Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still Infected.


  • This topic is locked This topic is locked
9 replies to this topic

#1 BreeNeva

BreeNeva

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 18 September 2008 - 02:33 PM

I was recenty infected with Zedo and Internet Speed Moniter and possibly Virtumonde. When I was infected, AVG popped up with a trojan warning so I tried to heal them some worked others did not. I scanned with Ad-Aware, Spybot, SuperAntiSpyware, and AVG. All of them found traking cookies and/or trojans. After scanning and removing all the infections I no longer have random pop-ups, but I still get errors when starting up that a specified module in windows32 could not be found (All of them were .dll files. I had them written down but I can't find the paper now.) My main concern is, though, that every once and a while my desktop will disappear as in all my desktop shortcuts will vanish and my start menu bar is gone all I am able to see is the desktop picture. I've tried clicking the windows button on my keyboard but it doesn't open the start menu. All the windows that were open stay opened but if I minimize them they disappear as well. I've tried running all the before-mentioned programs everyday but they still show multiple tracking cookies and trojans and I am constantly removing them. It's a never ending cycle.

Any help would be appreciated. :thumbsup:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:33 PM, on 9/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {EAC4F217-6F16-43E2-BBF2-61BC3080DE53} - C:\WINDOWS\system32\wvUljJyx.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [b07ae456] rundll32.exe "C:\WINDOWS\system32\ugxddsdk.dll",b
O4 - HKLM\..\Run: [BMb349d7ca] Rundll32.exe "C:\WINDOWS\system32\ueswohhk.dll",s
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134828037711
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F1EF63-12CF-4BFF-A657-8C6CDD8B8BC4}: NameServer = 65.32.5.74,65.32.5.75
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll bpacsc.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10140 bytes






EDIT: I forgot to change my topic name. So very sorry.

Edited by BreeNeva, 18 September 2008 - 02:42 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:24 AM

Posted 18 September 2008 - 04:47 PM

Hi BreeNeva,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

please refrain from making any changes to your system as it might prolong handling your log and make the job for both of us more difficult.
  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note:The logs will be created in this folder: C:\rsit


#3 BreeNeva

BreeNeva
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 18 September 2008 - 06:01 PM

Everything seemed to go smoothly. Restarted after Malwarebytes prompted me.


Malwarebytes' Anti-Malware 1.28
Database version: 1171
Windows 5.1.2600 Service Pack 3

9/18/2008 6:43:02 PM
mbam-log-2008-09-18 (18-43-02).txt

Scan type: Quick Scan
Objects scanned: 47851
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 14
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ugxddsdk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\OINAnalytics\OINAnalytics.dll (Adware.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b07ae456 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VnrBlock20 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmb349d7ca (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\OINAnalytics (Trojan.Agent) -> Delete on reboot.
C:\Program Files\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\kgpllsyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oysllpgk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugxddsdk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kdsddxgu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\OINAnalytics.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\system32\osvlic.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bjosyj(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\impxqmuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jepspu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ltgmwrhu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vwitwciv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wedstqgn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ynxgfxrg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rdakfm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jtglavfn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrBlock\xtarga.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BMb349d7ca.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMb349d7ca.txt (Trojan.Vundo) -> Quarantined and deleted successfully.









Logfile of random's system information tool 1.02 (written by random/random)
Run by Administrator at 2008-09-18 18:53:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (41%) free of 30 GB
Total RAM: 958 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:13 PM, on 9/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/t/170063/still-infected/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {EAC4F217-6F16-43E2-BBF2-61BC3080DE53} - C:\WINDOWS\system32\wvUljJyx.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134828037711
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F1EF63-12CF-4BFF-A657-8C6CDD8B8BC4}: NameServer = 65.32.5.74,65.32.5.75
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll bpacsc.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9859 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1219112089.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAC4F217-6F16-43E2-BBF2-61BC3080DE53}]
C:\WINDOWS\system32\wvUljJyx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]
"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2007-06-11 176128]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736]
"VX3000"=C:\WINDOWS\vVX3000.exe [2006-12-05 707360]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-12 275800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-12-17 77824]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-03-10 35328]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"SetDefPrt"=C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe []
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll bpacsc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\wvUljJyx

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Global Star Software\Final Stretch\GameHR.exe"="C:\Program Files\Global Star Software\Final Stretch\GameHR.exe:*:Enabled:GameHR"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-09-18 18:53:39 ----D---- C:\rsit
2008-09-18 18:33:06 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-18 18:32:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 18:32:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 17:11:09 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-09-16 17:11:04 ----D---- C:\Program Files\Sygate
2008-09-16 10:56:58 ----ASH---- C:\WINDOWS\system32\ENopYcdd.ini2
2008-09-16 10:56:58 ----ASH---- C:\WINDOWS\system32\ENopYcdd.ini
2008-09-15 17:46:03 ----D---- C:\Program Files\Panda Security
2008-09-15 10:15:58 ----SH---- C:\WINDOWS\system32\bxdmmoeh.ini
2008-09-14 22:49:57 ----A---- C:\WINDOWS\wininit.ini
2008-09-14 20:53:37 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-14 20:53:08 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-14 20:53:08 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-09-14 20:52:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 17:24:48 ----D---- C:\Program Files\Trend Micro
2008-09-14 11:22:48 ----D---- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-14 09:38:48 ----SH---- C:\WINDOWS\system32\uyweribv.ini
2008-09-13 21:33:29 ----A---- C:\WINDOWS\system32\bb592028-.txt
2008-09-13 21:31:10 ----ASH---- C:\WINDOWS\system32\xyJjlUvw.ini2
2008-09-13 21:31:08 ----ASH---- C:\WINDOWS\system32\xyJjlUvw.ini
2008-09-13 17:29:35 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-09-12 20:06:53 ----D---- C:\Program Files\MagicISO
2008-09-12 03:08:07 ----D---- C:\Program Files\MSXML 4.0
2008-09-10 22:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-09-10 22:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-09-10 22:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 22:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-09-10 22:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 20:09:54 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-10 20:04:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-09-10 20:03:35 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-10 20:00:04 ----D---- C:\Program Files\Nero
2008-09-10 20:00:04 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-10 20:00:02 ----D---- C:\Program Files\Common Files\Ahead
2008-09-09 16:01:07 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-09-09 16:00:33 ----D---- C:\Program Files\Windows Media Connect 2
2008-09-09 16:00:18 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-09-09 15:57:47 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-09-08 16:29:22 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-09-08 16:06:35 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-08 16:01:22 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-09-08 15:08:34 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-09-08 15:08:28 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-09-08 15:03:59 ----D---- C:\Program Files\Red Mile Entertainment
2008-09-07 11:08:53 ----HD---- C:\$AVG8.VAULT$
2008-09-05 22:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-04 09:56:21 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-09-04 09:55:19 ----D---- C:\WINDOWS\Prefetch
2008-09-04 09:52:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-04 09:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-04 09:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-04 09:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-04 09:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-04 09:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-04 09:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-04 09:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-04 09:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-04 09:45:01 ----D---- C:\WINDOWS\system32\scripting
2008-09-04 09:44:59 ----D---- C:\WINDOWS\l2schemas
2008-09-04 09:44:58 ----D---- C:\WINDOWS\system32\en
2008-09-04 08:45:16 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-04 08:45:12 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-04 08:45:10 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-04 08:45:10 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-04 08:45:00 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-04 08:45:00 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-04 08:44:46 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-04 08:44:41 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-04 08:44:39 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-04 08:44:38 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-04 08:44:36 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-04 08:44:36 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-04 08:44:36 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-04 08:44:34 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-04 08:44:31 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-04 08:44:20 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-04 08:44:20 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-04 08:44:19 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-04 08:44:18 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-04 08:44:18 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-04 08:44:15 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-04 08:44:15 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-04 08:43:59 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-04 08:43:58 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-04 08:43:58 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-04 08:43:58 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-04 08:43:49 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-04 08:43:36 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-04 08:43:35 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-04 08:43:35 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-04 08:43:35 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-04 08:43:34 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-04 08:43:03 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-04 08:43:03 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-04 08:42:43 ----A---- C:\WINDOWS\005706_.tmp
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-04 08:42:36 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-04 08:42:36 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-04 08:42:36 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-04 08:42:33 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-04 08:42:26 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-04 08:42:26 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-04 08:42:15 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-24 20:19:47 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-08-20 10:45:28 ----D---- C:\WINDOWS\Sun
2008-08-20 10:45:27 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2008-08-19 22:54:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-08-19 22:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-19 22:53:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-19 22:53:50 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-19 22:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-08-19 22:53:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-19 22:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-08-19 22:49:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-08-19 22:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-19 22:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-19 22:49:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-19 22:43:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-08-19 22:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-08-19 22:39:41 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-08-19 12:24:27 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-19 12:24:08 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-19 11:57:37 ----D---- C:\Program Files\CCleaner
2008-08-19 10:51:59 ----D---- C:\Documents and Settings\Administrator\Application Data\AdobeAUM
2008-08-19 10:51:58 ----D---- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-08-19 10:47:23 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-19 10:34:10 ----D---- C:\Program Files\Bonjour
2008-08-19 10:22:04 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-08-19 10:14:07 ----D---- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-08-19 10:06:50 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-19 10:06:50 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-19 10:06:50 ----A---- C:\WINDOWS\system32\java.exe
2008-08-19 10:05:55 ----D---- C:\Program Files\Java
2008-08-19 10:03:20 ----D---- C:\Program Files\Common Files\Java
2008-08-19 09:55:46 ----D---- C:\Program Files\LimeWire
2008-08-19 09:39:58 ----D---- C:\WINDOWS\system32\WTablet
2008-08-19 09:39:57 ----N---- C:\WINDOWS\system32\Wintab32.dll
2008-08-19 09:39:56 ----N---- C:\WINDOWS\system32\Tablet.exe
2008-08-19 09:39:54 ----D---- C:\Program Files\Tablet
2008-08-19 09:27:01 ----D---- C:\Program Files\Microsoft LifeCam
2008-08-19 09:18:02 ----A---- C:\WINDOWS\system32\muweb.dll
2008-08-19 09:18:02 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-08-19 09:18:01 ----A---- C:\WINDOWS\system32\mucltui.dll

======List of files/folders modified in the last 1 months======

2008-09-18 18:54:13 ----D---- C:\WINDOWS\Temp
2008-09-18 18:47:12 ----D---- C:\WINDOWS
2008-09-18 18:46:54 ----D---- C:\WINDOWS\system32
2008-09-18 18:45:10 ----RD---- C:\Program Files
2008-09-18 18:45:09 ----D---- C:\WINDOWS\system32\drivers
2008-09-18 18:44:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-18 13:39:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-18 09:41:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-16 17:11:08 ----SHD---- C:\WINDOWS\Installer
2008-09-15 17:46:03 ----HD---- C:\WINDOWS\inf
2008-09-14 22:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 22:49:54 ----D---- C:\Program Files\Common Files
2008-09-14 21:42:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-14 19:36:24 ----ASH---- C:\boot.ini
2008-09-14 19:36:24 ----A---- C:\WINDOWS\win.ini
2008-09-14 19:36:24 ----A---- C:\WINDOWS\system.ini
2008-09-14 17:50:46 ----D---- C:\WINDOWS\pss
2008-09-13 22:05:38 ----D---- C:\WINDOWS\system32\config
2008-09-13 22:05:20 ----D---- C:\WINDOWS\system32\wbem
2008-09-13 22:05:20 ----D---- C:\WINDOWS\Registration
2008-09-13 21:45:36 ----D---- C:\WINDOWS\system32\Restore
2008-09-13 21:25:55 ----D---- C:\WINDOWS\Minidump
2008-09-13 17:29:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-13 08:38:36 ----D---- C:\WINDOWS\Debug
2008-09-12 20:12:08 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-12 15:09:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-12 03:08:07 ----D---- C:\WINDOWS\WinSxS
2008-09-11 13:31:52 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-10 20:09:54 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-09 16:00:32 ----D---- C:\Program Files\Windows Media Player
2008-09-09 16:00:28 ----D---- C:\WINDOWS\Help
2008-09-09 15:57:54 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-08 16:28:49 ----D---- C:\Program Files\WinRAR
2008-09-08 15:08:12 ----D---- C:\WINDOWS\system32\DirectX
2008-09-05 09:25:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-04 10:05:15 ----D---- C:\Program Files\MSN Messenger
2008-09-04 09:57:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-04 09:54:42 ----D---- C:\WINDOWS\system32\Setup
2008-09-04 09:54:42 ----D---- C:\WINDOWS\AppPatch
2008-09-04 09:54:40 ----RSD---- C:\WINDOWS\Fonts
2008-09-04 09:53:41 ----D---- C:\WINDOWS\security
2008-09-04 09:51:18 ----D---- C:\Program Files\Messenger
2008-09-04 09:45:22 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-04 09:45:22 ----D---- C:\WINDOWS\network diagnostic
2008-09-04 09:45:22 ----D---- C:\WINDOWS\ime
2008-09-04 09:45:02 ----D---- C:\WINDOWS\system32\usmt
2008-09-04 09:45:02 ----D---- C:\WINDOWS\system32\en-US
2008-09-04 09:44:58 ----D---- C:\WINDOWS\system32\bits
2008-09-04 09:44:57 ----D---- C:\WINDOWS\peernet
2008-09-04 09:44:57 ----D---- C:\Program Files\Movie Maker
2008-09-04 09:39:39 ----D---- C:\WINDOWS\system32\npp
2008-09-04 09:39:37 ----D---- C:\WINDOWS\msagent
2008-09-04 09:39:35 ----D---- C:\WINDOWS\srchasst
2008-09-04 09:39:34 ----D---- C:\Program Files\NetMeeting
2008-09-04 09:39:32 ----D---- C:\WINDOWS\system32\Com
2008-09-04 09:39:28 ----D---- C:\Program Files\Windows NT
2008-09-04 09:39:28 ----D---- C:\Program Files\Outlook Express
2008-09-04 09:39:24 ----D---- C:\Program Files\Common Files\System
2008-09-04 09:38:59 ----D---- C:\WINDOWS\system32\oobe
2008-09-04 09:38:57 ----D---- C:\WINDOWS\system
2008-09-04 09:35:28 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-04 09:34:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-04 09:29:44 ----D---- C:\WINDOWS\EHome
2008-08-26 16:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-22 10:56:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-08-22 10:36:52 ----D---- C:\Program Files\Windows Live
2008-08-19 22:43:10 ----D---- C:\WINDOWS\ie7updates
2008-08-19 11:15:21 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-08-19 11:04:49 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-19 10:36:19 ----D---- C:\Program Files\Adobe
2008-08-19 10:34:07 ----D---- C:\Program Files\Common Files\Adobe
2008-08-19 09:32:01 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-19 09:31:51 ----SD---- C:\WINDOWS\Tasks
2008-08-19 09:31:21 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-08-16 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-25 12032]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2008-03-21 308480]
R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-11 714240]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-12-05 1964064]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-04 3797632]
S3 aopnssyi;aopnssyi; C:\WINDOWS\system32\drivers\aopnssyi.sys []
S3 ati2mpaa;ati2mpaa; C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
S3 ati2mtaa;ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2004-08-04 327040]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 53248]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-19 11904]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 Viaitsy;Viaitsy; C:\WINDOWS\system32\drivers\Viaitsy.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2004-07-21 176241]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-12-05 753664]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-12-17 68096]
S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-13 61440]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-19 654848]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------








info.txt logfile of random's system information tool 1.02 2008-09-18 18:54:20

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3E4251D-8364-4698-B0E0-A7C799384403}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite-->C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.5-->"C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{06C32EA0-4A22-4919-979A-8700715865B8}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sygate Personal Firewall-->MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Tablet-->C:\Program Files\Tablet\Remove.exe /u
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VIA Display Driver 6.14.10.0099-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar-->MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
FW: Sygate Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:24 AM

Posted 19 September 2008 - 04:06 AM

Well done and thanks for the feedback. :thumbsup:


Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Removal Instructions

  • Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you remove the program if you are not using it.
    If you decided to uninstall it click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:

    Viewpoint Manager, Viewpoint Media Player.

    Also remove the folder in bold: C:\Program Files\Viewpoint

  • We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully.

    You have to install the Recovery Console before running the tool because Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Instruction to install Recovery Console :

    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System


    Posted Image


    Download the file & save it as it's originally named, next to ComboFix.exe.


    Posted Image


    Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
    • At the next prompt, click 'Yes' to run the full ComboFix scan.

      Posted Image
    • When the tool is finished, it will produce a report for you.
    Please copy and paste the content of C:\ComboFix.txt for further review.

  • Please copy and paste a fresh Hijackthis log to your reply.

Please post in your next reply:
  • The Combofix log.
  • A fresh Hijackthis log.


#5 BreeNeva

BreeNeva
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 19 September 2008 - 09:22 AM

Thanks for the links, I am extremely careful when I do use it but I'm considering taking it off anyway.



ComboFix 08-09-16.05 - Administrator 2008-09-19 9:35:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.506 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bxdmmoeh.ini
C:\WINDOWS\system32\ENopYcdd.ini
C:\WINDOWS\system32\ENopYcdd.ini2
C:\WINDOWS\system32\uyweribv.ini
C:\WINDOWS\system32\xyJjlUvw.ini
C:\WINDOWS\system32\xyJjlUvw.ini2

.
((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))
.

2008-09-18 18:53 . 2008-09-18 18:54 d-------- C:\rsit
2008-09-18 18:33 . 2008-09-18 18:33 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-18 18:33 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-18 18:33 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-18 18:32 . 2008-09-18 18:33 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 18:32 . 2008-09-18 18:32 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 17:11 . 2008-09-16 17:11 d-------- C:\Program Files\Sygate
2008-09-16 17:11 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-09-16 17:11 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-09-16 17:11 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-09-16 17:11 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-09-16 17:11 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-09-16 17:11 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-09-16 17:11 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-09-15 17:46 . 2008-09-15 17:46 d-------- C:\Program Files\Panda Security
2008-09-15 17:46 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-15 12:34 . 2008-09-15 17:39 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-09-14 22:49 . 2008-09-16 13:44 315 --a------ C:\WINDOWS\wininit.ini
2008-09-14 20:53 . 2008-09-14 20:53 d-------- C:\Program Files\SUPERAntiSpyware
2008-09-14 20:53 . 2008-09-14 20:53 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-14 20:53 . 2008-09-14 20:53 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-09-14 20:52 . 2008-09-14 20:52 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 17:24 . 2008-09-14 17:24 d-------- C:\Program Files\Trend Micro
2008-09-14 11:22 . 2008-09-14 11:22 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-12 20:06 . 2008-09-12 20:09 d-------- C:\Program Files\MagicISO
2008-09-12 03:08 . 2008-09-12 03:08 d-------- C:\Program Files\MSXML 4.0
2008-09-10 20:04 . 2008-09-10 20:04 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-09-10 20:03 . 2008-09-10 20:03 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-10 20:00 . 2008-09-10 20:00 d-------- C:\Program Files\Nero
2008-09-10 20:00 . 2008-09-10 20:02 d-------- C:\Program Files\Common Files\Ahead
2008-09-10 20:00 . 2008-09-10 20:00 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-09 16:00 . 2008-09-09 16:00 d-------- C:\Program Files\Windows Media Connect 2
2008-09-08 16:06 . 2008-09-08 16:06 d-------- C:\Program Files\DAEMON Tools Lite
2008-09-08 16:01 . 2008-09-08 16:01 d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-09-08 15:03 . 2008-09-08 15:03 d-------- C:\Program Files\Red Mile Entertainment
2008-09-07 11:08 . 2008-09-18 12:57 d--h----- C:\$AVG8.VAULT$
2008-09-04 09:56 . 2008-04-13 20:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-04 09:45 . 2008-09-04 09:45 d-------- C:\WINDOWS\system32\scripting
2008-09-04 09:44 . 2008-09-04 09:44 d-------- C:\WINDOWS\system32\en
2008-09-04 09:44 . 2008-09-04 09:44 d-------- C:\WINDOWS\l2schemas
2008-09-04 08:44 . 2006-11-01 18:31 1,669,120 -----c--- C:\WINDOWS\system32\dllcache\setup_wm.exe
2008-09-04 08:43 . 2008-04-13 20:12 786,432 -----c--- C:\WINDOWS\system32\dllcache\migrate.exe
2008-09-04 08:42 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-24 20:19 . 2008-08-24 20:19 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-08-24 18:28 . 2008-09-19 09:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-24 18:28 . 2008-09-19 09:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-20 10:45 . 2008-08-20 10:45 d-------- C:\WINDOWS\Sun
2008-08-19 12:24 . 2008-08-22 10:34 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-19 12:24 . 2008-08-22 10:11 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-19 12:09 . 2008-04-13 14:46 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2008-08-19 11:57 . 2008-08-19 11:57 d-------- C:\Program Files\CCleaner
2008-08-19 10:51 . 2008-08-19 11:14 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-08-19 10:51 . 2008-08-19 11:08 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeAUM
2008-08-19 10:47 . 2008-08-19 10:47 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-19 10:34 . 2008-08-19 10:34 d-------- C:\Program Files\Bonjour
2008-08-19 10:22 . 2008-08-19 10:22 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-19 10:14 . 2008-09-13 21:37 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-08-19 10:06 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-19 10:05 . 2008-08-19 10:06 d-------- C:\Program Files\Java
2008-08-19 10:03 . 2008-08-19 10:03 d-------- C:\Program Files\Common Files\Java
2008-08-19 09:55 . 2008-08-19 09:57 d-------- C:\Program Files\LimeWire
2008-08-19 09:45 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-19 09:40 . 2005-12-05 16:57 1,606,746 --------- C:\WINDOWS\system32\PenTablet.znc
2008-08-19 09:40 . 2005-12-05 17:05 1,282,048 --------- C:\WINDOWS\system32\PenTablet.cpl
2008-08-19 09:40 . 2008-09-19 09:41 336 --a------ C:\WINDOWS\system32\tablet.dat
2008-08-19 09:39 . 2008-08-19 09:39 d-------- C:\WINDOWS\system32\WTablet
2008-08-19 09:39 . 2008-08-19 09:40 d-------- C:\Program Files\Tablet
2008-08-19 09:39 . 2005-12-05 17:00 753,664 --------- C:\WINDOWS\system32\Tablet.exe
2008-08-19 09:39 . 2005-12-05 16:59 102,400 --------- C:\WINDOWS\system32\Wintab32.dll
2008-08-19 09:39 . 2005-11-29 17:50 8,138 --------- C:\WINDOWS\system32\drivers\PenClass.sys
2008-08-19 09:35 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-19 09:35 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-19 09:34 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-19 09:27 . 2008-08-19 09:30 d-------- C:\Program Files\Microsoft LifeCam
2008-08-19 09:18 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-19 09:18 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-19 09:18 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-15 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 01:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-13 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-11 17:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 20:01 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-04 14:05 --------- d-----w C:\Program Files\MSN Messenger
2008-08-30 12:37 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-22 14:36 --------- d-----w C:\Program Files\Windows Live
2008-08-19 14:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-19 03:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-19 03:05 --------- d-----w C:\Program Files\Google
2008-08-19 02:43 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-19 02:27 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-19 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-08-19 02:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hewlett-Packard
2008-08-19 02:12 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-19 02:10 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-08-16 23:34 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-08-16 22:43 --------- d-----w C:\Program Files\S3
2008-08-16 22:41 --------- d-----w C:\Program Files\Driver
2008-08-16 22:39 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-16 22:27 --------- d-----w C:\Program Files\AVG
2008-08-16 22:23 --------- d-----w C:\Program Files\VIA
2008-08-16 21:36 --------- d-----w C:\Program Files\F-Secure
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-30 1235736]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-05 707360]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-17 77824]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 35328]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 C:\WINDOWS\RTHDCPL.EXE]
"VTTimer"="VTTimer.exe" [2006-09-21 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2007-06-11 C:\WINDOWS\system32\S3Trayp.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-17 110592]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2006-04-22 221295]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-08-19 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll bpacsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-11-20 9216]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2007-11-20 17920]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-11 714240]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 327040]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 53248]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 11904]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{EAC4F217-6F16-43E2-BBF2-61BC3080DE53} - C:\WINDOWS\system32\wvUljJyx.dll
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-SetDefPrt - C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
HKLM-Run-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.bleepingcomputer.com/forums/topic170063.html
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{B0F1EF63-12CF-4BFF-A657-8C6CDD8B8BC4}: NameServer = 65.32.5.74,65.32.5.75
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 09:42:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-19 9:51:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-19 13:51:27

Pre-Run: 12,635,770,880 bytes free
Post-Run: 13,136,175,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

258 --- E O F --- 2008-09-13 21:33:33







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:04 AM, on 9/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/t/170063/still-infected/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134828037711
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F1EF63-12CF-4BFF-A657-8C6CDD8B8BC4}: NameServer = 65.32.5.74,65.32.5.75
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll bpacsc.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8846 bytes

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:24 AM

Posted 19 September 2008 - 10:08 AM

Your log shows that the following entry is removed:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

The startup entry pointing at ALCMTR.EXE is an "Sypware" entry related to Realtek used silently to monitor one's actions. It is not a sinister one and the start up entry should be removed. It can be removed without affecting the function of Realtek software. Notice that you should not remove the file (ALCMTR.EXE) itself because it is needed for the subsequent updating of the software.
  • Please open the following file and copy/paste the content of it to your reply.

    C:\WINDOWS\system32\bb592028-.txt

  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

  • Also tell me how in your computer running.


#7 BreeNeva

BreeNeva
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 19 September 2008 - 10:24 AM

My computer seems to be running fine. It was slow after the reboot from Combofix but it's working normal now. The popups about the specified modules in Win32 did not popup at the last reboot. Everything's running well so far.

The text file, C:\WINDOWS\system32\bb592028-.txt, is empty.



Logfile of random's system information tool 1.02 (written by random/random)
Run by Administrator at 2008-09-19 11:13:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (42%) free of 30 GB
Total RAM: 958 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:27 AM, on 9/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/t/170063/still-infected/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134828037711
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F1EF63-12CF-4BFF-A657-8C6CDD8B8BC4}: NameServer = 65.32.5.74,65.32.5.75
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll bpacsc.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9161 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1219112089.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]
"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2007-06-11 176128]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736]
"VX3000"=C:\WINDOWS\vVX3000.exe [2006-12-05 707360]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-12 275800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-12-17 77824]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-03-10 35328]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll bpacsc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 2 months======

2008-09-19 09:51:52 ----D---- C:\WINDOWS\temp
2008-09-19 09:51:49 ----A---- C:\ComboFix.txt
2008-09-19 09:35:26 ----A---- C:\Boot.bak
2008-09-19 09:35:09 ----D---- C:\cmdcons
2008-09-19 09:34:26 ----D---- C:\WINDOWS\erdnt
2008-09-19 09:33:48 ----D---- C:\QooBox
2008-09-19 09:33:43 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-19 09:33:42 ----A---- C:\WINDOWS\zip.exe
2008-09-19 09:33:42 ----A---- C:\WINDOWS\VFind.exe
2008-09-19 09:33:42 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-19 09:33:42 ----A---- C:\WINDOWS\swsc.exe
2008-09-19 09:33:42 ----A---- C:\WINDOWS\swreg.exe
2008-09-19 09:33:42 ----A---- C:\WINDOWS\sed.exe
2008-09-19 09:33:42 ----A---- C:\WINDOWS\grep.exe
2008-09-19 09:33:42 ----A---- C:\WINDOWS\fdsv.exe
2008-09-19 09:33:25 ----D---- C:\ComboFix
2008-09-18 18:53:39 ----D---- C:\rsit
2008-09-18 18:33:06 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-18 18:32:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 18:32:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 17:11:09 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-09-16 17:11:04 ----D---- C:\Program Files\Sygate
2008-09-15 17:46:03 ----D---- C:\Program Files\Panda Security
2008-09-14 22:49:57 ----A---- C:\WINDOWS\wininit.ini
2008-09-14 20:53:37 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-14 20:53:08 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-14 20:53:08 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-09-14 20:52:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 17:24:48 ----D---- C:\Program Files\Trend Micro
2008-09-14 11:22:48 ----D---- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-13 21:33:29 ----A---- C:\WINDOWS\system32\bb592028-.txt
2008-09-13 17:29:35 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-09-12 20:06:53 ----D---- C:\Program Files\MagicISO
2008-09-12 03:08:07 ----D---- C:\Program Files\MSXML 4.0
2008-09-10 22:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-09-10 22:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-09-10 22:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 22:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-09-10 22:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 20:09:54 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-10 20:04:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-09-10 20:03:35 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-10 20:00:04 ----D---- C:\Program Files\Nero
2008-09-10 20:00:04 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-10 20:00:02 ----D---- C:\Program Files\Common Files\Ahead
2008-09-09 16:01:07 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-09-09 16:00:33 ----D---- C:\Program Files\Windows Media Connect 2
2008-09-09 16:00:18 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-09-09 15:57:47 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-09-08 16:29:22 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-09-08 16:06:35 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-08 16:01:22 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-09-08 15:08:34 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-09-08 15:08:28 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-09-08 15:03:59 ----D---- C:\Program Files\Red Mile Entertainment
2008-09-07 11:08:53 ----HD---- C:\$AVG8.VAULT$
2008-09-05 22:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-04 09:56:21 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-09-04 09:55:19 ----D---- C:\WINDOWS\Prefetch
2008-09-04 09:52:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-04 09:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-04 09:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-04 09:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-04 09:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-04 09:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-04 09:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-04 09:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-04 09:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-04 09:45:01 ----D---- C:\WINDOWS\system32\scripting
2008-09-04 09:44:59 ----D---- C:\WINDOWS\l2schemas
2008-09-04 09:44:58 ----D---- C:\WINDOWS\system32\en
2008-09-04 08:45:16 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-04 08:45:12 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-04 08:45:10 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-04 08:45:10 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-04 08:45:00 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-04 08:45:00 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-04 08:44:46 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-04 08:44:41 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-04 08:44:39 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-04 08:44:38 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-04 08:44:36 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-04 08:44:36 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-04 08:44:36 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-04 08:44:34 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-04 08:44:31 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-04 08:44:20 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-04 08:44:20 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-04 08:44:19 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-04 08:44:18 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-04 08:44:18 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-04 08:44:15 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-04 08:44:15 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-04 08:43:59 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-04 08:43:58 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-04 08:43:58 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-04 08:43:58 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-04 08:43:49 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-04 08:43:36 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-04 08:43:35 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-04 08:43:35 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-04 08:43:35 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-04 08:43:34 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-04 08:43:03 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-04 08:43:03 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-04 08:42:43 ----A---- C:\WINDOWS\005706_.tmp
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-04 08:42:41 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-04 08:42:38 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-04 08:42:36 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-04 08:42:36 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-04 08:42:36 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-04 08:42:33 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-04 08:42:26 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-04 08:42:26 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-04 08:42:15 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-24 20:19:47 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-08-20 10:45:28 ----D---- C:\WINDOWS\Sun
2008-08-20 10:45:27 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2008-08-19 22:54:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-08-19 22:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-19 22:53:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-19 22:53:50 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-19 22:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-08-19 22:53:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-19 22:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-08-19 22:49:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-08-19 22:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-19 22:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-19 22:49:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-19 22:43:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-08-19 22:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-08-19 22:39:41 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-08-19 12:24:27 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-19 12:24:08 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-19 11:57:37 ----D---- C:\Program Files\CCleaner
2008-08-19 10:51:59 ----D---- C:\Documents and Settings\Administrator\Application Data\AdobeAUM
2008-08-19 10:51:58 ----D---- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-08-19 10:47:23 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-19 10:34:10 ----D---- C:\Program Files\Bonjour
2008-08-19 10:22:04 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-08-19 10:14:07 ----D---- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-08-19 10:06:50 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-19 10:06:50 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-19 10:06:50 ----A---- C:\WINDOWS\system32\java.exe
2008-08-19 10:05:55 ----D---- C:\Program Files\Java
2008-08-19 10:03:20 ----D---- C:\Program Files\Common Files\Java
2008-08-19 09:55:46 ----D---- C:\Program Files\LimeWire
2008-08-19 09:39:58 ----D---- C:\WINDOWS\system32\WTablet
2008-08-19 09:39:57 ----N---- C:\WINDOWS\system32\Wintab32.dll
2008-08-19 09:39:56 ----N---- C:\WINDOWS\system32\Tablet.exe
2008-08-19 09:39:54 ----D---- C:\Program Files\Tablet
2008-08-19 09:27:01 ----D---- C:\Program Files\Microsoft LifeCam
2008-08-19 09:18:02 ----A---- C:\WINDOWS\system32\muweb.dll
2008-08-19 09:18:02 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-08-19 09:18:01 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-08-18 23:09:17 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-18 23:06:21 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-08-18 23:04:34 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-08-18 23:04:34 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-08-18 23:04:33 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-08-18 23:04:32 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-08-18 23:04:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-08-18 23:04:30 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-08-18 23:04:27 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-08-18 23:04:26 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-08-18 23:04:25 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-08-18 23:04:23 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-08-18 23:04:21 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-08-18 23:04:21 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-08-18 23:04:20 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-08-18 23:04:18 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-08-18 23:04:17 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-08-18 23:04:16 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-08-18 23:04:15 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-08-18 23:04:14 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-08-18 23:04:12 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-08-18 22:43:53 ----D---- C:\Program Files\Windows Live
2008-08-18 22:43:52 ----D---- C:\Program Files\Messenger Plus! Live
2008-08-18 22:27:17 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-08-18 22:27:01 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-08-18 22:27:01 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-08-18 22:27:01 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-08-18 22:27:00 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-08-18 22:25:26 ----D---- C:\Program Files\Windows Live Toolbar
2008-08-18 22:20:24 ----D---- C:\Program Files\MSN Messenger
2008-08-18 22:17:39 ----D---- C:\Documents and Settings\Administrator\Application Data\Hewlett-Packard
2008-08-18 22:10:25 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-08-18 22:08:34 ----D---- C:\Program Files\Hewlett-Packard
2008-08-18 22:07:19 ----RA---- C:\WINDOWS\system32\HPZisn12.dll
2008-08-18 22:07:19 ----RA---- C:\WINDOWS\system32\HPZipt12.dll
2008-08-18 22:07:19 ----RA---- C:\WINDOWS\system32\HPZinw12.exe
2008-08-18 22:07:18 ----RA---- C:\WINDOWS\system32\HPZipr12.dll
2008-08-18 22:07:18 ----RA---- C:\WINDOWS\system32\HPZipm12.exe
2008-08-18 22:07:17 ----RA---- C:\WINDOWS\system32\HPZidr12.dll
2008-08-18 21:51:27 ----D---- C:\WINDOWS\ie7updates
2008-08-18 21:50:50 ----D---- C:\WINDOWS\WBEM
2008-08-18 21:50:50 ----D---- C:\WINDOWS\system32\en-US
2008-08-18 21:49:46 ----HDC---- C:\WINDOWS\ie7
2008-08-18 21:49:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-08-18 21:48:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-08-18 21:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-08-18 21:48:11 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-18 21:45:46 ----D---- C:\WINDOWS\network diagnostic
2008-08-18 21:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-08-18 21:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-08-18 18:30:33 ----RA---- C:\WINDOWS\system32\LCCoin13.dll
2008-08-18 18:30:32 ----RA---- C:\WINDOWS\system32\cVX3000.dll
2008-08-18 18:30:31 ----RA---- C:\WINDOWS\VX3000.ini
2008-08-18 18:30:31 ----RA---- C:\WINDOWS\vVX3000.exe
2008-08-18 18:30:30 ----RA---- C:\WINDOWS\VX3000.dll
2008-08-18 18:30:29 ----RA---- C:\WINDOWS\vVX3000.dll
2008-08-18 18:30:26 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-08-18 18:28:50 ----RA---- C:\WINDOWS\system32\HPZc3212.dll
2008-08-18 18:28:50 ----RA---- C:\WINDOWS\system32\hpovst08.dll
2008-08-18 18:28:50 ----RA---- C:\WINDOWS\system32\hpotscl.dll
2008-08-16 20:42:38 ----D---- C:\SMRTGAMS
2008-08-16 19:34:09 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-08-16 19:17:04 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-08-16 19:07:21 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-16 18:57:34 ----D---- C:\WINDOWS\system32\LogFiles
2008-08-16 18:53:33 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
2008-08-16 18:45:00 ----D---- C:\WINDOWS\system32\Lang
2008-08-16 18:42:44 ----D---- C:\Program Files\S3
2008-08-16 18:41:52 ----D---- C:\Program Files\Driver
2008-08-16 18:40:45 ----D---- C:\WINDOWS\system32\RTCOM
2008-08-16 18:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-08-16 18:40:01 ----A---- C:\WINDOWS\SkyTel.exe
2008-08-16 18:40:01 ----A---- C:\WINDOWS\RtlUpd.exe
2008-08-16 18:40:01 ----A---- C:\WINDOWS\RTLCPL.EXE
2008-08-16 18:39:58 ----A---- C:\WINDOWS\RTHDCPL.EXE
2008-08-16 18:39:58 ----A---- C:\WINDOWS\MicCal.exe
2008-08-16 18:39:58 ----A---- C:\WINDOWS\ALCWZRD.EXE
2008-08-16 18:39:58 ----A---- C:\WINDOWS\ALCMTR.EXE
2008-08-16 18:39:53 ----A---- C:\WINDOWS\HideWin.exe
2008-08-16 18:27:53 ----D---- C:\Program Files\AVG
2008-08-16 18:23:40 ----N---- C:\WINDOWS\system32\difxapi.dll
2008-08-16 18:23:40 ----D---- C:\Program Files\VIA
2008-08-16 17:40:39 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-08-16 17:29:21 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2008-08-16 17:26:57 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-08-16 17:26:55 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft

======List of files/folders modified in the last 2 months======

2008-09-19 10:36:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-19 09:51:58 ----D---- C:\WINDOWS\system32
2008-09-19 09:51:57 ----D---- C:\WINDOWS
2008-09-19 09:51:55 ----D---- C:\WINDOWS\system32\drivers
2008-09-19 09:50:00 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-19 09:42:36 ----A---- C:\WINDOWS\system.ini
2008-09-19 09:40:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-19 09:39:47 ----D---- C:\WINDOWS\system32\config
2008-09-19 09:38:03 ----D---- C:\WINDOWS\AppPatch
2008-09-19 09:38:03 ----D---- C:\Program Files\Common Files
2008-09-19 09:35:26 ----RASH---- C:\boot.ini
2008-09-19 09:13:38 ----RD---- C:\Program Files
2008-09-19 09:12:37 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-18 22:17:13 ----SD---- C:\WINDOWS\Tasks
2008-09-16 17:11:08 ----SHD---- C:\WINDOWS\Installer
2008-09-15 17:46:03 ----HD---- C:\WINDOWS\inf
2008-09-14 22:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 21:42:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-14 19:36:24 ----A---- C:\WINDOWS\win.ini
2008-09-14 17:50:46 ----D---- C:\WINDOWS\pss
2008-09-13 22:05:20 ----D---- C:\WINDOWS\system32\wbem
2008-09-13 22:05:20 ----D---- C:\WINDOWS\Registration
2008-09-13 21:45:36 ----D---- C:\WINDOWS\system32\Restore
2008-09-13 21:25:55 ----D---- C:\WINDOWS\Minidump
2008-09-13 17:29:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-13 08:38:36 ----D---- C:\WINDOWS\Debug
2008-09-12 15:09:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-12 03:08:07 ----D---- C:\WINDOWS\WinSxS
2008-09-11 13:31:52 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-10 20:09:54 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-09 16:00:32 ----D---- C:\Program Files\Windows Media Player
2008-09-09 16:00:28 ----D---- C:\WINDOWS\Help
2008-09-08 16:28:49 ----D---- C:\Program Files\WinRAR
2008-09-08 15:08:12 ----D---- C:\WINDOWS\system32\DirectX
2008-09-05 09:25:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-04 09:57:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-04 09:54:42 ----D---- C:\WINDOWS\system32\Setup
2008-09-04 09:54:40 ----RSD---- C:\WINDOWS\Fonts
2008-09-04 09:53:41 ----D---- C:\WINDOWS\security
2008-09-04 09:51:18 ----D---- C:\Program Files\Messenger
2008-09-04 09:45:22 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-04 09:45:22 ----D---- C:\WINDOWS\ime
2008-09-04 09:45:02 ----D---- C:\WINDOWS\system32\usmt
2008-09-04 09:44:58 ----D---- C:\WINDOWS\system32\bits
2008-09-04 09:44:57 ----D---- C:\WINDOWS\peernet
2008-09-04 09:44:57 ----D---- C:\Program Files\Movie Maker
2008-09-04 09:39:39 ----D---- C:\WINDOWS\system32\npp
2008-09-04 09:39:37 ----D---- C:\WINDOWS\msagent
2008-09-04 09:39:35 ----D---- C:\WINDOWS\srchasst
2008-09-04 09:39:34 ----D---- C:\Program Files\NetMeeting
2008-09-04 09:39:32 ----D---- C:\WINDOWS\system32\Com
2008-09-04 09:39:28 ----D---- C:\Program Files\Windows NT
2008-09-04 09:39:28 ----D---- C:\Program Files\Outlook Express
2008-09-04 09:39:24 ----D---- C:\Program Files\Common Files\System
2008-09-04 09:38:59 ----D---- C:\WINDOWS\system32\oobe
2008-09-04 09:38:57 ----D---- C:\WINDOWS\system
2008-09-04 09:35:28 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-04 09:34:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-04 09:29:44 ----D---- C:\WINDOWS\EHome
2008-08-26 16:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-22 10:56:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-08-19 11:04:49 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-19 10:36:19 ----D---- C:\Program Files\Adobe
2008-08-19 10:34:07 ----D---- C:\Program Files\Common Files\Adobe
2008-08-19 09:31:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-18 23:05:48 ----D---- C:\Program Files\Google
2008-08-18 23:05:47 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-08-18 22:27:04 ----D---- C:\WINDOWS\SoftwareDistribution
2008-08-18 21:55:48 ----D---- C:\Program Files\Internet Explorer
2008-08-18 21:50:43 ----D---- C:\WINDOWS\Media
2008-08-18 18:30:32 ----D---- C:\WINDOWS\twain_32
2008-08-16 19:34:26 ----D---- C:\Documents and Settings
2008-08-16 19:32:10 ----D---- C:\Drivers
2008-08-16 18:08:18 ----A---- C:\WINDOWS\ODBC.INI
2008-08-16 17:36:36 ----D---- C:\Program Files\F-Secure

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-08-16 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-25 12032]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2008-03-21 308480]
R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-11 714240]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-12-05 1964064]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S3 a9dxb41n;a9dxb41n; C:\WINDOWS\system32\drivers\a9dxb41n.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-04 3797632]
S3 ati2mpaa;ati2mpaa; C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
S3 ati2mtaa;ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2004-08-04 327040]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 53248]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-19 11904]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 Viaitsy;Viaitsy; C:\WINDOWS\system32\drivers\Viaitsy.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2004-07-21 176241]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-12-05 753664]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-12-17 68096]
S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-13 61440]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-19 654848]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:24 AM

Posted 19 September 2008 - 10:48 AM

Your log looks clean.


Go to start > run and copy/paste or type next command in the field then hit enter:

ComboFix /u

Note: There's a space between Combofix and /

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

You may remove rsit.exe and its folder C:\rsit

You may keep MBAM and ATF cleaner.

Sometimes the Privacy, Security and other settings are altered by the malware. Check and if needed reset them to default:
  • Open Internet explorer > Tools menu > Internet options.
  • Under privacy tab press default.
  • Under security tab press default.
  • Under General tab press Delete... then Delete All Check Also delete files and settings stored by Add-ons click Yes.
Enjoy surfing!

#9 BreeNeva

BreeNeva
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 19 September 2008 - 11:29 AM

I ran the ComboFix unistall, as you said, it asked if I should run it. I clicked "yes" it had a loading animation but the folder in my C: is still there, although it is empty, and the shortcut on my desktop is still there. Is this normal?

Otherwise, thank you so much! You were a great help. :thumbsup:

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:24 AM

Posted 19 September 2008 - 12:11 PM

Remove the shortcut and the empty folder.


Glad I could help.

This thread will now be closed.
If you need this topic reopened, please send me a PM and I will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.

This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users