Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Vundo, New Trojan


  • Please log in to reply
16 replies to this topic

#1 charlesswiss

charlesswiss

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 15 September 2008 - 03:32 PM

I have used SSD, Ad-Aware, Stinger, and have the double firewall installed that you recommended. None of the anti-virus are bringing anything up, they showed some infections before, but no longer. I used the Startup alteration tool in SSD to remove the items that I believed were the trojans and have seen vast improvement, however, the double firewall is still having to block something that is using srvchost.exe to try to connect with an outside terminal. Can you help me?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:58 PM, on 9/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stronglite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\QUACKE~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://ntserver:4343/officescan/console/Cl...ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://ntserver:4343/officescan/console/Cl...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://ntserver:4343/officescan/console/Cl...stall/setup.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://ntserver:4343/officescan/console/Cl.../RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101944580468
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Acadm 6\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Acadm 6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Acadm 6\InstFred.ocx
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Acadm 6\AcPreview.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7835 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 25 September 2008 - 02:37 PM

Hello charlesswiss,

Before we start, you need to realize that you are missing one important program on that computer: An antivirus.

This is somewhat suicidal in today's digital world. :thumbsup:

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.


and have the double firewall installed that you recommended.



Please tell me who told you to install double firewalls? What firewall did you install? I can see Sygate (which is ancient and no longer supported), but dont see the other firewall.

Do you mean you have a hardware router and a software firewall?

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

After you have run the antivirus program, then download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 25 September 2008 - 02:44 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 charlesswiss

charlesswiss
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 25 September 2008 - 02:45 PM

Are SSD and Adaware not virus protection? Also, you did not point out any viruses for me to remove or things to accomplish. I am however installing avast.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 25 September 2008 - 02:51 PM

Are SSD and Adaware not virus protection?


No, they dont remove visuses or trojans. They are spyware and adware removers. You need an antivirus program in addition to Spybot and Adaware for complete protection.

Also, you did not point out any viruses for me to remove or things to accomplish. I am however installing avast.


Yes, you are correct. :thumbsup:

Running AVAST antivirus is the only first step of many steps.

Read my previous post again, as I just edited it and added a program to run.

Edited by SifuMike, 25 September 2008 - 02:51 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 25 September 2008 - 03:08 PM

Hi charlesswiss,

Here is the Avast Home Editon User Manual:

http://www.avast.com/eng/download-user-guides.html

It is in PDF format.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 charlesswiss

charlesswiss
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 25 September 2008 - 03:57 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:50 PM, on 9/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stronglite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://ntserver:4343/officescan/console/Cl...ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://ntserver:4343/officescan/console/Cl...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://ntserver:4343/officescan/console/Cl...stall/setup.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://ntserver:4343/officescan/console/Cl.../RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101944580468
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Acadm 6\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Acadm 6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Acadm 6\InstFred.ocx
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Acadm 6\AcPreview.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7883 bytes
Malwarebytes' Anti-Malware 1.28
Database version: 1205
Windows 5.1.2600 Service Pack 3

9/25/2008 2:51:48 PM
mbam-log-2008-09-25 (14-51-48).txt

Scan type: Quick Scan
Objects scanned: 51381
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{b1e22eb8-2ae8-4e8e-96ae-74f2a1764533} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dlp.dlpobj (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dlp.dlpobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 25 September 2008 - 04:08 PM

Hi charles,

and have the double firewall installed that you recommended.



Please tell me who told you to install double firewalls?
What firewall(s) did you install, besides Sygate?

Do you mean you have a hardware router and a software firewall (Sygate)?


I am not seeing much in your log, but we can dig deeper. :thumbsup:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 2 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized). info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 charlesswiss

charlesswiss
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 25 September 2008 - 04:17 PM

First, Sygate and Window's crappy version of firewall make two. Side note: Sygate has slowed things down significantly. Then, adding Avast with its monitoring system is slowing things down even more. Suggestions?

Next, using the avast deleted the items that I had been trying to delete out of System 32 for the longest time. Out of curiosity, how do they replace themselves with a different name and file extension when you are disconnected from the internet?

Finally, I think that that took care of things, but to be on the safe side, here are the two files requested.
Logfile of random's system information tool 1.02 (written by random/random)
Run by quackenbushd at 2008-09-25 15:11:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (48%) free of 38 GB
Total RAM: 1015 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:50 PM, on 9/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\quackenbushd\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\quackenbushd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stronglite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://ntserver:4343/officescan/console/Cl...ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://ntserver:4343/officescan/console/Cl...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://ntserver:4343/officescan/console/Cl...stall/setup.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://ntserver:4343/officescan/console/Cl.../RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101944580468
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Acadm 6\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Acadm 6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Acadm 6\InstFred.ocx
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Acadm 6\AcPreview.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 8030 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Daily.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-30 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2007-12-05 1885464]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe

C:\Documents and Settings\quackenbushd\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"\\ntserver\APPS\macsql\pwe.exe"="\\ntserver\APPS\macsql\pwe.exe:LocalSubNet:Enabled:Progression Workflow Explorer"
"\\ntserver\APPS\macsql\VBMACEXE.EXE"="\\ntserver\APPS\macsql\VBMACEXE.EXE:*:Enabled:VBMACEXE.EXE"
"\\ntserver\APPS\goldmine\gmw6.exe"="\\ntserver\APPS\goldmine\gmw6.exe:*:Enabled:gmw6.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2008-09-25 15:11:43 ----D---- C:\rsit
2008-09-25 14:44:36 ----D---- C:\Documents and Settings\quackenbushd\Application Data\Malwarebytes
2008-09-25 14:44:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-25 14:44:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 13:48:24 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-09-25 13:48:21 ----D---- C:\Program Files\Alwil Software
2008-09-19 08:25:14 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-09-16 14:44:34 ----RHD---- C:\AHCache
2008-09-16 14:43:56 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-15 14:14:21 ----D---- C:\Program Files\Trend Micro
2008-09-15 12:53:09 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-09-15 12:53:05 ----D---- C:\Program Files\Sygate
2008-09-11 17:04:05 ----SHD---- C:\RECYCLER
2008-09-11 16:34:02 ----D---- C:\WINDOWS\temp
2008-09-11 16:34:01 ----A---- C:\ComboFix.txt
2008-09-11 16:29:44 ----A---- C:\Boot.bak
2008-09-11 16:29:34 ----D---- C:\cmdcons
2008-09-11 15:21:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 15:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-11 11:40:58 ----D---- C:\WINDOWS\erdnt
2008-09-11 11:39:44 ----D---- C:\QooBox
2008-09-11 11:39:35 ----A---- C:\WINDOWS\zip.exe
2008-09-11 11:39:35 ----A---- C:\WINDOWS\VFind.exe
2008-09-11 11:39:35 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-11 11:39:35 ----A---- C:\WINDOWS\swsc.exe
2008-09-11 11:39:35 ----A---- C:\WINDOWS\swreg.exe
2008-09-11 11:39:35 ----A---- C:\WINDOWS\sed.exe
2008-09-11 11:39:35 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-11 11:39:35 ----A---- C:\WINDOWS\grep.exe
2008-09-11 11:39:35 ----A---- C:\WINDOWS\fdsv.exe
2008-09-10 16:32:15 ----A---- C:\WINDOWS\system32\53ea7d13-.txt
2008-09-09 11:52:42 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 11:50:38 ----A---- C:\WINDOWS\system32\muweb.dll
2008-09-05 11:50:38 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-05 11:50:37 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-05 11:37:15 ----D---- C:\Program Files\Microsoft Works
2008-09-05 11:37:02 ----D---- C:\Program Files\MSBuild
2008-09-05 11:36:37 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-05 11:35:26 ----D---- C:\Program Files\Microsoft.NET
2008-09-05 11:32:18 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-09-05 11:31:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-28 09:31:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-27 13:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-27 13:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-27 13:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-27 13:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-27 13:16:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-27 13:16:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-27 13:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-27 13:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-27 13:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-27 13:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-27 13:09:42 ----D---- C:\WINDOWS\system32\scripting
2008-08-27 13:09:41 ----D---- C:\WINDOWS\l2schemas
2008-08-27 13:09:40 ----D---- C:\WINDOWS\system32\en
2008-08-27 13:09:40 ----D---- C:\Program Files\msn
2008-08-27 12:51:23 ----A---- C:\WINDOWS\system32\wmphoto.dll
2008-08-27 12:51:19 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-08-27 12:51:17 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-27 12:51:17 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-27 12:51:12 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-08-27 12:51:12 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-08-27 12:50:58 ----A---- C:\WINDOWS\system32\setupn.exe
2008-08-27 12:50:54 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-27 12:50:52 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-08-27 12:50:52 ----A---- C:\WINDOWS\system32\qutil.dll
2008-08-27 12:50:51 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-08-27 12:50:51 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-08-27 12:50:50 ----A---- C:\WINDOWS\system32\qagent.dll
2008-08-27 12:50:49 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-27 12:50:46 ----A---- C:\WINDOWS\system32\onex.dll
2008-08-27 12:50:37 ----A---- C:\WINDOWS\system32\napstat.exe
2008-08-27 12:50:37 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-08-27 12:50:37 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-08-27 12:50:36 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-08-27 12:50:36 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-08-27 12:50:33 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-27 12:50:33 ----A---- C:\WINDOWS\system32\mssha.dll
2008-08-27 12:50:17 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-08-27 12:50:17 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-27 12:50:17 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-08-27 12:50:17 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-27 12:50:04 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-27 12:50:04 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-08-27 12:50:04 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-08-27 12:50:03 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-27 12:50:03 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-27 12:50:03 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-27 12:49:37 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-08-27 12:49:37 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-08-27 12:49:37 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-08-27 12:49:37 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-08-27 12:49:37 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-08-27 12:49:37 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-08-27 12:49:37 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-27 12:49:37 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-08-27 12:49:35 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-08-27 12:49:35 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-08-27 12:49:35 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-08-27 12:49:35 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-27 12:49:35 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-27 12:49:35 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-27 12:49:35 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-08-27 12:49:34 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-08-27 12:49:34 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-27 12:49:33 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-27 12:49:31 ----A---- C:\WINDOWS\system32\credssp.dll
2008-08-27 12:49:27 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-27 12:49:26 ----A---- C:\WINDOWS\system32\azroles.dll
2008-08-27 12:49:21 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-08-15 17:05:17 ----D---- C:\Documents and Settings\quackenbushd\Application Data\gtk-2.0
2008-08-15 17:01:25 ----D---- C:\Program Files\GIMP-2.0
2008-08-15 13:44:46 ----D---- C:\Program Files\ImageConverter Plus
2008-08-13 17:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-13 17:33:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-13 17:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 17:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-13 17:31:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 17:31:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-13 17:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$

======List of files/folders modified in the last 2 months======

2008-09-25 15:10:04 ----D---- C:\Program Files\Mozilla Firefox
2008-09-25 14:44:33 ----D---- C:\WINDOWS\system32\drivers
2008-09-25 14:44:31 ----RD---- C:\Program Files
2008-09-25 14:39:07 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-25 14:36:31 ----D---- C:\WINDOWS\system32\config
2008-09-25 14:35:32 ----D---- C:\WINDOWS\system32
2008-09-25 14:28:58 ----D---- C:\WINDOWS
2008-09-25 13:37:53 ----A---- C:\WINDOWS\OEACKFRM.INI
2008-09-25 13:31:20 ----A---- C:\WINDOWS\MACOLA7.INI
2008-09-25 13:31:17 ----A---- C:\WINDOWS\VTOOLS.INI
2008-09-25 12:55:04 ----SHD---- C:\WINDOWS\Installer
2008-09-25 12:54:46 ----HD---- C:\WINDOWS\inf
2008-09-25 12:54:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-25 12:54:44 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-25 12:54:44 ----D---- C:\Program Files\Common Files
2008-09-25 12:53:57 ----SD---- C:\Documents and Settings\quackenbushd\Application Data\Microsoft
2008-09-25 12:36:21 ----D---- C:\WINDOWS\system32\Restore
2008-09-25 12:36:11 ----SHD---- C:\System Volume Information
2008-09-25 10:14:32 ----A---- C:\WINDOWS\ODBC.INI
2008-09-24 17:16:28 ----D---- C:\Documents and Settings\quackenbushd\Application Data\uTorrent
2008-09-23 17:20:41 ----A---- C:\WINDOWS\BRWMARK.INI
2008-09-18 12:48:33 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-18 12:37:23 ----D---- C:\WINDOWS\Help
2008-09-16 15:30:35 ----SD---- C:\WINDOWS\Tasks
2008-09-16 14:55:26 ----D---- C:\WINDOWS\hpOEMurl
2008-09-16 14:55:25 ----D---- C:\WINDOWS\Minidump
2008-09-15 10:10:30 ----A---- C:\WINDOWS\win.ini
2008-09-15 10:09:55 ----RSD---- C:\WINDOWS\assembly
2008-09-15 10:08:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-11 16:31:18 ----A---- C:\WINDOWS\system.ini
2008-09-11 16:30:53 ----D---- C:\WINDOWS\AppPatch
2008-09-11 16:29:44 ----RASH---- C:\boot.ini
2008-09-11 15:21:21 ----D---- C:\WINDOWS\WinSxS
2008-09-11 15:20:33 ----A---- C:\WINDOWS\imsins.BAK
2008-09-11 14:46:00 ----A---- C:\WINDOWS\OEINVFRM.INI
2008-09-11 13:17:27 ----D---- C:\WINDOWS\Registration
2008-09-11 11:21:52 ----A---- C:\WINDOWS\wininit.ini
2008-09-11 10:48:40 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-10 15:59:58 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-09 11:53:29 ----D---- C:\Program Files\Lavasoft
2008-09-09 11:50:02 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-08 11:33:33 ----D---- C:\Program Files\Panda Security
2008-09-05 11:41:11 ----D---- C:\WINDOWS\SHELLNEW
2008-09-05 11:40:58 ----D---- C:\Program Files\Common Files\System
2008-09-05 11:36:44 ----D---- C:\Program Files\Microsoft Office
2008-09-05 11:36:37 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-05 11:35:52 ----RSD---- C:\WINDOWS\Fonts
2008-08-28 09:28:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-27 13:20:25 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-08-27 13:19:30 ----A---- C:\WINDOWS\setuplog.txt
2008-08-27 13:18:58 ----D---- C:\WINDOWS\system32\wbem
2008-08-27 13:18:58 ----D---- C:\WINDOWS\system32\Setup
2008-08-27 13:17:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-27 13:16:03 ----D---- C:\Program Files\Messenger
2008-08-27 13:15:44 ----D---- C:\WINDOWS\security
2008-08-27 13:09:51 ----D---- C:\WINDOWS\network diagnostic
2008-08-27 13:09:51 ----D---- C:\WINDOWS\ime
2008-08-27 13:09:42 ----D---- C:\WINDOWS\system32\usmt
2008-08-27 13:09:42 ----D---- C:\WINDOWS\system32\en-US
2008-08-27 13:09:39 ----D---- C:\WINDOWS\system32\bits
2008-08-27 13:09:39 ----D---- C:\WINDOWS\peernet
2008-08-27 13:09:39 ----D---- C:\Program Files\Movie Maker
2008-08-27 13:07:33 ----D---- C:\WINDOWS\system32\npp
2008-08-27 13:07:33 ----D---- C:\WINDOWS\mui
2008-08-27 13:07:33 ----D---- C:\WINDOWS\msagent
2008-08-27 13:07:31 ----D---- C:\WINDOWS\srchasst
2008-08-27 13:07:29 ----D---- C:\Program Files\NetMeeting
2008-08-27 13:07:28 ----D---- C:\WINDOWS\system32\Com
2008-08-27 13:07:23 ----D---- C:\Program Files\Windows NT
2008-08-27 13:07:23 ----D---- C:\Program Files\Windows Media Player
2008-08-27 13:07:22 ----D---- C:\Program Files\Outlook Express
2008-08-27 13:06:40 ----D---- C:\WINDOWS\system32\oobe
2008-08-27 13:06:38 ----D---- C:\WINDOWS\system
2008-08-27 13:03:52 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-27 13:00:09 ----D---- C:\WINDOWS\EHome
2008-08-27 12:27:04 ----D---- C:\WINDOWS\Debug
2008-08-27 10:20:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-26 14:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-13 17:31:28 ----D---- C:\Program Files\Internet Explorer
2008-08-13 11:33:39 ----A---- C:\WINDOWS\OEQTEFRM.INI
2008-08-07 10:28:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-04 15:16:51 ----D---- C:\Documents and Settings\quackenbushd\Application Data\Adobe
2008-07-28 15:15:26 ----D---- C:\WINDOWS\system32\NtmsData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-17 170880]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-13 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-13 78496]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [2003-02-05 50816]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-04-02 21632]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 adpu320;adpu320; C:\WINDOWS\System32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-05-07 717296]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 Symmpi;Symmpi; C:\WINDOWS\System32\DRIVERS\symmpi.sys [2002-04-04 28416]
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-13 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.02 2008-09-25 15:11:55

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
7-Zip 4.32-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.1.0 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000002}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoCAD Mechanical 6 Migration Assistance-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Acadm 6\acadm\migration\DeIsL1.isu"
AutoCAD Mechanical 6-->MsiExec.exe /I{5783F2D7-0105-0409-0000-0060B0CE6BBA}
Autodesk Learning Assistance-->"C:\Program Files\Autodesk Learning Assistance\ala.exe" /uninstall
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{750DFF5E-C559-11D4-A441-00B0D0436EE7}\Setup.exe"
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Fujitsu COBOL Free Run-time-->MsiExec.exe /I{D613E094-CA9D-4D73-B389-FC35D63C21DC}
Genuine Fractals 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC38B36B-90F8-4C1F-8AC9-236B851B8871}\setup.exe" -l0x9 -uninst -removeonly
GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
iTunes-->MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Magic ISO Maker v5.4 (build 0256)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (3.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
PDF Complete-->C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
Pervasive System Analyzer-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\Pervasive Software Shared\PSA\psa.isu"
Pervasive.SQL V8 Client (v8.5)-->MsiExec.exe /I{8DE55D9F-D950-4555-AA48-7131C07A601B}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Software Setup-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\COMPAQ\Software Setup\Uninst.isu" -c"C:\Program Files\COMPAQ\Software Setup\CPQUNST.DLL"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Sygate Personal Firewall-->MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3-->"C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser-->"C:\Program Files\Uniblue\SpyEraser\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 080925-0]
FW: Sygate Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Fujitsu\COBOL;C:\PVSW\BIN;C:\PROGRA~1\COMMON~1\FUJITSU\COBOL;C:\Program Files\Common Files\Macola Shared;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus\Microsoft.VC80.CRT;C:\Program Files\ImageConverter Plus\Microsoft.VC80.MFC;
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VSL"=C:\PVSW\bin
"CLASSPATH"=.;C:\PVSW\bin\pvjdbc2x.jar;C:\PVSW\bin\pvjdbc.jar;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"FP_NO_HOST_CHECK"=NO
"MIGO_DRIVE"=E
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 25 September 2008 - 04:39 PM

Hi charles,

First, Sygate and Window's crappy version of firewall make two.
Side note: Sygate has slowed things down significantly. Then, adding Avast with its monitoring system is slowing things down even more. Suggestions?


You have TWO firewall running at the same time, Windows Firewall and Sygate firewall. :)

Who told you to do that? :thumbsup:

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Turn off the Windows firewall:
How to turn off the Windows Firewall
http://www.utmem.edu/helpdesk/sp2/sp2firewall.htm

See if that improves the slowness.

I recommend you get rid of Sygate, as it was taken over by Symantec seveal yeras ago and they immedately stopped all support on it.
Here are five free firewalls available for personal use. If one conflicts with your system, try another.

You Need a (Properly Configured) Firewall
Understanding and Using Firewalls


Comodo Firewall Pro
Comodo Firewall Pro user guide

Online Armor Free

Sunbelt Kerio Firewall

Outpost Firewall Free

ZoneAlarm
ZoneAlarm Manual http://download.zonelabs.com/bin/media/pdf/ZAP40_manual.pdf

Remember, only install one firewall, as two or more will slow your computer and cause major problems.



Next, using the avast deleted the items that I had been trying to delete out of System 32 for the longest time.


Good. :) But you should be quarentining, not deleting, the viruses it finds.
You probably had many viruses and trojans on your computer and most of them should be gone now.

Virtumonde, Vundo, New Trojan, No anti-virus is working for whatever I have

.
What was program(s) is finding Vundo or virtumonde on your computer?
Spybot or Adaware?



I see you ran ComboFix! :) Who told you to run that?

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

Edited by SifuMike, 25 September 2008 - 05:14 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 charlesswiss

charlesswiss
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 25 September 2008 - 05:14 PM

Avast has a scanner and the firewall is constantly scanning in and outbound. Do I need both running?
All that has been found on my computer so far have been trojans, virtumonde and avast found win32 something during startup scan.
Duelly noted on the Combo Fix.
Why Quarantining instead of Deleting?
Which firewall would you choose?

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 25 September 2008 - 05:26 PM

Avast has a scanner and the firewall is constantly scanning in and outbound. Do I need both running?

Yes. You need both running.
I can see you dont understand the funtion of a firewall and a antivirus. :)
Firewall scans both incoming and outgoing packets and ask for your approval - like a doorman. It is your first line of defense.

Avast has a virus scanner running in the background. This is NOT the same as a firewall.



All that has been found on my computer so far have been trojans, virtumonde and avast found win32 something during startup scan.


Yes, but I asked you what programs found the vundo, virtumonde?


Duelly noted on the Combo Fix.


I dont understand you. Please explain. What was noted on the ComboFix?
Why did you run ComboFix without supervision. :thumbsup:

Why Quarantining instead of Deleting?


If Avast finds a false postive, then you can restore it from quarentine. If you delete it then it is gone for good and you are out of luck.


Which firewall would you choose?


Comodo Firewall is what I use.

Edited by SifuMike, 25 September 2008 - 05:29 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 charlesswiss

charlesswiss
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 25 September 2008 - 05:37 PM

I read the article that you added on the last post and it was amazing. I understand the av and fw thing now.
I guess I misunderstood your question. SSD found the Virtumonde.
As far as the combo fix, I was saying that I won't use it again. Noone told me to use it. I used it after reading hours and hours of threads from your website and seeing that the symptoms that I had most closely resembled the ones that ComboFix fixed. So, I followed the directions, found my version of XP dl'd and ran.
Brilliant on the Quarantining. Assuming you have someone nice to help you figure out which is which, like you. :thumbsup: :)
I will uninstall Sygate and install Comodo. Have you seen anything else suspicious?

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 25 September 2008 - 05:43 PM

Is SDD still finding Virtumonde or Vundo?

BTW, what version of Spybot and Ad-aware are you now running?


I am still looking at your RSIT logs and anlyzing takes some time. Be back as soon as I can. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 charlesswiss

charlesswiss
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 25 September 2008 - 06:09 PM

I just ran SDD and it found nothing.
I always get the updates for SDD and I installed the latest version three months ago.
I updated Adaware something like two weeks ago.
Thank you for all of your help. I will be waiting for what looks like it might be your last reply.

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 25 September 2008 - 08:46 PM

Hi charles,


Download Deckard's Association File Tool  daft.exe and save it to your desktop.
Double click on it and click Run.
Click on the Scan button.
If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a checkmark (tick) in the boxes in question (in your case .scr).
Click the Fix button.

*******************************************

Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following by double-clicking on the following entries:
Java 6 Update 6
Ad-Aware SE Personal
Spybot - Search & Destroy 1.5.2.20


BTW, check you versions of AdAware and Spybot.
The latest version of Adaware and Spybot are Ad-aware 2008 free and Spybot 1.6.0

*******************************************

Download CCleaner and install it. (default location is best). Do not run it yet!

Beginners Guide to CCleaner

*******************************************


Please run HijackThis and click "Scan." Place checks next to the following entries, if present:

O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -


Close all browsers and other windows except for HijackThis, and click "Fix checked"


*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues or Registry button. This is a built-in registry cleaner. If you don't know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Autocomplete Forum History.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section except for Start Menu Shortcuts and Desktop Shortcuts.
Clean any others that you choose.

In the Applications Tab:
Clean all including cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************

Reboot your computer, post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users