Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recovered from AntiSpywareXP 2009


  • This topic is locked This topic is locked
16 replies to this topic

#1 idc

idc

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 03 November 2008 - 05:16 PM

Cleared an AntiSpywareXP2009 infection last week (thanks Budapest) and had to reinstall all internet and security programs. The computer appears to be running fine except for a Sgtray error message when I log in. I noticed the O20 - AppInit_DLLs: karna.dat in my hijackthis log and figured I better post the results, since it appears that I have a little more cleaning to do. Thanks in advance. :thumbsup:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:06 PM, on 11/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 7389 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:03 PM

Posted 09 November 2008 - 03:41 PM

Hello idc,

IMPORTANT NOTICE: One or more of the identified infections (TDSSserv.sys ) was related to a nasty variant of the TDSSSERV rootkit component.

Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control again. and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure.

In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS.

Please read:
"When should I re-format? How should I reinstall?"
"Help: I Got Hacked. Now What Do I Do?"
"Where to draw the line? When to recommend a format and reinstall?"

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful.

Let me know how you wish to proceed.

If you wish to proceed, then
  • download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 1 month
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

Edited by SifuMike, 09 November 2008 - 03:50 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 idc

idc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 10 November 2008 - 06:53 AM

Hello Sifumike,

Thanks for the info on the rootkit. I have already changed all passwords and do not use this computer for online banking and it is not used to hold my personal information. I understand the concern with the security of the system, but would like to try to go forth with the cleaning. Overall, the system is running fine but I want to make every attempt to clean the infection. The infections corrupted a lot of my programs which I had to reinstall. I currently get a Sgtray error Unable to open Pconfig when I log in, but otherwise I haven't noticed anything else usual. Below are the logs requested from RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Larry at 2008-11-10 06:40:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 211 GB (89%) free of 238 GB
Total RAM: 1022 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:58 AM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Larry\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Larry.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 7379 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Larry.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll [2008-10-30 340848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL [2008-10-30 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll [2008-10-30 340848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"P17Helper"=Rundll32 P17.dll []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-10-12 57344]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Media Center Diagnostic Kit\MCDiag.exe"="C:\Program Files\Media Center Diagnostic Kit\MCDiag.exe:*:Enabled:Media Center Diagnostic Tool"
"C:\Program Files\Media Center Diagnostic Kit\MCEHostRemote.exe"="C:\Program Files\Media Center Diagnostic Kit\MCEHostRemote.exe:*:Enabled:Media Center Scripting Host"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Larry\Local Settings\Temp\7zS21C.tmp\SymNRT.exe"="C:\Documents and Settings\Larry\Local Settings\Temp\7zS21C.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-10 06:40:47 ----D---- C:\rsit
2008-11-01 20:39:39 ----D---- C:\Program Files\Lavasoft
2008-10-30 19:13:07 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-30 19:13:06 ----D---- C:\Program Files\Symantec
2008-10-30 19:12:33 ----D---- C:\Program Files\Windows Sidebar
2008-10-30 19:12:33 ----D---- C:\Program Files\Norton Internet Security
2008-10-30 19:12:31 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-30 19:05:15 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-10-30 19:05:04 ----D---- C:\Program Files\NortonInstaller
2008-10-30 17:51:59 ----D---- C:\Program Files\iPod
2008-10-30 17:51:58 ----D---- C:\Program Files\iTunes
2008-10-30 17:51:58 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-30 17:51:02 ----D---- C:\Program Files\Bonjour
2008-10-30 17:50:37 ----D---- C:\Program Files\QuickTime
2008-10-30 17:47:09 ----D---- C:\Program Files\Apple Software Update
2008-10-30 17:28:08 ----D---- C:\Program Files\Adobe
2008-10-30 17:25:48 ----D---- C:\Program Files\NOS
2008-10-30 17:25:48 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-29 19:17:17 ----D---- C:\Program Files\SpywareBlaster
2008-10-29 16:32:51 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-29 16:32:23 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-28 22:15:40 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-28 20:16:42 ----D---- C:\Documents and Settings\Larry\Application Data\Mozilla
2008-10-28 20:16:30 ----D---- C:\Program Files\Mozilla Firefox
2008-10-28 19:34:13 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-10-28 19:33:54 ----D---- C:\Program Files\Common Files\iS3
2008-10-28 19:33:53 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-10-28 19:06:59 ----D---- C:\Documents and Settings\Larry\Application Data\Malwarebytes
2008-10-28 19:06:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-28 19:06:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 17:48:11 ----D---- C:\WINDOWS\ERUNT
2008-10-28 17:45:09 ----D---- C:\SDFix
2008-10-27 18:05:11 ----D---- C:\Program Files\Trend Micro
2008-10-27 17:45:35 ----A---- C:\WINDOWS\xowunujahy.com
2008-10-27 17:45:35 ----A---- C:\Program Files\Common Files\gicylotoha.dll
2008-10-26 15:42:09 ----A---- C:\WINDOWS\yqoxequ.com
2008-10-26 15:42:09 ----A---- C:\WINDOWS\catolab.bat
2008-10-26 15:26:42 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-26 07:04:34 ----A---- C:\WINDOWS\system32\ybuzewu.vbs
2008-10-26 07:04:34 ----A---- C:\WINDOWS\system32\afys.dll
2008-10-26 07:04:34 ----A---- C:\Documents and Settings\All Users\Application Data\iqutes.vbs
2008-10-26 07:04:33 ----A---- C:\WINDOWS\zyhaka.bat
2008-10-26 07:04:33 ----A---- C:\WINDOWS\system32\tiguw.com
2008-10-26 07:04:33 ----A---- C:\WINDOWS\oxitywi.vbs
2008-10-26 07:04:33 ----A---- C:\Documents and Settings\Larry\Application Data\qiged.dll
2008-10-26 07:04:33 ----A---- C:\Documents and Settings\All Users\Application Data\ukoxyp.vbs
2008-10-26 07:04:33 ----A---- C:\Documents and Settings\All Users\Application Data\fijyvy.com
2008-10-24 02:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 02:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-10 06:40:50 ----D---- C:\WINDOWS\Temp
2008-11-10 06:40:45 ----D---- C:\WINDOWS\Prefetch
2008-11-10 05:33:35 ----D---- C:\WINDOWS
2008-11-07 07:48:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-07 06:41:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-07 06:00:05 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-11-07 06:00:03 ----D---- C:\WINDOWS\Registration
2008-11-07 05:59:42 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-06 22:15:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-04 05:58:10 ----D---- C:\WINDOWS\system32
2008-11-03 16:22:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-03 12:31:10 ----HD---- C:\Config.Msi
2008-11-03 12:29:22 ----SHD---- C:\WINDOWS\Installer
2008-11-03 12:29:21 ----RD---- C:\Program Files
2008-11-03 12:29:20 ----D---- C:\WINDOWS\system32\drivers
2008-11-02 06:09:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 20:39:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-30 19:15:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-30 19:14:03 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-30 19:13:14 ----SHD---- C:\System Volume Information
2008-10-30 19:13:10 ----HD---- C:\WINDOWS\inf
2008-10-30 19:09:25 ----D---- C:\Documents and Settings\Larry\Application Data\Symantec
2008-10-30 19:08:04 ----SD---- C:\WINDOWS\Tasks
2008-10-30 19:02:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-30 17:52:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-30 17:50:56 ----D---- C:\Program Files\Internet Explorer
2008-10-30 17:50:41 ----D---- C:\Program Files\Common Files\Apple
2008-10-30 17:44:14 ----D---- C:\Program Files\Common Files
2008-10-30 17:43:59 ----D---- C:\Documents and Settings\Larry\Application Data\Adobe
2008-10-30 17:28:41 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-30 17:28:21 ----D---- C:\Program Files\Common Files\Adobe
2008-10-30 17:27:58 ----D---- C:\WINDOWS\WinSxS
2008-10-29 22:21:07 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-29 16:40:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 22:21:47 ----RSD---- C:\WINDOWS\assembly
2008-10-28 20:52:36 ----D---- C:\Program Files\Citrix
2008-10-28 20:52:36 ----D---- C:\Documents and Settings\Larry\Application Data\ICAClient
2008-10-28 20:39:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-28 20:39:20 ----D---- C:\WINDOWS\system32\en-US
2008-10-28 20:00:19 ----D---- C:\WINDOWS\BDOSCAN8
2008-10-27 18:19:43 ----D---- C:\Documents and Settings
2008-10-26 07:10:17 ----A---- C:\WINDOWS\imsins.BAK
2008-10-26 07:10:05 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-26 07:07:47 ----D---- C:\Program Files\Windows NT
2008-10-26 07:07:47 ----D---- C:\Program Files\Windows Media Player
2008-10-26 07:07:41 ----D---- C:\Program Files\Outlook Express
2008-10-26 07:07:36 ----D---- C:\Program Files\NetMeeting
2008-10-26 07:07:31 ----D---- C:\Program Files\Movie Maker
2008-10-26 07:07:25 ----D---- C:\Program Files\Common Files\System
2008-10-26 07:07:14 ----D---- C:\Program Files\Media Center Diagnostic Kit
2008-10-26 07:07:10 ----D---- C:\Program Files\HP
2008-10-26 07:07:09 ----D---- C:\Program Files\CyberLink
2008-10-26 07:07:04 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-26 07:07:02 ----D---- C:\Program Files\a-squared Free
2008-10-24 02:00:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081108.003\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMTDI.SYS []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-03 1273344]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-08-23 121472]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081109.021\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081109.021\NAVEX15.SYS []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 840960]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
R3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMFW.SYS []
R3 SYMIDS;SYMIDS; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMIDS.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-10-30 35888]
R3 SYMNDIS;SYMNDIS; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMNDIS.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 OMCI;OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS []
S3 0aa48;0aa48; \??\C:\WINDOWS\system32\0aa48.sys []
S3 12740;12740; \??\C:\WINDOWS\system32\12740.sys []
S3 26b45;26b45; \??\C:\WINDOWS\system32\26b45.sys []
S3 44843;44843; \??\C:\WINDOWS\system32\44843.sys []
S3 4eb47;4eb47; \??\C:\WINDOWS\system32\4eb47.sys []
S3 8014E;8014E; \??\C:\WINDOWS\system32\8014E.sys []
S3 85c41;85c41; \??\C:\WINDOWS\system32\85c41.sys []
S3 91444;91444; \??\C:\WINDOWS\system32\91444.sys []
S3 a694D;a694D; \??\C:\WINDOWS\system32\a694D.sys []
S3 cd14C;cd14C; \??\C:\WINDOWS\system32\cd14C.sys []
S3 e4249;e4249; \??\C:\WINDOWS\system32\e4249.sys []
S3 efc3F;efc3F; \??\C:\WINDOWS\system32\efc3F.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-10-30 35888]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-07-20 380528]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-01 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-03 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ehMonitor;Media Center Monitor Service; C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe [2005-09-07 49336]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2008-10-30 115560]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-11-10 06:41:02

======Uninstall list======

-->"C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Gigabit Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
GoToMeeting / GoToWebinar CPS Install Manager-->MsiExec.exe /I{6A718280-7BB4-4399-ACBB-2F3FAC06D77D}
GoToMeeting/GoToWebinar 3.0.0.190-->C:\Program Files\Citrix\GoToMeeting\190\G2MUninstall.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}\setup\hpzscr01.exe" -datfile hposcr05.dat
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Center Diagnostic Kit-->MsiExec.exe /I{63DC3499-A635-43c3-826C-E41851A6DDB0}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.0.0.125\InstStub.exe /X
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\SETUP.EXE" -l0x9
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Watson-->MsiExec.exe /I{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:03 PM

Posted 10 November 2008 - 12:49 PM

Hi idc,


Since you have many malware files left, we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your Norton Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running.

To disable Norton Antivirus:
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Disable Auto-Protect."
  • select a duration of 5 hours (this assures no interference with the cleanup of your pc)
  • click "Ok."
  • a popup will warn that protection will now be disabled and the sign will now look like this: Posted Image
You succesfully disabled the Norton Antivirus Guard

To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts


Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT
It is a simple procedure that will only take a few moments of your time. It is our safety net.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.

Edited by SifuMike, 10 November 2008 - 12:49 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 idc

idc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 10 November 2008 - 08:22 PM

Performed as instructed, log posted below. Thanks

ComboFix 08-11-09.04 - Larry 2008-11-10 20:02:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.575 [GMT -5:00]
Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSSmtpe.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-10 06:40 . 2008-11-10 06:41 <DIR> d-------- C:\rsit
2008-11-01 20:39 . 2008-11-01 20:39 <DIR> d-------- c:\program files\Lavasoft
2008-10-30 19:13 . 2008-10-30 19:13 <DIR> d-------- c:\program files\Symantec
2008-10-30 19:13 . 2008-10-30 19:13 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-10-30 19:13 . 2008-10-30 19:13 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-10-30 19:13 . 2008-10-30 19:13 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2008-10-30 19:12 . 2008-11-10 16:50 <DIR> d-------- c:\windows\system32\drivers\NIS
2008-10-30 19:12 . 2008-10-30 19:12 <DIR> d-------- c:\program files\Windows Sidebar
2008-10-30 19:12 . 2008-10-30 19:12 <DIR> d-------- c:\program files\Norton Internet Security
2008-10-30 19:12 . 2008-10-30 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-10-30 19:05 . 2008-10-30 19:05 <DIR> d-------- c:\program files\NortonInstaller
2008-10-30 19:05 . 2008-10-30 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings
2008-10-30 17:51 . 2008-10-30 17:52 <DIR> d-------- c:\program files\iTunes
2008-10-30 17:51 . 2008-10-30 17:51 <DIR> d-------- c:\program files\iPod
2008-10-30 17:51 . 2008-10-30 17:51 <DIR> d-------- c:\program files\Bonjour
2008-10-30 17:51 . 2008-10-30 17:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-30 17:50 . 2008-10-30 17:50 <DIR> d-------- c:\program files\QuickTime
2008-10-30 17:47 . 2008-10-30 17:47 <DIR> d-------- c:\program files\Apple Software Update
2008-10-30 17:25 . 2008-10-30 17:45 <DIR> d-------- c:\program files\NOS
2008-10-30 17:25 . 2008-10-30 17:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-10-29 19:17 . 2008-11-07 06:41 <DIR> d-------- c:\program files\SpywareBlaster
2008-10-29 16:32 . 2008-10-29 16:32 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-10-29 16:32 . 2008-11-01 20:39 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-28 22:15 . 2008-10-28 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-10-28 20:16 . 2008-10-28 20:16 0 --a------ c:\windows\nsreg.dat
2008-10-28 19:34 . 2008-11-03 12:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-10-28 19:33 . 2008-10-28 19:33 <DIR> d-------- c:\program files\Common Files\iS3
2008-10-28 19:33 . 2008-11-03 12:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2008-10-28 19:06 . 2008-10-28 19:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-28 19:06 . 2008-10-28 19:06 <DIR> d-------- c:\documents and settings\Larry\Application Data\Malwarebytes
2008-10-28 19:06 . 2008-10-28 19:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-28 19:06 . 2008-10-22 15:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-28 19:06 . 2008-10-22 15:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-28 17:53 . 2008-10-28 17:53 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-10-28 17:48 . 2008-10-28 17:48 <DIR> d-------- c:\windows\ERUNT
2008-10-28 17:45 . 2008-10-28 20:00 <DIR> d-------- C:\SDFix
2008-10-28 04:49 . 2008-10-28 04:49 <DIR> d-------- c:\documents and settings\Larry\DoctorWeb
2008-10-27 18:19 . 2008-03-13 20:26 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-10-27 18:19 . 2008-10-27 18:19 <DIR> d-------- c:\documents and settings\Administrator
2008-10-27 18:05 . 2008-10-27 18:05 <DIR> d-------- c:\program files\Trend Micro
2008-10-27 17:45 . 2008-10-27 17:45 19,219 --a------ c:\windows\oxybuxe.reg
2008-10-27 17:45 . 2008-10-27 17:45 18,936 --a------ c:\windows\nawy.scr
2008-10-27 17:45 . 2008-10-27 17:45 18,391 --a------ c:\windows\tylefazo.db
2008-10-27 17:45 . 2008-10-27 17:45 18,206 --a------ c:\windows\xowunujahy.com
2008-10-27 17:45 . 2008-10-27 17:45 17,952 --a------ c:\program files\Common Files\gicylotoha.dll
2008-10-27 17:45 . 2008-10-27 17:45 17,505 --a------ c:\documents and settings\All Users\Application Data\feruqywy.scr
2008-10-27 17:45 . 2008-10-27 17:45 15,558 --a------ c:\windows\nuzod.lib
2008-10-27 17:45 . 2008-10-27 17:45 12,922 --a------ c:\windows\ekylyjugik.reg
2008-10-27 17:45 . 2008-10-27 17:45 11,731 --a------ c:\windows\system32\kiku.dat
2008-10-27 17:45 . 2008-10-27 17:45 10,107 --a------ c:\windows\dykuf.db
2008-10-26 15:42 . 2008-10-26 15:42 19,482 --a------ c:\windows\gypocymoce.dat
2008-10-26 15:42 . 2008-10-26 15:42 17,091 --a------ c:\documents and settings\Laura\Application Data\uvuwyxur.scr
2008-10-26 15:42 . 2008-10-26 15:42 16,471 --a------ c:\windows\catolab.bat
2008-10-26 15:42 . 2008-10-26 15:42 15,345 --a------ c:\windows\yqoxequ.com
2008-10-26 15:42 . 2008-10-26 15:42 14,271 --a------ c:\documents and settings\Laura\Application Data\ledikax.exe
2008-10-26 15:42 . 2008-10-26 15:42 13,879 --a------ c:\documents and settings\Laura\Application Data\lexywexuf.pif
2008-10-26 15:42 . 2008-10-26 15:42 13,523 --a------ c:\documents and settings\Laura\Application Data\xanonolo.bat
2008-10-26 15:42 . 2008-10-26 15:42 13,022 --a------ c:\windows\mapasuse.reg
2008-10-26 15:42 . 2008-10-26 15:42 12,851 --a------ c:\windows\system32\kisyrixozi.lib
2008-10-26 15:42 . 2008-10-26 15:42 11,767 --a------ c:\documents and settings\Laura\Application Data\uxylaporor.pif
2008-10-26 07:04 . 2008-10-26 07:04 19,952 --a------ c:\documents and settings\All Users\Application Data\oduxakery.sys
2008-10-26 07:04 . 2008-10-26 07:04 19,784 --a------ c:\windows\oxitywi.vbs
2008-10-26 07:04 . 2008-10-26 07:04 19,031 --a------ c:\windows\ekexiz._sy
2008-10-26 07:04 . 2008-10-26 07:04 19,013 --a------ c:\windows\adyvemaluv._dl
2008-10-26 07:04 . 2008-10-26 07:04 17,610 --a------ c:\windows\system32\ybuzewu.vbs
2008-10-26 07:04 . 2008-10-26 07:04 16,671 --a------ c:\windows\zyhaka.bat
2008-10-26 07:04 . 2008-10-26 07:04 16,416 --a------ c:\documents and settings\All Users\Application Data\donanyt.scr
2008-10-26 07:04 . 2008-10-26 07:04 15,039 --a------ c:\documents and settings\Larry\Application Data\qiged.dll
2008-10-26 07:04 . 2008-10-26 07:04 14,729 --a------ c:\documents and settings\All Users\Application Data\oxofyhu.pif
2008-10-26 07:04 . 2008-10-26 07:04 14,709 --a------ c:\windows\osiw.reg
2008-10-26 07:04 . 2008-10-26 07:04 13,570 --a------ c:\documents and settings\All Users\Application Data\ukoxyp.vbs
2008-10-26 07:04 . 2008-10-26 07:04 12,950 --a------ c:\documents and settings\All Users\Application Data\iqutes.vbs
2008-10-26 07:04 . 2008-10-26 07:04 11,125 --a------ c:\windows\system32\afys.dll
2008-10-26 07:04 . 2008-10-26 07:04 10,912 --a------ c:\documents and settings\All Users\Application Data\fijyvy.com
2008-10-26 07:04 . 2008-10-26 07:04 10,753 --a------ c:\windows\system32\tiguw.com
2008-10-23 19:07 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 00:53 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 00:53 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 00:53 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 00:53 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 00:53 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 00:53 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 11:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-07 10:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-03 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-02 01:39 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-31 00:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-31 00:14 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-31 00:13 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-10-31 00:13 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-10-31 00:09 --------- d-----w c:\documents and settings\Larry\Application Data\Symantec
2008-10-30 22:50 --------- d-----w c:\program files\Common Files\Apple
2008-10-30 22:28 --------- d-----w c:\program files\Common Files\Adobe
2008-10-29 03:21 10,344 ----a-w c:\windows\system32\drivers\symlcbrd.sys
2008-10-29 01:52 --------- d-----w c:\program files\Citrix
2008-10-29 01:52 --------- d-----w c:\documents and settings\Larry\Application Data\ICAClient
2008-10-26 20:42 12,440 ----a-w c:\program files\Common Files\ykolo.inf
2008-10-26 12:07 --------- d-----w c:\program files\Media Center Diagnostic Kit
2008-10-26 12:07 --------- d-----w c:\program files\HP
2008-10-26 12:07 --------- d-----w c:\program files\CyberLink
2008-10-26 12:07 --------- d-----w c:\program files\a-squared Free
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"P17Helper"="P17.dll" [2004-06-10 c:\windows\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1001000.021\BHDrvx86.sys [2008-11-04 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1001000.021\ccHPx86.sys [2008-10-30 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081108.003\IDSxpx86.sys [2008-10-30 274808]
R2 ehMonitor;Media Center Monitor Service;c:\program files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe [2005-09-07 49336]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe /s Norton Internet Security /m c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\diMaster.dll [ ]
S3 0aa48;0aa48;c:\windows\system32\0aa48.sys [ ]
S3 12740;12740;c:\windows\system32\12740.sys [ ]
S3 26b45;26b45;c:\windows\system32\26b45.sys [ ]
S3 44843;44843;c:\windows\system32\44843.sys [ ]
S3 4eb47;4eb47;c:\windows\system32\4eb47.sys [ ]
S3 8014E;8014E;c:\windows\system32\8014E.sys [ ]
S3 85c41;85c41;c:\windows\system32\85c41.sys [ ]
S3 91444;91444;c:\windows\system32\91444.sys [ ]
S3 a694D;a694D;c:\windows\system32\a694D.sys [ ]
S3 cd14C;cd14C;c:\windows\system32\cd14C.sys [ ]
S3 e4249;e4249;c:\windows\system32\e4249.sys [ ]
S3 efc3F;efc3F;c:\windows\system32\efc3F.sys [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-11 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Larry.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKLM-Run-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\q821glc2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 20:04:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
.
**************************************************************************
.
Completion time: 2008-11-10 20:10:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 01:10:24

Pre-Run: 221,441,896,448 bytes free
Post-Run: 221,858,541,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

231 --- E O F --- 2008-10-29 01:45:02

Edited by idc, 10 November 2008 - 08:32 PM.


#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:03 PM

Posted 10 November 2008 - 11:47 PM

Hello idc,

You have some suspicious files we need to check.

You will need to see hidden files, so follow these directions:
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'


Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:
c:\documents and settings\All Users\Application Data\donanyt.scr


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.

Perform the same for next files:
c:\windows\oxybuxe.reg
c:\windows\nawy.scr
c:\windows\tylefazo.db
c:\windows\xowunujahy.com
c:\program files\Common Files\gicylotoha.dll
c:\documents and settings\All Users\Application Data\feruqywy.scr
c:\windows\nuzod.lib
c:\windows\ekylyjugik.reg
c:\windows\system32\kiku.dat
c:\windows\dykuf.db
c:\windows\gypocymoce.dat
c:\documents and settings\Laura\Application Data\uvuwyxur.scr
c:\windows\catolab.bat
c:\windows\yqoxequ.com
c:\documents and settings\Laura\Application Data\ledikax.exe



Once scanned, copy and paste the results also in your next reply.

NOTE: I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 idc

idc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 12 November 2008 - 06:44 AM

Great website. I scanned all entries and all showed 0/36 for results. I copied the info in a log below. Thanks for your continued help. :thumbsup:

c:\documents and settings\All Users\Application Data\donanyt.scr

Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.11 -
AntiVir 7.9.0.31 2008.11.11 -
Authentium 5.1.0.4 2008.11.11 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.11 -
CAT-QuickHeal 9.50 2008.11.11 -
ClamAV 0.94.1 2008.11.11 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6203 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.11 -
Fortinet 3.117.0.0 2008.11.11 -
GData 19 2008.11.11 -
Ikarus T3.1.1.45.0 2008.11.11 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5430 2008.11.10 -
Microsoft 1.4104 2008.11.12 -
NOD32 3604 2008.11.11 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.12.00 2008.11.11 -
SecureWeb-Gateway 6.7.6 2008.11.11 -
Sophos 4.35.0 2008.11.11 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.11 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.11 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.11.1461 2008.11.11 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 16416 bytes
MD5...: 0ac7367d003e6209fd899b5f708547dd
SHA1..: a1bcfe67366ff24ba83fa61b60c39470ead42269
SHA256: 4e1a82817e0a57f025fe8ce193e46f09390a9f04ace07be816e004231a1c0d32
SHA512: ec7da54e8d4f3b5c6b72a500d2155ba78222d7c9086340150801ea4df0340e5f
71f809c3b9d66e1a90ecd6492e8737c8276a923dce3164ab0f2c4729e7553ad1
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.11 -
AntiVir 7.9.0.31 2008.11.11 -
Authentium 5.1.0.4 2008.11.11 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.11 -
CAT-QuickHeal 9.50 2008.11.11 -
ClamAV 0.94.1 2008.11.11 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6203 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.11 -
Fortinet 3.117.0.0 2008.11.11 -
GData 19 2008.11.11 -
Ikarus T3.1.1.45.0 2008.11.11 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5430 2008.11.10 -
Microsoft 1.4104 2008.11.12 -
NOD32 3604 2008.11.11 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.12.00 2008.11.11 -
SecureWeb-Gateway 6.7.6 2008.11.11 -
Sophos 4.35.0 2008.11.11 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.11 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.11 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.11.1461 2008.11.11 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 16416 bytes
MD5...: 0ac7367d003e6209fd899b5f708547dd
SHA1..: a1bcfe67366ff24ba83fa61b60c39470ead42269
SHA256: 4e1a82817e0a57f025fe8ce193e46f09390a9f04ace07be816e004231a1c0d32
SHA512: ec7da54e8d4f3b5c6b72a500d2155ba78222d7c9086340150801ea4df0340e5f
71f809c3b9d66e1a90ecd6492e8737c8276a923dce3164ab0f2c4729e7553ad1
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

c:\windows\oxybuxe.reg
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 19219 bytes
MD5...: 1f62a7f2e4cb140cd7c23a229cd27200
SHA1..: b8b29fb64bf3f5968a692d9b82b8fea36284783f
SHA256: 1280b4fead340683f0f2b91ff1c680279e89636b81ddf48310b4091bb57b2e55
SHA512: 951e94978c5dc485f6591a2576b65287db74ae55a1a4c882c4a0b5a31610a197
8082917cd34c63f1ca4476cd6f3a8c0be2e45f8e93c466d2c30d454b0dcc8b00
PEiD..: -
TrID..: File type identification
MPEG Video (100.0%)
PEInfo: -

c:\windows\nawy.scr
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 18936 bytes
MD5...: 05bf05a9a759d449962544893e143823
SHA1..: 03de63e0c4aea622fab244ad523379aafd172ad8
SHA256: f13523b930e81c6698c636bf23fcd0f5f47b55cf345be86ecc2a5251e04fefd9
SHA512: ea64bb1e98861094c6bacb62cbe5156ec662e3c5b1ef5a274e64d3a799d3cdb1
22d0d17beb211213bd81d657658ddc0d67974d7061aed8253be84f7e0abe4f8f
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

c:\windows\tylefazo.db
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6203 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 18391 bytes
MD5...: 38f956d93397b57445feb878bf4194bc
SHA1..: 27f6f4499c655d2dbffdd957a8908c286bca2d8b
SHA256: f1477107f30c3382a8fcb9c946f861b0d39a5636399f2621f41d44f9c368b2bd
SHA512: dbbdc80662004cf44f624622eebb4760f3cc7bee2000ab3448b31bc331786f88
4c9631803db4e702c3507f5037e6394281ca8afe92e8b2ac005fdd52efbf52e6
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

c:\windows\xowunujahy.com
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 18206 bytes
MD5...: 7542703600d4fade972bc9159bf74e93
SHA1..: ae0a656243bfb44f9f47d7e0aa8a0ba69fa44715
SHA256: 32cf40db67e7007c69325a5432d1c1387dfdb0873ce6a305287998bc038fa00f
SHA512: f705e1728d466a03ce5bac71a71be15be2707b72e12ffbd5db79874b0e96d0aa
cbd5633bf0cefd1c5e46ed34afdcb402c99a4fc778df3e5ceef92b08caa1bfdf
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

c:\program files\Common Files\gicylotoha.dll
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 17952 bytes
MD5...: 30c2f0058cae2438690ed9f0f4029ed7
SHA1..: 6b7c154000c139baaabbc59edab3c55570698a6d
SHA256: 4c8ad48c8c345d0dd4396ec9dcea85cedf800ab859a9600af51d0790bca123e8
SHA512: 83e4895a8975ccfc8b9155cc3546dc9743e6d9f20a94597c2fe7d963b3a5f561
3b8d52ebef5f9a11eb359c951686eb40f8cfa2f1ad37f22b2f0b25d017065e33
PEiD..: -
TrID..: File type identification
MPEG Video (100.0%)
PEInfo: -

c:\documents and settings\All Users\Application Data\feruqywy.scr
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 17505 bytes
MD5...: 8e5d2d1b0f1cf23a27af2896a538422a
SHA1..: a861939f2471d0cf03efcc76e8d859987b3bb1a7
SHA256: 77ccdac7f2f112a34f5f25cbc458398cd983e9f2ffa0972bb36478815a3cac90
SHA512: a879bdb1c96d8c7d9aa7f75c3a9de51e62ca69d3c4df1cb737ab17eaafa86601
e7a09bef1408155afd474f292c2bafbd32e07ea81ace3bca80cca035a2a762c0
PEiD..: -
TrID..: File type identification
MPEG Video (100.0%)
PEInfo: -

c:\windows\nuzod.lib
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.06 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 15558 bytes
MD5...: c18d8785f368d4c6fc96cccb850febd9
SHA1..: 52c655fc8d0e3436a7564a22297ba39fc08aeed6
SHA256: f9847a07995a8dcab1fc0e01d90841c002b1f8764fb2c549ce91d70981a35413
SHA512: b1c5a6ca33f2ff017ee11cd9dc5e105f6b1b178d33db9a5b438d679e9eaac750
66939885611ca506e22898dd7b422e8b984ed196e33e4858b398dfe314f458d2
PEiD..: -
TrID..: File type identification
MPEG Video (100.0%)
PEInfo: -

c:\windows\ekylyjugik.reg
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6203 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 12922 bytes
MD5...: 03243bf0b488927041043fe084cd6ff2
SHA1..: eba61af05a89d306f3f3d6adfd520bf9416852f6
SHA256: 9315695c55be2d3a608f8a14db58005d7d3a718d07081389561d4a85446a09f1
SHA512: 80ad6e6b45a9b4d4df45e0025cecef9d3ab297e98327e74eb765c7554702cee1
6d7b578d7ea13dbd92a169dbd39cc279f17d5ba1a364ac6afa0e832fa461716e
PEiD..: -
TrID..: File type identification
MPEG Video (100.0%)
PEInfo: -

c:\windows\system32\kiku.dat
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 11731 bytes
MD5...: 20a96ca35319ffa027c99419cc2a991f
SHA1..: 67a6c8811bb27c66fc24ec95d5bc515725b96908
SHA256: 9e0ff0ebfd3d28b65d6aab1dc8aaecf3739df322d2d15deae84b41dcb8ad81a8
SHA512: ebd012a9c972c92862261f3ea2c908bc93ea9afc8f7f10a455b72b0ae26fdd00
c62286c762f0cf89559f6bbc5cd22fea0eed656e9f6cd1d5f87f3881fdffa4aa
PEiD..: -
TrID..: File type identification
MPEG Video (100.0%)
PEInfo: -

c:\windows\dykuf.db
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6203 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 10107 bytes
MD5...: 90e9b5eb5937a87ae3e388e2321bbbc9
SHA1..: 0aade329891e72ff6e047cd5c48c5a1b3512bc8b
SHA256: a5f13a525c0973710815940bc771879f798993227e5e13f27293a3edcadff776
SHA512: db1fb2875d0d09dae0080d8df5b02a2d342944d2e6e166de4a853c57d0aca64b
b9577cfa257cb75267c6f42c027f2784beebb2f735a791383bf9de6b2b6494e7
PEiD..: -
TrID..: File type identification
MPEG Video (100.0%)
PEInfo: -

c:\windows\gypocymoce.dat
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 19482 bytes
MD5...: d49272971d0d14cf795b9c60ecdef891
SHA1..: 79a5a69aa6276b6b391fe6f8e81778dddb0b80f2
SHA256: 7030ee82d07e471faa9c5f425c38dc656f767ddc1028b5eb0a8f972225548ced
SHA512: 9ee31d6790069faf51534be7426bc388aa7f23c7e34e2d0e6358d0e7f39e178e
ae7a813c6bfeb0ea17569b084b44139a740b2ac649f660063845255c4a7732d1
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

c:\documents and settings\Laura\Application Data\uvuwyxur.scr
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 17091 bytes
MD5...: 3369ba7da4b432ca3c393d3f63780d84
SHA1..: 26a59e6113d2ef089b5a5eac7d33fc8a0227ff75
SHA256: aea3f7b81856cc99fe9b9f7f2e70e278e1634fd6becaa2618e230d9b1464ba28
SHA512: 4a950c5af0dac52aa126712ffd049fa2d099e3a8b5482a3e486d7b38a3dfbf76
0b609bc2fdcabe7de88a62ecc66ef70e86735ead560daa36a49a368f4e07797a
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

c:\windows\catolab.bat
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6203 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 16471 bytes
MD5...: f131c934ef5f82d1ed686af3a9896753
SHA1..: a593a5849f6c3ffd6834683fcf8cfeb67b1102e1
SHA256: 6ea5ebd447cf59e8003c3d3c7fdee589eb9aa84529e7516b6d530d6d39a8fa3c
SHA512: 9e482eeaac50653118c1de4879551e6f04813a6d2a9c5cd3db8d3a91000960a8
4a9eafa26e6ec11984b150e1b816ab2b668000f9206d3127b0537612948497e8
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

c:\windows\yqoxequ.com
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6203 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 15345 bytes
MD5...: a74e68cfb7d05ad549c8f056efcd5b81
SHA1..: 14f044f1f306ff16cc889a72998090fbb9a4982e
SHA256: 5c9b565b630ea1ecc67c59e687830197f125ef8badf7e89f9574325532c51168
SHA512: 4ce537cce38571e93574ee73f00b94a82b5eb77e75d914f11997be7b6cd46b90
5af6fbeb2981cd9a2094484d877c61cbcfbf303ada5d11d94a29d7d3dc07cdab
PEiD..: -
TrID..: File type identification
MPEG Video (100.0%)
PEInfo: -

c:\documents and settings\Laura\Application Data\ledikax.exe
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 14271 bytes
MD5...: f47e8882dc49ebc6b1bf003eb446c07f
SHA1..: a9065f668fb69ce9350a299071e3af8e61520fe5
SHA256: f70108dd76befdd2abfb8a5c4e9c3a1d709c4c437fa86337176947a67e2f4e96
SHA512: 7be0c29033bea8e66a838c9b05e6a94240d5270f72085f44b3d528341d6b5b52
c1e13b741b0e32888e42e4e2919f1ca3ece36ae9fe882a670b003943ef8ff8b2
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:03 PM

Posted 12 November 2008 - 11:30 PM

Hi,

Please double-click on My Computer and locate the file "c:\documents and settings\Laura\Application Data\ledikax.exe".
Right-click on it and choose "Properties", then click on the "Version" tab at the top.
Click on "Comments", "Company", "File Version", and "Internal Name" and please post whatever the text in the box immediately to the right

Do the same with these files:
c:\windows\oxybuxe.reg
c:\windows\xowunujahy.com
c:\program files\Common Files\gicylotoha.dll
c:\windows\ekylyjugik.reg
c:\documents and settings\Laura\Application Data\uvuwyxur.scr
c:\windows\catolab.bat
c:\windows\yqoxequ.com







Lets make sure you have no malware stragglers.

Please disable your Norton Antivirus before running Kaspersky Online Scanner.

Please do a scan with Kaspersky Online Scanner

You can refer to this animation by sundavis.


Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
This scanner will only scan. It does not remove any malware it finds.

Edited by SifuMike, 12 November 2008 - 11:37 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 idc

idc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 13 November 2008 - 06:51 AM

I checked each file as instructed and went to properties, however none of those files had a version tab. I check all the tabs present for comments, company, file version, and internal name, but did not find anything. I disabled norton and attempted to download Kaspersky, however my internet explorer would not allow the download of active X because it could not verify the publisher. I'm not sure how to adjust the IE security settings to allow this. Can you advise or recommend another scanner? Thanks

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:03 PM

Posted 13 November 2008 - 12:45 PM

attempted to download Kaspersky, however my internet explorer would not allow the download of active X because it could not verify the publisher. I'm not sure how to adjust the IE security settings to allow this.


You have your IE set up incorrectly.
Read and follow this:
http://www.windowsreference.com/security/w...-the-publisher/

Then run Kaspersky Online Scanner and post the log it produces.

Edited by SifuMike, 13 November 2008 - 12:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 idc

idc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 13 November 2008 - 09:22 PM

Thanks for the tip with IE. Ran Kaspersky and the scan came up clean, no log to post.

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:03 PM

Posted 13 November 2008 - 10:23 PM

Hi idc,

Lets run another scanner to make sure.

Disable your Norton Antivirus program and Spybot Teatimer while running this scan.

Go here to run ESET online scannner.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, and a description of any remaining problems

Edited by SifuMike, 13 November 2008 - 10:26 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 idc

idc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 14 November 2008 - 03:31 PM

Ran ESET, came up clean, log posted below. The system appears to be running fine, the only remaining problem that I can see is that when I log onto my user name I get a Sgtray error message that says "an error occurred while trying to open pconfig". Any thoughts?

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3614 (20081114)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=4ed0acde32690d4596d63afd3d3a4bcd
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-11-14 08:19:51
# local_time=2008-11-14 03:19:51 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=120113
# found=0
# scan_time=1210

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:03 PM

Posted 14 November 2008 - 04:47 PM

Hi,

Sgtray is related to Veritas software. Do you have Veritas software? if so, try reinstalling it.

My expertise is malware removal, and that sounds like a windows problem.
If reinstalling Veritas software does not solve it, then go to our Windows forum where our experts
will help you.

Your log looks clean. :thumbsup:

Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete any of its related folders and files (Qoobox
VundoFix Backups, Avenger, _OTMoveIt3), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Please read and follow How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes


If you want to improve speed/system performance after malware removal, take a look here.

Edited by SifuMike, 14 November 2008 - 04:53 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 idc

idc
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 14 November 2008 - 06:58 PM

Fantastic, thanks again for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users