Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weekend of clean-up, am I clean?


  • This topic is locked This topic is locked
18 replies to this topic

#1 rextrout

rextrout

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 November 2008 - 08:03 AM

Hello,

After a weekend with Trend Pc-Illin and Ad-Aware, I thought I had cleaned my PC of all of it's problems. However, after another scan last night (which was clean),I want to make sure I really got everything. Internet access this morning was balky, but then came back before I changed anything, and the computer still seems slow. FWIW, I am using a hardware-based firewall/router. Software firewalls are turned off.

Thank you for your help.



Here is the RSIT log:


Logfile of random's system information tool 1.04 (written by random/random)
Run by Mike at 2008-11-25 07:27:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 86 GB (58%) free of 148 GB
Total RAM: 2046 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:52 AM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Documents and Settings\Mike\Application Data\gadcom\gadcom.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SqueezeCenter\SqueezeTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mike\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {143F001A-7B7A-4717-9C1C-17956A886254} - C:\WINDOWS\system32\nnnmmmLE.dll
O2 - BHO: {04b98b5d-3b44-9d49-ac64-36798a740726} - {627047a8-9763-46ca-94d9-44b3d5b89b40} - C:\WINDOWS\system32\ycyytw.dll
O2 - BHO: (no name) - {73259091-9574-4ED8-A40F-7F65AFC28634} - C:\WINDOWS\system32\vtUnlJaY.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo 900] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /P22 "EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [{10-0F-F7-78-DW}] c:\windows\system32\rswnw64q.exe DWmmm01FF
O4 - HKLM\..\Run: [NI.GSCNS] "C:\DOCUME~1\Hollis\LOCALS~1\Temp\winvsnet.tmp"
O4 - HKLM\..\Run: [4ca10fd7] rundll32.exe "C:\WINDOWS\system32\ipivwqqv.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [EPSON Stylus Photo 900] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /A "C:\WINDOWS\system32\E_S716.tmp"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Mike\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: www.e-rewards.com
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE6A188E-3139-4631-9A50-87AA0FEE71F6}: NameServer = 68.94.156.1,68.94.157.1
O20 - AppInit_DLLs: ycyytw.dll
O20 - Winlogon Notify: vtUnlJaY - vtUnlJaY.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SqueezeCenter (squeezesvc) - Unknown owner - C:\Program Files\SqueezeCenter\server\squeezecenter.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10673 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{143F001A-7B7A-4717-9C1C-17956A886254}]
C:\WINDOWS\system32\nnnmmmLE.dll [2008-11-23 318464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{627047a8-9763-46ca-94d9-44b3d5b89b40}]
C:\WINDOWS\system32\ycyytw.dll [2008-11-24 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73259091-9574-4ED8-A40F-7F65AFC28634}]
C:\WINDOWS\system32\vtUnlJaY.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
""= []
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe [2005-08-30 823362]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"EPSON Stylus Photo 900"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE [2002-12-10 75776]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-05-10 94208]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-10 368706]
"{10-0F-F7-78-DW}"=c:\windows\system32\rswnw64q.exe DWmmm01FF []
"NI.GSCNS"=C:\DOCUME~1\Hollis\LOCALS~1\Temp\winvsnet.tmp [2008-11-23 54784]
"4ca10fd7"=C:\WINDOWS\system32\ipivwqqv.dll [2008-11-24 72704]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"=C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe [2006-04-11 176201]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"OfotoNow USB Detection"=C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL [2002-11-05 77824]
"Aim6"= []
"EPSON Stylus Photo 900"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE [2002-12-10 75776]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]
"gadcom"=C:\Documents and Settings\Mike\Application Data\gadcom\gadcom.exe [2008-11-23 56320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet]
C:\WINDOWS\system32\prunnet.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
SqueezeCenter Tray Tool.lnk - C:\Program Files\SqueezeCenter\SqueezeTray.exe

C:\Documents and Settings\Mike\Start Menu\Programs\Startup
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="ycyytw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUnlJaY]
vtUnlJaY.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{73259091-9574-4ED8-A40F-7F65AFC28634}"=C:\WINDOWS\system32\vtUnlJaY.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\nnnmmmLE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Setup.exe"="E:\Setup.exe:*:Enabled:Setup"
"C:\Program Files\EasyShare\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\EasyShare\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2008-11-25 06:39:24 ----D---- C:\rsit
2008-11-24 11:01:37 ----D---- C:\Program Files\InetGet2
2008-11-24 10:50:36 ----A---- C:\WINDOWS\system32\ycyytw.dll
2008-11-24 10:50:35 ----A---- C:\WINDOWS\system32\jtyugmav.dll
2008-11-24 10:44:36 ----SH---- C:\WINDOWS\system32\vqqwvipi.ini
2008-11-24 10:44:35 ----A---- C:\WINDOWS\system32\ipivwqqv.dll
2008-11-24 10:41:41 ----D---- C:\Program Files\Mjcore
2008-11-24 08:39:13 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-23 15:23:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-23 15:20:59 ----D---- C:\Program Files\CCleaner
2008-11-23 14:34:48 ----D---- C:\WINDOWS\pss
2008-11-23 13:59:46 ----D---- C:\Program Files\Lavasoft
2008-11-23 13:59:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-23 13:56:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-23 11:06:55 ----D---- C:\Documents and Settings\Mike\Application Data\gadcom
2008-11-23 10:43:13 ----SH---- C:\WINDOWS\system32\lskpxdcs.ini
2008-11-23 10:42:02 ----A---- C:\WINDOWS\system32\mdpbol.dll
2008-11-23 10:42:01 ----A---- C:\WINDOWS\system32\maacjgkg.dll
2008-11-23 10:41:08 ----A---- C:\WINDOWS\system32\4782cba9-.txt
2008-11-23 10:39:55 ----ASH---- C:\WINDOWS\system32\ELmmmnnn.ini2
2008-11-23 10:39:55 ----ASH---- C:\WINDOWS\system32\ELmmmnnn.ini
2008-11-23 10:39:49 ----A---- C:\WINDOWS\system32\nnnmmmLE.dll
2008-11-23 10:36:03 ----A---- C:\WINDOWS\system32\vkdlxdlfizshqra.exe
2008-11-23 10:35:09 ----D---- C:\WINDOWS\system32\gp2
2008-11-23 10:35:08 ----D---- C:\WINDOWS\system32\x4
2008-11-23 10:35:08 ----D---- C:\WINDOWS\system32\mp
2008-11-23 10:35:08 ----D---- C:\WINDOWS\system32\dim
2008-11-23 10:35:00 ----D---- C:\Temp
2008-11-08 15:57:00 ----D---- C:\Program Files\Garmin GPS Plugin
2008-11-08 15:41:49 ----D---- C:\Documents and Settings\All Users\Application Data\GARMIN
2008-11-08 15:41:47 ----D---- C:\Documents and Settings\Mike\Application Data\GARMIN
2008-11-07 18:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-07 18:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-07 18:50:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-07 18:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-07 18:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-07 18:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-07 18:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$

======List of files/folders modified in the last 1 months======

2008-11-25 07:24:19 ----SHD---- C:\System Volume Information
2008-11-25 07:23:14 ----D---- C:\WINDOWS\system32\Restore
2008-11-25 06:41:43 ----D---- C:\Program Files\Mozilla Firefox
2008-11-25 06:39:26 ----D---- C:\WINDOWS\Prefetch
2008-11-25 06:30:19 ----D---- C:\WINDOWS
2008-11-25 06:29:23 ----D---- C:\WINDOWS\Temp
2008-11-25 06:27:26 ----D---- C:\WINDOWS\Registration
2008-11-25 06:27:21 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-11-24 22:49:38 ----RASH---- C:\boot.ini
2008-11-24 22:49:38 ----N---- C:\WINDOWS\system.ini
2008-11-24 22:49:38 ----A---- C:\WINDOWS\win.ini
2008-11-24 22:02:31 ----D---- C:\WINDOWS\system32
2008-11-24 20:14:03 ----D---- C:\Program Files\Quicken
2008-11-24 11:01:37 ----D---- C:\Program Files
2008-11-23 20:06:39 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 15:41:17 ----D---- C:\Program Files\Trend Micro
2008-11-23 15:21:46 ----D---- C:\WINDOWS\Debug
2008-11-23 14:01:55 ----SHD---- C:\WINDOWS\Installer
2008-11-23 14:01:48 ----SHD---- C:\Config.Msi
2008-11-23 13:59:46 ----D---- C:\WINDOWS\system32\drivers
2008-11-23 13:56:36 ----D---- C:\Program Files\Common Files
2008-11-19 06:37:57 ----HD---- C:\WINDOWS\inf
2008-11-08 15:41:32 ----D---- C:\Garmin
2008-11-07 19:42:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-07 18:50:22 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-07 18:50:19 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 15:34:23 ----D---- C:\WINDOWS\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2004-07-20 16512]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2005-08-30 38528]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-05-03 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-06-29 3712]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tm_cfw;Common Firewall Driver; C:\WINDOWS\System32\Drivers\tm_cfw.sys [2005-08-30 1884585]
R2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-08-16 205328]
R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-08-16 36368]
R2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\Vsapint.sys [2008-08-16 1195448]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
R3 LHidUsbK;Logitech SetPoint USB Receiver Device Driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter; C:\WINDOWS\System32\Drivers\LUsbKbd.Sys [2006-05-10 14976]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-10 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2006-09-04 880722]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 SqueezeMySQL;SqueezeMySQL; C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2008-03-03 4149248]
R2 squeezesvc;SqueezeCenter; C:\Program Files\SqueezeCenter\server\squeezecenter.exe [2008-03-03 8212565]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Edited by rextrout, 25 November 2008 - 08:29 AM.


BC AdBot (Login to Remove)

 


#2 rextrout

rextrout
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 November 2008 - 08:26 AM

I take that back, I am not all clean. Realtime TrendMicro alert for webhancer, and firefox launched to a "virus software" site. Let me know what steps I should take next.

Edited by rextrout, 25 November 2008 - 08:29 AM.


#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:32 AM

Posted 29 November 2008 - 07:54 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.

Before I saw your second post here I was about to ask you what protection programs you are using that show up clean. You are badly infected.


Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\system32\ycyytw.dll
    C:\WINDOWS\system32\jtyugmav.dll
    C:\WINDOWS\system32\vqqwvipi.ini
    C:\WINDOWS\system32\ipivwqqv.dll
    C:\WINDOWS\system32\lskpxdcs.ini
    C:\WINDOWS\system32\mdpbol.dll
    C:\WINDOWS\system32\maacjgkg.dll
    C:\WINDOWS\system32\4782cba9-.txt
    C:\WINDOWS\system32\ELmmmnnn.ini2
    C:\WINDOWS\system32\ELmmmnnn.ini
    C:\WINDOWS\system32\nnnmmmLE.dll
    C:\WINDOWS\system32\vkdlxdlfizshqra.exe
    C:\WINDOWS\system32\gp2
    C:\WINDOWS\system32\x4
    C:\WINDOWS\system32\mp
    C:\WINDOWS\system32\dim
    
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


==================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Also post a new log from RSIT.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 rextrout

rextrout
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 30 November 2008 - 09:40 PM

Hello,

Thank you for your help. Below are the results for the OTMoveIt log (after rebooting). When I rebotted, I received several messages from OTMoveIt3 failing to start because perl58.dll was not found. Once I dismissed that message (several times) the computer finally rebooted. I am also receiving messages from my anti-virus program (Trend Micro MC-cillin). I assume that I should leave that running.

The Malwarebytes scan is still running. I will post that log (and a new RSIT log) once the scan completes.

Thank you again.

========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\ycyytw.dll
C:\WINDOWS\system32\ycyytw.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ycyytw.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\jtyugmav.dll
C:\WINDOWS\system32\jtyugmav.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\jtyugmav.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\vqqwvipi.ini moved successfully.
File/Folder C:\WINDOWS\system32\ipivwqqv.dll not found.
C:\WINDOWS\system32\lskpxdcs.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mdpbol.dll
C:\WINDOWS\system32\mdpbol.dll NOT unregistered.
C:\WINDOWS\system32\mdpbol.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\maacjgkg.dll
C:\WINDOWS\system32\maacjgkg.dll NOT unregistered.
C:\WINDOWS\system32\maacjgkg.dll moved successfully.
C:\WINDOWS\system32\4782cba9-.txt moved successfully.
C:\WINDOWS\system32\ELmmmnnn.ini2 moved successfully.
C:\WINDOWS\system32\ELmmmnnn.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnmmmLE.dll
C:\WINDOWS\system32\nnnmmmLE.dll NOT unregistered.
C:\WINDOWS\system32\nnnmmmLE.dll moved successfully.
C:\WINDOWS\system32\vkdlxdlfizshqra.exe moved successfully.
C:\WINDOWS\system32\gp2 moved successfully.
C:\WINDOWS\system32\x4 moved successfully.
C:\WINDOWS\system32\mp moved successfully.
C:\WINDOWS\system32\dim moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\5f4010392d26de2972604a5df777f946\perl58.dll scheduled to be deleted on

reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\054a515a11c7920cfc4d7faea7af4932.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\0fdf6651ec58af7738a5f192a16308f3.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\1c4c331123ae5269fbd179de68e18722.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\33dea2ee1515e1c0eedfcd55d2d0540f.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\37dbb36b1afb4153f311e1937d13beb9.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\3dab63509796d9defe82e7c8f292cdc2.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\42111b2ff16ef6b9a300033651849df2.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\426234b03a6207e763a72e588f8ed8de.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\463172d63e5c347ebd2a2c9f3e30a769.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\4698d6dad1d9192f189448cd2250e41c.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\480ac5427cb6705921c199c825f6feda.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\4e2f70cf514e42eb8319b6c42723ed06.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\531074183cd92c8ee6e38095fed64379.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\563d7ead40b59c49009856a0b10f2014.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\5665e9d91ffd5329b4b069811edd98e1.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\619eb23c53abde1a9d9d6b8d81ccd746.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\6b58dab08175faa9470d9b8f08345f77.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\776043a051266bed6315875a8a879b49.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\804a82b53759189a7786eee16508a628.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\8715287e64467664fda73ee36a680ad6.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\8d9ba91df5b696882e70aa59f4766acb.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\93e8018418e0dd3aeabcea5210c424d9.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\95e9a2327e375c6b6f41bca6adf49352.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\9e11e8cf40c66b8d30f95ce783f2ac0b.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\a507fccf2be25b878761a66bf411c201.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\abaa64637ebb3715a020574efc3032f8.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\ad76515ff4d1de346e3888790190a3c0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b2a041897a5d2e9486f60c2f6017af23.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b44b56de153a5879c1b84993c5cdadfa.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b9a44d2e186e418b4f2cd47aed6ae729.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\baf7b671cd22e344218d4404c5715954.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\bbd2dcfa51103025d57caa776bc1047b.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\bd9a153164799d8be71e6a02e5c8cc4b.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c0bb48510a66e6fdcb5936be6801222d.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c537490a8d5597db7ef38c63a14dd378.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\cd36294c81a9e8872c0bc2638facfd15.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\cd6be9554293967a36ad1075b097a79b.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\df3d88a56622b79eb806b7ec6d5febc2.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\e247dd11d21a2bfdb97ad0cdd295b32d.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\e51718032942dd5fb4b1590be1ec8d83.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\ea8f9cce13d067ab0d898ca399b403ed.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\fa142febd5dc53f93f911452e1a99387.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\fb2e449d6244301907de33f5adebdb35.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\~DF343B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled

to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ib27 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib28 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib29 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib30 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib31 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application

Data\Mozilla\Firefox\Profiles\dxr1lxzx.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application

Data\Mozilla\Firefox\Profiles\dxr1lxzx.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application

Data\Mozilla\Firefox\Profiles\dxr1lxzx.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application

Data\Mozilla\Firefox\Profiles\dxr1lxzx.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_202724

Files moved on Reboot...
File C:\WINDOWS\system32\ycyytw.dll not found!
File C:\WINDOWS\system32\jtyugmav.dll not found!
DllUnregisterServer procedure not found in C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\5f4010392d26de2972604a5df777f946\perl58.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\5f4010392d26de2972604a5df777f946\perl58.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\5f4010392d26de2972604a5df777f946\perl58.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\054a515a11c7920cfc4d7faea7af4932.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\054a515a11c7920cfc4d7faea7af4932.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\054a515a11c7920cfc4d7faea7af4932.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\0fdf6651ec58af7738a5f192a16308f3.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\0fdf6651ec58af7738a5f192a16308f3.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\0fdf6651ec58af7738a5f192a16308f3.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\1c4c331123ae5269fbd179de68e18722.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\1c4c331123ae5269fbd179de68e18722.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\1c4c331123ae5269fbd179de68e18722.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\33dea2ee1515e1c0eedfcd55d2d0540f.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\33dea2ee1515e1c0eedfcd55d2d0540f.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\33dea2ee1515e1c0eedfcd55d2d0540f.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\37dbb36b1afb4153f311e1937d13beb9.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\37dbb36b1afb4153f311e1937d13beb9.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\37dbb36b1afb4153f311e1937d13beb9.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\3dab63509796d9defe82e7c8f292cdc2.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\3dab63509796d9defe82e7c8f292cdc2.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\3dab63509796d9defe82e7c8f292cdc2.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\42111b2ff16ef6b9a300033651849df2.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\42111b2ff16ef6b9a300033651849df2.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\42111b2ff16ef6b9a300033651849df2.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\426234b03a6207e763a72e588f8ed8de.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\426234b03a6207e763a72e588f8ed8de.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\426234b03a6207e763a72e588f8ed8de.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\463172d63e5c347ebd2a2c9f3e30a769.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\463172d63e5c347ebd2a2c9f3e30a769.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\463172d63e5c347ebd2a2c9f3e30a769.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\4698d6dad1d9192f189448cd2250e41c.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\4698d6dad1d9192f189448cd2250e41c.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\4698d6dad1d9192f189448cd2250e41c.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\480ac5427cb6705921c199c825f6feda.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\480ac5427cb6705921c199c825f6feda.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\480ac5427cb6705921c199c825f6feda.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\4e2f70cf514e42eb8319b6c42723ed06.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\4e2f70cf514e42eb8319b6c42723ed06.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\4e2f70cf514e42eb8319b6c42723ed06.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\531074183cd92c8ee6e38095fed64379.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\531074183cd92c8ee6e38095fed64379.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\531074183cd92c8ee6e38095fed64379.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\563d7ead40b59c49009856a0b10f2014.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\563d7ead40b59c49009856a0b10f2014.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\563d7ead40b59c49009856a0b10f2014.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\5665e9d91ffd5329b4b069811edd98e1.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\5665e9d91ffd5329b4b069811edd98e1.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\5665e9d91ffd5329b4b069811edd98e1.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\619eb23c53abde1a9d9d6b8d81ccd746.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\619eb23c53abde1a9d9d6b8d81ccd746.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\619eb23c53abde1a9d9d6b8d81ccd746.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\6b58dab08175faa9470d9b8f08345f77.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\6b58dab08175faa9470d9b8f08345f77.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\6b58dab08175faa9470d9b8f08345f77.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\776043a051266bed6315875a8a879b49.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\776043a051266bed6315875a8a879b49.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\776043a051266bed6315875a8a879b49.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\804a82b53759189a7786eee16508a628.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\804a82b53759189a7786eee16508a628.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\804a82b53759189a7786eee16508a628.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\8715287e64467664fda73ee36a680ad6.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\8715287e64467664fda73ee36a680ad6.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\8715287e64467664fda73ee36a680ad6.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\8d9ba91df5b696882e70aa59f4766acb.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\8d9ba91df5b696882e70aa59f4766acb.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\8d9ba91df5b696882e70aa59f4766acb.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\93e8018418e0dd3aeabcea5210c424d9.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\93e8018418e0dd3aeabcea5210c424d9.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\93e8018418e0dd3aeabcea5210c424d9.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\95e9a2327e375c6b6f41bca6adf49352.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\95e9a2327e375c6b6f41bca6adf49352.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\95e9a2327e375c6b6f41bca6adf49352.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\9e11e8cf40c66b8d30f95ce783f2ac0b.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\9e11e8cf40c66b8d30f95ce783f2ac0b.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\9e11e8cf40c66b8d30f95ce783f2ac0b.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\a507fccf2be25b878761a66bf411c201.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\a507fccf2be25b878761a66bf411c201.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\a507fccf2be25b878761a66bf411c201.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\abaa64637ebb3715a020574efc3032f8.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\abaa64637ebb3715a020574efc3032f8.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\abaa64637ebb3715a020574efc3032f8.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\ad76515ff4d1de346e3888790190a3c0.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\ad76515ff4d1de346e3888790190a3c0.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\ad76515ff4d1de346e3888790190a3c0.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b2a041897a5d2e9486f60c2f6017af23.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b2a041897a5d2e9486f60c2f6017af23.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b2a041897a5d2e9486f60c2f6017af23.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b44b56de153a5879c1b84993c5cdadfa.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b44b56de153a5879c1b84993c5cdadfa.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b44b56de153a5879c1b84993c5cdadfa.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b9a44d2e186e418b4f2cd47aed6ae729.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b9a44d2e186e418b4f2cd47aed6ae729.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\b9a44d2e186e418b4f2cd47aed6ae729.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\baf7b671cd22e344218d4404c5715954.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\baf7b671cd22e344218d4404c5715954.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\baf7b671cd22e344218d4404c5715954.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\bbd2dcfa51103025d57caa776bc1047b.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\bbd2dcfa51103025d57caa776bc1047b.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\bbd2dcfa51103025d57caa776bc1047b.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\bd9a153164799d8be71e6a02e5c8cc4b.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\bd9a153164799d8be71e6a02e5c8cc4b.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\bd9a153164799d8be71e6a02e5c8cc4b.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c0bb48510a66e6fdcb5936be6801222d.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c0bb48510a66e6fdcb5936be6801222d.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c0bb48510a66e6fdcb5936be6801222d.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c537490a8d5597db7ef38c63a14dd378.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c537490a8d5597db7ef38c63a14dd378.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c537490a8d5597db7ef38c63a14dd378.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\cd36294c81a9e8872c0bc2638facfd15.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\cd36294c81a9e8872c0bc2638facfd15.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\cd36294c81a9e8872c0bc2638facfd15.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\cd6be9554293967a36ad1075b097a79b.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\cd6be9554293967a36ad1075b097a79b.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\cd6be9554293967a36ad1075b097a79b.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\df3d88a56622b79eb806b7ec6d5febc2.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\df3d88a56622b79eb806b7ec6d5febc2.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\df3d88a56622b79eb806b7ec6d5febc2.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\e247dd11d21a2bfdb97ad0cdd295b32d.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\e247dd11d21a2bfdb97ad0cdd295b32d.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\e247dd11d21a2bfdb97ad0cdd295b32d.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\e51718032942dd5fb4b1590be1ec8d83.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\e51718032942dd5fb4b1590be1ec8d83.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\e51718032942dd5fb4b1590be1ec8d83.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\ea8f9cce13d067ab0d898ca399b403ed.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\ea8f9cce13d067ab0d898ca399b403ed.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\ea8f9cce13d067ab0d898ca399b403ed.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\fa142febd5dc53f93f911452e1a99387.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\fa142febd5dc53f93f911452e1a99387.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\fa142febd5dc53f93f911452e1a99387.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\fb2e449d6244301907de33f5adebdb35.dll
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\fb2e449d6244301907de33f5adebdb35.dll NOT unregistered.
C:\DOCUME~1\Mike\LOCALS~1\Temp\pdk-Mike\fb2e449d6244301907de33f5adebdb35.dll moved successfully.
C:\DOCUME~1\Mike\LOCALS~1\Temp\hpodvd09.log moved successfully.
File C:\DOCUME~1\Mike\LOCALS~1\Temp\~DF343B.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to

be moved on reboot.
File C:\WINDOWS\temp\ib27 not found!
File C:\WINDOWS\temp\ib28 not found!
File C:\WINDOWS\temp\ib29 not found!

#5 rextrout

rextrout
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 30 November 2008 - 10:37 PM

Here's the malwarebytes log:

Malwarebytes' Anti-Malware 1.30
Database version: 1439
Windows 5.1.2600 Service Pack 3

11/30/2008 9:32:34 PM
mbam-log-2008-11-30 (21-32-34).txt

Scan type: Quick Scan
Objects scanned: 85153
Time elapsed: 12 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 20
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ogaxtrxu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fnbwzn.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3675a797-926b-40dd-a909-20a4235364f3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3675a797-926b-40dd-a909-20a4235364f3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtunljay (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ca10fd7 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ni.gscns (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{10-0f-f7-78-dw} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Local Settings\Temp\snapsnet (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Application Data\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\fnbwzn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vtUnlJaY.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ogaxtrxu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uxrtxago.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fykqxwcx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iqwkybsf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oustge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Local Settings\Temp\winasnet.tmp (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Local Settings\Temp\__7D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Local Settings\Temp\snapsnet\dPI191065.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Local Settings\Temporary Internet Files\Content.IE5\0RJVA41D\152[1].net (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Local Settings\Temporary Internet Files\Content.IE5\ODU3O1AJ\156[1].net (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Local Settings\Temporary Internet Files\Content.IE5\W12V4DA3\104[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Application Data\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Application Data\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Application Data\Twain\Twain.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hollis\Start Menu\Programs\Startup\DW_Start.lnk (Malware.Links) -> Quarantined and deleted successfully.

#6 rextrout

rextrout
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 30 November 2008 - 10:38 PM

And here's the output of a new RSIT scan.

Thanks again, Sam.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Mike at 2008-11-30 21:37:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 86 GB (58%) free of 148 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:30 PM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mike\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {2A8B959B-8F39-4BF9-ABC1-D88D78C452D7} - C:\WINDOWS\system32\nnnmmmLE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo 900] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /P22 "EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [EPSON Stylus Photo 900] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /A "C:\WINDOWS\system32\E_S716.tmp"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: www.e-rewards.com
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE6A188E-3139-4631-9A50-87AA0FEE71F6}: NameServer = 68.94.156.1,68.94.157.1
O20 - AppInit_DLLs: fnbwzn.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SqueezeCenter (squeezesvc) - Unknown owner - C:\Program Files\SqueezeCenter\server\squeezecenter.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9890 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A8B959B-8F39-4BF9-ABC1-D88D78C452D7}]
C:\WINDOWS\system32\nnnmmmLE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
""= []
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe [2005-08-30 823362]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"EPSON Stylus Photo 900"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE [2002-12-10 75776]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-05-10 94208]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-10 368706]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"=C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe [2006-04-11 176201]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"OfotoNow USB Detection"=C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL [2002-11-05 77824]
"Aim6"= []
"EPSON Stylus Photo 900"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE [2002-12-10 75776]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet]
C:\WINDOWS\system32\prunnet.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
SqueezeCenter Tray Tool.lnk - C:\Program Files\SqueezeCenter\SqueezeTray.exe

C:\Documents and Settings\Mike\Start Menu\Programs\Startup
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="fnbwzn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\nnnmmmLE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Setup.exe"="E:\Setup.exe:*:Enabled:Setup"
"C:\Program Files\EasyShare\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\EasyShare\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2008-11-30 20:35:18 ----D---- C:\Documents and Settings\Mike\Application Data\Malwarebytes
2008-11-30 20:35:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-30 20:35:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-30 20:28:43 ----ASH---- C:\WINDOWS\system32\ELmmmnnn.ini2
2008-11-30 20:27:24 ----D---- C:\_OTMoveIt
2008-11-25 19:49:43 ----ASH---- C:\WINDOWS\system32\hvrnmgew.ini
2008-11-25 06:39:24 ----D---- C:\rsit
2008-11-24 08:39:13 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-23 15:23:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-23 15:20:59 ----D---- C:\Program Files\CCleaner
2008-11-23 14:34:48 ----D---- C:\WINDOWS\pss
2008-11-23 13:59:46 ----D---- C:\Program Files\Lavasoft
2008-11-23 13:59:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-23 13:56:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-23 10:39:55 ----ASH---- C:\WINDOWS\system32\ELmmmnnn.ini
2008-11-23 10:35:00 ----D---- C:\Temp
2008-11-08 15:57:00 ----D---- C:\Program Files\Garmin GPS Plugin
2008-11-08 15:41:49 ----D---- C:\Documents and Settings\All Users\Application Data\GARMIN
2008-11-08 15:41:47 ----D---- C:\Documents and Settings\Mike\Application Data\GARMIN
2008-11-07 18:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-07 18:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-07 18:50:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-07 18:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-07 18:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-07 18:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-07 18:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$

======List of files/folders modified in the last 1 months======

2008-11-30 21:37:24 ----D---- C:\WINDOWS\Prefetch
2008-11-30 21:36:29 ----D---- C:\Program Files\Mozilla Firefox
2008-11-30 21:35:48 ----D---- C:\WINDOWS
2008-11-30 21:35:06 ----D---- C:\WINDOWS\Temp
2008-11-30 21:34:22 ----D---- C:\WINDOWS\Registration
2008-11-30 21:34:14 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-11-30 21:33:34 ----D---- C:\WINDOWS\system32\drivers
2008-11-30 21:33:34 ----D---- C:\WINDOWS\system32
2008-11-30 21:32:34 ----D---- C:\Program Files
2008-11-30 15:36:46 ----RASH---- C:\boot.ini
2008-11-30 15:36:45 ----N---- C:\WINDOWS\system.ini
2008-11-30 15:36:45 ----A---- C:\WINDOWS\win.ini
2008-11-25 07:24:19 ----SHD---- C:\System Volume Information
2008-11-25 07:23:14 ----D---- C:\WINDOWS\system32\Restore
2008-11-24 20:14:03 ----D---- C:\Program Files\Quicken
2008-11-23 20:06:39 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 15:41:17 ----D---- C:\Program Files\Trend Micro
2008-11-23 15:21:46 ----D---- C:\WINDOWS\Debug
2008-11-23 14:01:55 ----SHD---- C:\WINDOWS\Installer
2008-11-23 14:01:48 ----SHD---- C:\Config.Msi
2008-11-23 13:56:36 ----D---- C:\Program Files\Common Files
2008-11-19 06:37:57 ----HD---- C:\WINDOWS\inf
2008-11-08 15:41:32 ----D---- C:\Garmin
2008-11-07 19:42:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-07 18:50:22 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-07 18:50:19 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 15:34:23 ----D---- C:\WINDOWS\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2004-07-20 16512]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2005-08-30 38528]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-05-03 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-06-29 3712]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tm_cfw;Common Firewall Driver; C:\WINDOWS\System32\Drivers\tm_cfw.sys [2005-08-30 1884585]
R2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-08-16 205328]
R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-08-16 36368]
R2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\Vsapint.sys [2008-08-16 1195448]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
R3 LHidUsbK;Logitech SetPoint USB Receiver Device Driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter; C:\WINDOWS\System32\Drivers\LUsbKbd.Sys [2006-05-10 14976]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-10 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2006-09-04 880722]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 SqueezeMySQL;SqueezeMySQL; C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2008-03-03 4149248]
R2 squeezesvc;SqueezeCenter; C:\Program Files\SqueezeCenter\server\squeezecenter.exe [2008-03-03 8212565]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:32 AM

Posted 01 December 2008 - 09:26 AM

Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:

Viewpoint Manager
Viewpoint Media Player



=================


Copy the text below into OTMoveIt3 and click the MoveIt button just like you did before.

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A8B959B-8F39-4BF9-ABC1-D88D78C452D7}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):"msv1_0"


:files
C:\WINDOWS\system32\ELmmmnnn.ini2
C:\WINDOWS\system32\hvrnmgew.ini
C:\WINDOWS\system32\ELmmmnnn.ini


Please post the resulting log from OTMoveit along with a new log from RSIT.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 rextrout

rextrout
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 01 December 2008 - 08:23 PM

1. Viewpoint Manager was not in the list of programs. I did uninstall ViewPoint Media Player

2. OTMoveIt3 becomes unresponsive after hitting the MoveIt button. It responds with 4 lines in the "results" section...because I can't scroll all the way right, I can't quite see the whole message, but here's what I can see:

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7 (truncated)
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a8B959B-8F39-4BF9-ABC1 (truncated)
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet\\ not found
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInInit_DLLS not found.

It also looks like the text I pasted on the left side (under "Paste Instructions") changes after hitting MoveIt.

3. And here's the latest output from RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Mike at 2008-12-01 19:21:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 86 GB (58%) free of 148 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:32 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\Mike\Desktop\OTMoveIt3.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mike\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo 900] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /P22 "EPSON Stylus Photo 900" /O6 "USB001" /M "Stylus Photo 900"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [EPSON Stylus Photo 900] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE /A "C:\WINDOWS\system32\E_S716.tmp"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: www.e-rewards.com
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE6A188E-3139-4631-9A50-87AA0FEE71F6}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SqueezeCenter (squeezesvc) - Unknown owner - C:\Program Files\SqueezeCenter\server\squeezecenter.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9544 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
""= []
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe [2005-08-30 823362]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"EPSON Stylus Photo 900"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE [2002-12-10 75776]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-05-10 94208]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-10 368706]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"=C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe [2006-04-11 176201]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"OfotoNow USB Detection"=C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL [2002-11-05 77824]
"Aim6"= []
"EPSON Stylus Photo 900"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE [2002-12-10 75776]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
SqueezeCenter Tray Tool.lnk - C:\Program Files\SqueezeCenter\SqueezeTray.exe

C:\Documents and Settings\Mike\Start Menu\Programs\Startup
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\nnnmmmLE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Setup.exe"="E:\Setup.exe:*:Enabled:Setup"
"C:\Program Files\EasyShare\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\EasyShare\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2008-11-30 20:35:18 ----D---- C:\Documents and Settings\Mike\Application Data\Malwarebytes
2008-11-30 20:35:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-30 20:35:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-30 20:28:43 ----ASH---- C:\WINDOWS\system32\ELmmmnnn.ini2
2008-11-30 20:27:24 ----D---- C:\_OTMoveIt
2008-11-25 19:49:43 ----ASH---- C:\WINDOWS\system32\hvrnmgew.ini
2008-11-25 06:39:24 ----D---- C:\rsit
2008-11-24 08:39:13 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-23 15:23:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-23 15:20:59 ----D---- C:\Program Files\CCleaner
2008-11-23 14:34:48 ----D---- C:\WINDOWS\pss
2008-11-23 13:59:46 ----D---- C:\Program Files\Lavasoft
2008-11-23 13:59:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-23 13:56:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-23 10:39:55 ----ASH---- C:\WINDOWS\system32\ELmmmnnn.ini
2008-11-23 10:35:00 ----D---- C:\Temp
2008-11-08 15:57:00 ----D---- C:\Program Files\Garmin GPS Plugin
2008-11-08 15:41:49 ----D---- C:\Documents and Settings\All Users\Application Data\GARMIN
2008-11-08 15:41:47 ----D---- C:\Documents and Settings\Mike\Application Data\GARMIN
2008-11-07 18:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-07 18:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-07 18:50:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-07 18:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-07 18:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-07 18:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-07 18:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$

======List of files/folders modified in the last 1 months======

2008-12-01 19:16:18 ----D---- C:\Program Files\Mozilla Firefox
2008-12-01 19:16:02 ----D---- C:\WINDOWS\Prefetch
2008-12-01 19:10:08 ----D---- C:\WINDOWS
2008-12-01 19:09:29 ----D---- C:\WINDOWS\Temp
2008-12-01 19:09:13 ----D---- C:\WINDOWS\Registration
2008-12-01 19:09:05 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-12-01 19:07:16 ----RASH---- C:\boot.ini
2008-12-01 19:07:16 ----N---- C:\WINDOWS\system.ini
2008-12-01 19:07:16 ----A---- C:\WINDOWS\win.ini
2008-12-01 19:02:25 ----D---- C:\Program Files
2008-11-30 21:33:34 ----D---- C:\WINDOWS\system32\drivers
2008-11-30 21:33:34 ----D---- C:\WINDOWS\system32
2008-11-25 07:24:19 ----SHD---- C:\System Volume Information
2008-11-25 07:23:14 ----D---- C:\WINDOWS\system32\Restore
2008-11-24 20:14:03 ----D---- C:\Program Files\Quicken
2008-11-23 20:06:39 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 15:41:17 ----D---- C:\Program Files\Trend Micro
2008-11-23 15:21:46 ----D---- C:\WINDOWS\Debug
2008-11-23 14:01:55 ----SHD---- C:\WINDOWS\Installer
2008-11-23 14:01:48 ----SHD---- C:\Config.Msi
2008-11-23 13:56:36 ----D---- C:\Program Files\Common Files
2008-11-19 06:37:57 ----HD---- C:\WINDOWS\inf
2008-11-08 15:41:32 ----D---- C:\Garmin
2008-11-07 19:42:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-07 18:50:22 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-07 18:50:19 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2004-07-20 16512]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2005-08-30 38528]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-05-03 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-06-29 3712]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tm_cfw;Common Firewall Driver; C:\WINDOWS\System32\Drivers\tm_cfw.sys [2005-08-30 1884585]
R2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-08-16 205328]
R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-08-16 36368]
R2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\Vsapint.sys [2008-08-16 1195448]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
R3 LHidUsbK;Logitech SetPoint USB Receiver Device Driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter; C:\WINDOWS\System32\Drivers\LUsbKbd.Sys [2006-05-10 14976]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-10 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2006-09-04 880722]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 SqueezeMySQL;SqueezeMySQL; C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2008-03-03 4149248]
R2 squeezesvc;SqueezeCenter; C:\Program Files\SqueezeCenter\server\squeezecenter.exe [2008-03-03 8212565]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Edited by rextrout, 01 December 2008 - 08:46 PM.


#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:32 AM

Posted 02 December 2008 - 02:20 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 rextrout

rextrout
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 02 December 2008 - 08:00 AM

Here's the log.

ComboFix 08-12-01.01 - Mike 2008-12-02 6:37:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1386 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Hollis\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Hollis\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Mike\Local Settings\Temporary Internet Files\fbk.sts
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\system32\ELmmmnnn.ini
c:\windows\system32\ELmmmnnn.ini2
c:\windows\system32\hvrnmgew.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-11-30 20:35 . 2008-11-30 20:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 20:35 . 2008-11-30 20:35 <DIR> d-------- c:\documents and settings\Mike\Application Data\Malwarebytes
2008-11-30 20:35 . 2008-11-30 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 20:35 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 20:35 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-30 20:27 . 2008-11-30 20:27 <DIR> d-------- C:\_OTMoveIt
2008-11-25 06:39 . 2008-11-25 07:31 <DIR> d-------- C:\rsit
2008-11-24 10:51 . 2008-11-30 21:32 <DIR> d-------- c:\documents and settings\Hollis\Application Data\Twain
2008-11-23 15:20 . 2008-11-23 15:21 <DIR> d-------- c:\program files\CCleaner
2008-11-23 13:59 . 2008-11-23 13:59 <DIR> d-------- c:\program files\Lavasoft
2008-11-23 13:59 . 2008-11-23 14:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-23 13:56 . 2008-11-23 13:56 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-23 10:35 . 2008-11-23 10:35 <DIR> d-------- c:\temp\FT62
2008-11-23 10:35 . 2008-12-02 06:38 <DIR> d-------- C:\Temp
2008-11-23 10:34 . 2008-11-23 11:06 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-23 10:34 . 2008-11-23 11:06 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-23 10:34 . 2008-11-23 11:06 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-08 15:57 . 2008-11-08 15:57 <DIR> d-------- c:\program files\Garmin GPS Plugin
2008-11-08 15:41 . 2008-11-08 15:41 <DIR> d-------- c:\documents and settings\Mike\Application Data\GARMIN
2008-11-08 15:41 . 2008-11-08 15:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\GARMIN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 01:02 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-25 02:14 --------- d-----w c:\program files\Quicken
2008-11-23 21:41 --------- d-----w c:\program files\Trend Micro
2008-10-03 01:26 --------- d-----w c:\program files\BroadJump
2007-11-07 17:47 11,363,115 ----a-w c:\program files\uedit32.zip
2007-10-19 18:28 11,391,880 ----a-w c:\program files\uesetup.exe
2008-03-23 22:32 88 --sh--r c:\windows\system32\34015D7FEC.sys
2006-11-15 02:37 56 --sh--r c:\windows\system32\EC7F5D0134.sys
2008-03-23 22:32 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"OfotoNow USB Detection"="c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 77824]
"EPSON Stylus Photo 900"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE" [2002-12-10 75776]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"EPSON Stylus Photo 900"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE" [2002-12-10 75776]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-05-03 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-06-25 593920]
SqueezeCenter Tray Tool.lnk - c:\program files\SqueezeCenter\SqueezeTray.exe [2008-03-30 1740887]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EasyShare\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp
"3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp
"3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp

R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-07-31 3712]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL []
R2 squeezesvc;SqueezeCenter;"c:\program files\SqueezeCenter\server\squeezecenter.exe" [2008-03-30 8212565]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\dxr1lxzx.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.boingboing.net/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 06:42:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe
.
**************************************************************************
.
Completion time: 2008-12-02 6:49:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-02 12:49:08

Pre-Run: 90,056,355,840 bytes free
Post-Run: 90,456,080,384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

193 --- E O F --- 2008-11-08 00:50:25

#11 rextrout

rextrout
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 03 December 2008 - 08:54 AM

Hi Sam. What's next? Or are we done? Really appreciate your help so far.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:32 AM

Posted 03 December 2008 - 09:14 AM

Sorry for the delay, I got a little backed up. :thumbsup:

I see just a few more files that we need to remove.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
 c:\temp\FT62

File::
c:\windows\system32\MSINET.OCX
c:\windows\system32\MSINET.oca
c:\windows\system32\MSINET.DEP
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



How is your computer behaving now?
Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 rextrout

rextrout
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 03 December 2008 - 07:53 PM

Based on just a few minutes of use, the computer seems to be ok so far. No unwarranted browser windows yet. Trend Micro Pc-cillin updated automatically after I reactivated it. Hope that was ok.

Let me know what's next...MANY THANKS.

Here's the combofix log.

ComboFix 08-12-01.01 - Mike 2008-12-03 18:37:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1423 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\MSINET.DEP
c:\windows\system32\MSINET.oca
c:\windows\system32\MSINET.OCX
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\FT62
c:\temp\FT62\teTU.log
c:\windows\system32\MSINET.DEP
c:\windows\system32\MSINET.oca
c:\windows\system32\MSINET.OCX

.
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.

2008-11-30 20:35 . 2008-11-30 20:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 20:35 . 2008-11-30 20:35 <DIR> d-------- c:\documents and settings\Mike\Application Data\Malwarebytes
2008-11-30 20:35 . 2008-11-30 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 20:35 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 20:35 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-30 20:27 . 2008-11-30 20:27 <DIR> d-------- C:\_OTMoveIt
2008-11-25 06:39 . 2008-11-25 07:31 <DIR> d-------- C:\rsit
2008-11-24 10:51 . 2008-11-30 21:32 <DIR> d-------- c:\documents and settings\Hollis\Application Data\Twain
2008-11-23 15:20 . 2008-11-23 15:21 <DIR> d-------- c:\program files\CCleaner
2008-11-23 13:59 . 2008-11-23 13:59 <DIR> d-------- c:\program files\Lavasoft
2008-11-23 13:59 . 2008-11-23 14:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-23 13:56 . 2008-11-23 13:56 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-23 10:35 . 2008-12-03 18:37 <DIR> d-------- C:\Temp
2008-11-08 15:57 . 2008-11-08 15:57 <DIR> d-------- c:\program files\Garmin GPS Plugin
2008-11-08 15:41 . 2008-11-08 15:41 <DIR> d-------- c:\documents and settings\Mike\Application Data\GARMIN
2008-11-08 15:41 . 2008-11-08 15:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\GARMIN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 01:02 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-25 02:14 --------- d-----w c:\program files\Quicken
2008-11-23 21:41 --------- d-----w c:\program files\Trend Micro
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 01:23 155,995 ----a-w c:\windows\java\Packages\G0JTVPR7.ZIP
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2007-11-07 17:47 11,363,115 ----a-w c:\program files\uedit32.zip
2007-10-19 18:28 11,391,880 ----a-w c:\program files\uesetup.exe
2008-03-23 22:32 88 --sh--r c:\windows\system32\34015D7FEC.sys
2006-11-15 02:37 56 --sh--r c:\windows\system32\EC7F5D0134.sys
2008-03-23 22:32 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"OfotoNow USB Detection"="c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 77824]
"EPSON Stylus Photo 900"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE" [2002-12-10 75776]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"EPSON Stylus Photo 900"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE" [2002-12-10 75776]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-05-03 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-06-25 593920]
SqueezeCenter Tray Tool.lnk - c:\program files\SqueezeCenter\SqueezeTray.exe [2008-03-30 1740887]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EasyShare\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp
"3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp
"3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp

R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-07-31 3712]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL []
R2 squeezesvc;SqueezeCenter;"c:\program files\SqueezeCenter\server\squeezecenter.exe" [2008-03-30 8212565]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 18:40:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-03 18:40:52
ComboFix-quarantined-files.txt 2008-12-04 00:40:40
ComboFix2.txt 2008-12-02 12:49:12

Pre-Run: 94,618,705,920 bytes free
Post-Run: 94,604,886,016 bytes free

156 --- E O F --- 2008-11-08 00:50:25

#14 rextrout

rextrout
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 03 December 2008 - 09:59 PM

Update:

Not all is well. Trend Micro's real time scan identfied Vundo Trojan in C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP756\A0061261.dll. It was successfully quarantined.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:32 AM

Posted 04 December 2008 - 03:16 PM

No worries. That's just in your system restore files. Easy enough to fix.

Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer, turn it back on and create a restore point.

Create a restore point:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.


Are you having any other issues?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users