuppkg-x86.exe
2007-11-16 00:49 47,908,688 ----a-w C:\Program Files\Build_a_lot-setup.exe
2007-11-15 12:44 9,916,528 ----a-w C:\Program Files\VerizonPCCheckup.exe
2007-11-07 07:31 128,336 ----a-w C:\Program Files\Download_SoundTaxiDownload.exe
2007-11-07 06:22 4,217,146 ----a-w C:\Program Files\Last.fm-1.3.2.13b.exe
2007-11-02 11:15 9,560,576 ----a-w C:\Program Files\DVD-WMV-x86-0019.msi
2007-10-20 05:40 263,680 ----a-w C:\Program Files\fu4wm13fix.exe
2007-10-16 04:31 51,422,520 ----a-w C:\Program Files\iTunes743Setup.exe
2007-10-16 03:24 2,045,151 ----a-w C:\Program Files\noteburner.exe
2007-10-08 19:24 2,628,296 ----a-w C:\Program Files\ccsetup201.exe
2007-09-15 06:05 2,614,072 ----a-w C:\Program Files\ccsetup200.exe
2007-09-11 05:46 2,105,153 ----a-w C:\Program Files\gamedaysetup.exe
2007-09-07 02:02 71,275,856 ----a-w C:\Program Files\SpeechSDK51.exe
2007-09-07 01:45 2,248,200 ----a-w C:\Program Files\SopCast.zip
2007-09-06 23:17 922,128,169 ----a-w C:\Program Files\AA281to282Patch_BitTorrent.exe
2007-08-28 05:42 21,094,336 ----a-w C:\Program Files\wg111v3_1_0_0_setup.exe
2007-08-18 17:12 15,505,200 ----a-w C:\Program Files\IE7-WindowsXP-x86-enu.exe
2007-08-18 01:09 4,710,824 ----a-w C:\Program Files\ForwardObserver_1_2_7_FULL.zip
2007-08-18 01:08 283,650,765 ----a-w C:\Program Files\LG Monitor Drivers_LCD.zip
2007-08-18 01:08 104 ----a-w C:\Program Files\Shortcut to Palm Quick Install.lnk
2007-07-29 22:13 147,544,835 ----a-w C:\Program Files\vegas70e_enu.exe
2007-07-29 21:53 17,372,167 ----a-w C:\Program Files\vegas70b_manual.pdf
2007-07-29 20:52 1,362,977 ----a-w C:\Program Files\BitLord_1.01.exe
2007-07-24 23:52 3,886,490 ----a-w C:\Program Files\no1vc.exe
2007-07-24 07:36 3,494,136 ----a-w C:\Program Files\setup.exe
2007-07-17 06:41 87,608 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\ezpinst.exe
2007-07-17 06:41 47,360 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
2007-07-12 16:04 8,067,072 ----a-w C:\Program Files\Nostromo_v3d.exe
2007-07-12 16:03 7,996,156 ----a-w C:\Program Files\Nostromox64_3.1.exe
2007-07-05 02:56 5,568,552 ----a-w C:\Program Files\ZuneSetup.exe
2007-07-04 07:33 14,621,240 ----a-w C:\Program Files\snagit.exe
2007-07-02 03:51 20,006,472 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-07-01 22:30 835 ----a-w C:\Program Files\Verizon PC Security Checkup.lnk
2007-06-29 04:14 1,509,610 ----a-w C:\Program Files\GG-SO-FE.rar
2007-06-29 04:10 1,688,012 ----a-w C:\Program Files\OnlineTVPlayer.rar
2007-06-25 05:31 19,892,080 ----a-w C:\Program Files\Install_WLMessenger.exe
2007-06-15 18:39 2,719,216 ----a-w C:\Program Files\ccsetup140.exe
2007-06-09 05:11 2,199,040 ----a-w C:\Program Files\AdminPanel.msi
2007-05-05 18:28 6,169,511 ----a-w C:\Program Files\cat_ten.swf.zip
2007-05-04 02:59 6,006,832 ----a-w C:\Program Files\Firefox Setup 2.0.0.3.exe
2007-04-26 04:34 2,714,784 ----a-w C:\Program Files\ccsetup139.exe
2007-04-26 00:18 761 ----a-w C:\Program Files\Palm Registration.lnk
2007-04-03 04:54 2,685,104 ----a-w C:\Program Files\ccsetup138.exe
2007-03-31 20:46 12,904,270 ----a-w C:\Program Files\tonethisBeta.exe
2007-03-22 21:48 382,642,758 ----a-w C:\Program Files\aa_patch_280to281_generic.exe
2007-03-10 22:49 38,260,926 ----a-w C:\Program Files\PB_Mar_07.rar
2007-03-10 14:32 4,058,282 ----a-w C:\Program Files\mw980enu.exe
2007-03-05 00:46 42,567,136 ----a-w C:\Program Files\93.71_forceware_winxp2k_english_whql.exe
2007-03-02 05:08 415,784 ----a-w C:\Program Files\msgr8us.exe
2007-03-02 01:40 173,733 ----a-w C:\Program Files\RipIt4Me.zip
2007-02-27 01:14 36,808,256 ----a-w C:\Program Files\iTunesSetup.exe
2007-02-24 14:39 2,683,984 ----a-w C:\Program Files\ccsetup137.exe
2007-02-19 22:13 9,628,672 ----a-w C:\Program Files\DVD-WMV-x86-0021.msi
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 17:01 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 10:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 09:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 09:17 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 12:59 143360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14 237568]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 01:21 90112]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20 50744]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 10:56 122880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50 221184]
"Motive SmartBridge"="C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 12:33 438359]
"P17Helper"="SPIRun.dll" [2006-07-03 13:43 10752 C:\WINDOWS\system32\SPIRun.dll]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 15:20 2061816]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 19:50 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 01:03 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 14:07 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 08:40 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 14:10 312240]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 02:01 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [2004-04-06 15:49:02 454656]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-06 18:56:04 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-06 18:53:09 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.JPGL"= jpgl.dll
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a------ 2006-04-13 05:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2006-12-14 13:28 2801664 C:\Program Files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]
C:\Program Files\Kuma Games\hcsystray\Kuma_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2006-02-15 18:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Norton Internet Security\cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 19:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaManager]
--------- 2007-10-19 12:22 1400832 C:\Program Files\Verizon\Media Manager\MediaManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-09-04 20:25 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
--a------ 2003-12-13 13:17 61440 C:\Program Files\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-23 01:03 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Creative Service for CDROM Access"=2 (0x2)
"McrdSvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP Games\\JEOPARDY\\JEOPARDY!.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\HP_Administrator\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\DVD-WMV\\DVDWMV.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\verizon\\Media Manager\\MediaManager.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Team17\\Worms Armageddon\\wa.exe"=
"C:\\Program Files\\NovaLogic\\Comanche 4\\Update.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\lxdicoms.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"C:\\WINDOWS\\system32\\lxdicfg.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-05 01:00]
R2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\system32\drivers\atibtxbr.sys [2002-11-05 01:00]
R2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\system32\drivers\ativtutw.sys [2002-11-05 01:00]
R2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-05 01:00]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-24 02:16]
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
S2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-04-26 11:38]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 11:38]
S2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
S3 DCamUSBNW800;CIF USB Camera (2110);C:\WINDOWS\system32\DRIVERS\pcam800.sys [2002-08-06 09:47]
S3 DrmRDriverV32;DrmRDriverV32;C:\WINDOWS\system32\drivers\DrmRDriverV32.sys [2007-12-24 14:58]
S3 DrmRVideo32;DrmRVideo32;C:\WINDOWS\system32\DRIVERS\DrmRVideo32.sys [2007-12-24 14:59]
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-10-09 13:52]
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2004-08-09 17:00]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-10-09 18:04]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 17:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-20 03:49:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2006-12-19 06:42:06 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 23:46:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
.
**************************************************************************
.
Completion time: 2008-05-19 23:53:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 03:53:07

Pre-Run: 117,703,757,824 bytes free
Post-Run: 117,863,661,568 bytes free

406 --- E O F --- 2008-05-09 10:56:38

#8 jiminphilly

jiminphilly
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 20 May 2008 - 12:03 AM

Not sure if this is related but I have lost all sound to my computer as a result of this. I attempted to load a PC game and the error message I receive is that it can not load an audio device. The drivers for my sound card appear correct.


Also getting an error when tying to uninstall a program

"The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed"

I am not in safe mode.

Edited by jiminphilly, 20 May 2008 - 12:10 AM.


#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:40 AM

Posted 20 May 2008 - 01:17 PM

Check this link for a possible solution to your windows installer error.
http://www.appdeploy.com/faq/detail.asp?id=77

On your audio issue, try removing the device completely, then reboot and Windows will reinstall it. If that doesn't work, let's finish removing your malware issues then we'll come back and troubleshoot it.


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\VundoFix Backups

File::
C:\WINDOWS\system32\kmslnrha.exe
C:\WINDOWS\system32\iwatxvef.dll
C:\WINDOWS\system32\igswlnic.dll
C:\WINDOWS\system32\wpcogdos.dll
C:\WINDOWS\system32\rkykntbm.dll
C:\WINDOWS\system32\jnsehwyx.dll
C:\WINDOWS\system32\migtmrou.dll
C:\WINDOWS\system32\xyyuimvt.dll
C:\WINDOWS\system32\ljjjkih.dll
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


================



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 jiminphilly

jiminphilly
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 20 May 2008 - 05:54 PM

Combofix log:


ComboFix 08-05-19.4 - HP_Administrator 2008-05-20 17:58:26.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2540 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\igswlnic.dll
C:\WINDOWS\system32\iwatxvef.dll
C:\WINDOWS\system32\jnsehwyx.dll
C:\WINDOWS\system32\kmslnrha.exe
C:\WINDOWS\system32\ljjjkih.dll
C:\WINDOWS\system32\migtmrou.dll
C:\WINDOWS\system32\rkykntbm.dll
C:\WINDOWS\system32\wpcogdos.dll
C:\WINDOWS\system32\xyyuimvt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\system32\igswlnic.dll
C:\WINDOWS\system32\iwatxvef.dll
C:\WINDOWS\system32\jnsehwyx.dll
C:\WINDOWS\system32\kmslnrha.exe
C:\WINDOWS\system32\ljjjkih.dll
C:\WINDOWS\system32\migtmrou.dll
C:\WINDOWS\system32\rkykntbm.dll
C:\WINDOWS\system32\wpcogdos.dll
C:\WINDOWS\system32\xyyuimvt.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 00:47 . 2008-05-20 00:47 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-20 00:47 . 2006-08-16 20:50 1,598,336 -ra------ C:\WINDOWS\system32\drivers\p17xfilt.sys
2008-05-20 00:47 . 2006-08-14 20:30 1,173,504 -ra------ C:\WINDOWS\system32\drivers\P17xfi.sys
2008-05-20 00:47 . 2008-05-20 00:47 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-05-20 00:47 . 2006-01-25 02:55 137,728 -ra------ C:\WINDOWS\system32\P17res.dll
2008-05-20 00:47 . 2008-05-20 00:47 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-05-20 00:47 . 2002-04-10 21:41 65,536 -ra------ C:\WINDOWS\system32\A3d.dll
2008-05-20 00:47 . 2003-10-02 06:48 53,248 -ra------ C:\WINDOWS\system32\P17CPI.dll
2008-05-20 00:47 . 2004-12-22 07:58 8,704 -ra------ C:\WINDOWS\system32\drivers\Pfmodnt.sys
2008-05-18 12:07 . 2008-05-18 12:07 <DIR> d-------- C:\Deckard
2008-05-10 22:30 . 2008-04-07 21:20 4,681,603,072 --a------ C:\BEE_MOVIE.ISO
2008-05-10 22:30 . 2008-03-29 13:39 4,681,527,296 --a------ C:\NOC0NNW1.ISO
2008-05-10 14:14 . 2008-05-10 14:30 4,681,852,928 --a------ C:\CHARLIE_WILSONS_WAR.ISO
2008-05-10 10:44 . 2008-05-10 11:00 4,681,469,952 --a------ C:\LIONS_FOR_LAMBS_WS.ISO
2008-05-10 09:03 . 2008-05-10 09:18 4,681,439,232 --a------ C:\THERE_WILL_BE_BLOOD_DOM_D1.ISO
2008-05-09 23:40 . 2008-05-09 23:41 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-04-29 07:53 . 2008-04-29 07:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-29 07:53 . 2008-04-29 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 06:57 . 2008-04-29 06:57 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Template
2008-04-26 12:27 . 2008-04-26 12:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 17:35 . 2008-04-25 17:37 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-23 01:06 . 2008-04-23 01:06 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-23 01:05 . 2008-04-23 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-23 00:28 . 2008-04-23 00:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 00:28 . 2008-04-23 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 00:23 . 2008-04-23 00:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-23 00:17 . 2008-04-23 00:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-21 07:49 . 2008-05-19 19:30 109,757 --a------ C:\WINDOWS\BM0bb57aeb.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 04:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-15 04:10 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-10 02:48 136 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2008-04-25 21:35 --------- d-----w C:\Program Files\Yahoo!
2008-04-25 21:35 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-23 05:06 --------- d-----w C:\Program Files\Lavasoft
2008-04-23 05:06 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2008-04-23 05:05 --------- d-----w C:\Program Files\Common Files\Real
2008-04-23 05:03 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-23 04:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 03:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-08 11:23 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\RipIt4Me
2008-04-06 22:56 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-04-06 22:56 --------- d-----w C:\Program Files\Common Files\LogiShared
2008-04-06 22:56 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Logitech
2008-04-06 22:55 --------- d-----w C:\Program Files\Logitech
2008-04-06 22:53 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-06 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-05 17:39 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-04-05 17:39 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-05 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-27 01:26 --------- d-----w C:\Program Files\America's Army
2008-03-26 07:01 --------- d-----w C:\Program Files\Windows Live
2008-03-24 23:20 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-24 23:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-24 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-24 04:52 --------- d-----w C:\Program Files\Cucusoft
2008-03-21 04:29 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\FaxCtr
2008-03-21 02:19 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lexmark Productivity Studio
2008-03-21 02:09 --------- d-----w C:\Program Files\Lexmark Toolbar
2008-03-21 01:04 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-03-21 01:04 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series
2008-03-21 01:03 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-03-21 01:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-26 11:26 472,576 ----a-w C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2008-02-22 10:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-01-14 01:55 1,491,592 ----a-w C:\Program Files\install_flash_player.exe
2008-01-11 23:13 2,724,328 ----a-w C:\Program Files\ccsetup203.exe
2008-01-10 01:37 2,501,344 ----a-w C:\Program Files\ReGetDx_327.exe
2008-01-04 06:49 1,621,713 ----a-w C:\Program Files\mp3tagv239setup.exe
2007-12-30 06:37 43,265,912 ----a-w C:\Program Files\5.05.54.00_ntune_winxp_international.exe
2007-12-30 06:30 45,943,224 ----a-w C:\Program Files\169.21_forceware_winxp_32bit_english_whql.exe
2007-12-07 04:34 5,611,896 ----a-w C:\Program Files\camfrog.exe
2007-12-06 18:17 1,265,184 ----a-w C:\Program Files\mediamanager.exe
2007-12-06 00:37 13,413,048 ----a-w C:\Program Files\Google_Earth_BZXD.exe
2007-12-05 23:47 13,413,048 ----a-w C:\Program Files\Google_Earth_BZXV.exe
2007-11-27 00:33 151,104 ----a-w C:\Program Files\cc_20071126_1933.reg
2007-11-22 07:35 2,725,528 ----a-w C:\Program Files\ccsetup202.exe
2007-11-17 00:00 35,344,304 ----a-w C:\Program Files\zunesetuppkg-x86.exe
2007-11-16 00:49 47,908,688 ----a-w C:\Program Files\Build_a_lot-setup.exe
2007-11-15 12:44 9,916,528 ----a-w C:\Program Files\VerizonPCCheckup.exe
2007-11-07 07:31 128,336 ----a-w C:\Program Files\Download_SoundTaxiDownload.exe
2007-11-07 06:22 4,217,146 ----a-w C:\Program Files\Last.fm-1.3.2.13b.exe
2007-11-02 11:15 9,560,576 ----a-w C:\Program Files\DVD-WMV-x86-0019.msi
2007-10-20 05:40 263,680 ----a-w C:\Program Files\fu4wm13fix.exe
2007-10-16 04:31 51,422,520 ----a-w C:\Program Files\iTunes743Setup.exe
2007-10-16 03:24 2,045,151 ----a-w C:\Program Files\noteburner.exe
2007-10-08 19:24 2,628,296 ----a-w C:\Program Files\ccsetup201.exe
2007-09-15 06:05 2,614,072 ----a-w C:\Program Files\ccsetup200.exe
2007-09-11 05:46 2,105,153 ----a-w C:\Program Files\gamedaysetup.exe
2007-09-07 02:02 71,275,856 ----a-w C:\Program Files\SpeechSDK51.exe
2007-09-07 01:45 2,248,200 ----a-w C:\Program Files\SopCast.zip
2007-09-06 23:17 922,128,169 ----a-w C:\Program Files\AA281to282Patch_BitTorrent.exe
2007-08-28 05:42 21,094,336 ----a-w C:\Program Files\wg111v3_1_0_0_setup.exe
2007-08-18 17:12 15,505,200 ----a-w C:\Program Files\IE7-WindowsXP-x86-enu.exe
2007-08-18 01:09 4,710,824 ----a-w C:\Program Files\ForwardObserver_1_2_7_FULL.zip
2007-08-18 01:08 283,650,765 ----a-w C:\Program Files\LG Monitor Drivers_LCD.zip
2007-08-18 01:08 104 ----a-w C:\Program Files\Shortcut to Palm Quick Install.lnk
2007-07-29 22:13 147,544,835 ----a-w C:\Program Files\vegas70e_enu.exe
2007-07-29 21:53 17,372,167 ----a-w C:\Program Files\vegas70b_manual.pdf
2007-07-29 20:52 1,362,977 ----a-w C:\Program Files\BitLord_1.01.exe
2007-07-24 23:52 3,886,490 ----a-w C:\Program Files\no1vc.exe
2007-07-24 07:36 3,494,136 ----a-w C:\Program Files\setup.exe
2007-07-17 06:41 87,608 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\ezpinst.exe
2007-07-17 06:41 47,360 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
2007-07-12 16:04 8,067,072 ----a-w C:\Program Files\Nostromo_v3d.exe
2007-07-12 16:03 7,996,156 ----a-w C:\Program Files\Nostromox64_3.1.exe
2007-07-05 02:56 5,568,552 ----a-w C:\Program Files\ZuneSetup.exe
2007-07-04 07:33 14,621,240 ----a-w C:\Program Files\snagit.exe
2007-07-02 03:51 20,006,472 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-07-01 22:30 835 ----a-w C:\Program Files\Verizon PC Security Checkup.lnk
2007-06-29 04:14 1,509,610 ----a-w C:\Program Files\GG-SO-FE.rar
2007-06-29 04:10 1,688,012 ----a-w C:\Program Files\OnlineTVPlayer.rar
2007-06-25 05:31 19,892,080 ----a-w C:\Program Files\Install_WLMessenger.exe
2007-06-15 18:39 2,719,216 ----a-w C:\Program Files\ccsetup140.exe
2007-06-09 05:11 2,199,040 ----a-w C:\Program Files\AdminPanel.msi
.

((((((((((((((((((((((((((((( snapshot@2008-05-19_23.52.55.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 03:46:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-20 04:37:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-06-27 23:37:22 133,632 ----a-r C:\WINDOWS\LastGood\system32\CtDvInst.dll
+ 2004-08-04 04:08:00 60,288 ----a-w C:\WINDOWS\LastGood\system32\drivers\drmk.sys
+ 2004-08-04 04:15:22 140,928 ----a-w C:\WINDOWS\LastGood\system32\drivers\ks.sys
+ 2004-03-16 17:58:20 136,960 ----a-w C:\WINDOWS\LastGood\system32\drivers\portcls.sys
+ 2004-08-04 04:08:04 48,640 ----a-w C:\WINDOWS\LastGood\system32\drivers\stream.sys
+ 2004-08-04 04:56:44 4,096 ----a-w C:\WINDOWS\LastGood\system32\ksuser.dll
+ 2006-08-11 19:09:40 137,728 ----a-w C:\WINDOWS\LastGood\system32\OemSpi.dll
+ 2006-07-03 17:43:16 10,752 ----a-w C:\WINDOWS\LastGood\system32\SPIRun.dll
+ 2004-08-04 05:56:58 23,552 ----a-w C:\WINDOWS\LastGood\system32\wdmaud.drv
- 2005-06-27 23:37:22 133,632 ----a-r C:\WINDOWS\system32\CtDvInst.dll
+ 2005-06-27 10:37:22 133,632 ----a-r C:\WINDOWS\system32\CtDvInst.dll
- 2004-08-04 04:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 03:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2004-08-04 04:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-04 03:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2004-08-04 04:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 03:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2004-08-04 05:56:58 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2004-08-04 04:56:58 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DefaultP17"="resdef.exe" [2006-07-03 00:55 53248 C:\WINDOWS\resdef.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 17:01 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 10:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 09:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 09:17 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 12:59 143360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14 237568]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 01:21 90112]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20 50744]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 10:56 122880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50 221184]
"Motive SmartBridge"="C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 12:33 438359]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 15:20 2061816]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 19:50 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 01:03 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 14:07 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 08:40 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 14:10 312240]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"P17Helper"="SPIRun.dll" [2006-07-03 13:43 10752 C:\WINDOWS\system32\SPIRun.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 02:01 437160]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-11-07 02:24:07 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [2004-04-06 15:49:02 454656]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-06 18:56:04 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-06 18:53:09 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPGL"= jpgl.dll
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a------ 2006-04-13 05:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2006-12-14 13:28 2801664 C:\Program Files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]
C:\Program Files\Kuma Games\hcsystray\Kuma_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2006-02-15 18:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Norton Internet Security\cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 19:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaManager]
--------- 2007-10-19 12:22 1400832 C:\Program Files\Verizon\Media Manager\MediaManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-09-04 20:25 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
--a------ 2003-12-13 13:17 61440 C:\Program Files\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-23 01:03 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Creative Service for CDROM Access"=2 (0x2)
"McrdSvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP Games\\JEOPARDY\\JEOPARDY!.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\HP_Administrator\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\DVD-WMV\\DVDWMV.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\verizon\\Media Manager\\MediaManager.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Team17\\Worms Armageddon\\wa.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\lxdicoms.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"C:\\WINDOWS\\system32\\lxdicfg.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-05 01:00]
R2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\system32\drivers\atibtxbr.sys [2002-11-05 01:00]
R2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\system32\drivers\ativtutw.sys [2002-11-05 01:00]
R2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-05 01:00]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-24 02:16]
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
S2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-04-26 11:38]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 11:38]
S2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
S3 DCamUSBNW800;CIF USB Camera (2110);C:\WINDOWS\system32\DRIVERS\pcam800.sys [2002-08-06 09:47]
S3 DrmRDriverV32;DrmRDriverV32;C:\WINDOWS\system32\drivers\DrmRDriverV32.sys [2007-12-24 14:58]
S3 DrmRVideo32;DrmRVideo32;C:\WINDOWS\system32\DRIVERS\DrmRVideo32.sys [2007-12-24 14:59]
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-10-09 13:52]
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2004-08-09 17:00]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-10-09 18:04]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 17:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-20 04:40:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2006-12-19 06:42:06 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 18:02:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-05-20 18:03:36
ComboFix-quarantined-files.txt 2008-05-20 22:03:29
ComboFix2.txt 2008-05-20 03:53:10

Pre-Run: 117,864,062,976 bytes free
Post-Run: 117,954,084,864 bytes free

394 --- E O F --- 2008-05-09 10:56:38



I tried to install the superantispyware program and I got a message stating
"The System administrator has set policies to prevent this installation"

I am using my 1 and only admin account so I am not sure what is causing this.

Edited by jiminphilly, 20 May 2008 - 05:57 PM.


#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:40 AM

Posted 21 May 2008 - 09:58 AM

Check here for a resolution.

http://www.superantispyware.com/supportfaq...lay.html?faq=50
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 jiminphilly

jiminphilly
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 21 May 2008 - 11:08 AM

Check here for a resolution.

http://www.superantispyware.com/supportfaq...lay.html?faq=50



Sam I know this is a lot more than you anticipated so I appreciate the help. That link only works for XP Pro and I have XP home. I googled and found this. Your opinion on whether I should try this?

http://www.dougknox.com/xp/utils/xp_securityconsole.htm

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:40 AM

Posted 22 May 2008 - 09:06 AM

That site is well respected for the info and tools there. I'd give it a try.
Let me know if it doesn't work and we'll try something else.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 jiminphilly

jiminphilly
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 24 May 2008 - 11:02 PM

My latest error that I can not seem to overcome despite several attempts:

"The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact..."

I've tried the /unregister /regserver command... not sure where to go from here.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:40 AM

Posted 25 May 2008 - 08:26 AM

Click Start -> Run -> services.msc
Scroll down to Windows Installer and double click on it.
Under service status, click Start.

Let me know if that resolves it for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users