Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with vundo and other adware/malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 HHMenace

HHMenace

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 26 November 2008 - 07:06 PM

Hello, I think I am infected with vundo and other malwares. I read previous posts and used the combofix program and it cleaned most of the serious ones away but I think I still have a few left that it didn't clean. I am doing the kaspersky online scan right now and it shows that I have 4 infected objects. Here is my HijackThis & RSIT log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:38 PM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\EMS Free Surfer Companion\fs30.exe
C:\Program Files\TopDesk\topdesk.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\VistaDrive\VistaDrive.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Documents and Settings\HipHopMenace.HIPHOPME-82533D\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\EMS Free Surfer Companion\fs30.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS.0\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab
O20 - AppInit_DLLs: gusiul.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 8354 bytes




Logfile of random's system information tool 1.04 (written by random/random)
Run by HipHopMenace at 2008-11-26 21:42:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 225 GB (74%) free of 305 GB
Total RAM: 2046 MB (71% free)


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2006-02-17 270336]
"AsusStartupHelp"=C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe [2006-11-13 363008]
"CTAPR2"=C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe [2007-01-16 57344]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2007-04-17 184320]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"freesurfer"=C:\Program Files\EMS Free Surfer Companion\fs30.exe [2005-02-15 929792]
"DeadAIM"=C:\Program Files\AIM\\DeadAIM.ocm [2008-02-16 144896]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-10 385024]
"RTHDCPL"=C:\WINDOWS.0\RTHDCPL.EXE [2006-11-14 16270848]
"VistaDrive"=C:\WINDOWS.0\VistaDrive\VistaDrive.exe [2006-10-05 280779]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"D-Link AirPlus XtremeG DWL-G520"=C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe [2007-06-27 1327104]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"=C:\Program Files\Creative\Shared Files\CTSched.exe [2006-11-17 53341]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="gusiul.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS.0\system32\Ati2evxx.dll [2008-05-12 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS.0\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-11-26 21:42:10 ----D---- C:\rsit
2008-11-26 21:29:07 ----A---- C:\WINDOWS.0\system32\wnicapi.dll
2008-11-26 21:29:07 ----A---- C:\WINDOWS.0\system32\WlanApp.dll
2008-11-26 21:29:07 ----A---- C:\WINDOWS.0\system32\odSupp_M.dll
2008-11-26 21:29:07 ----A---- C:\WINDOWS.0\system32\JJAKEn.dll
2008-11-26 21:29:07 ----A---- C:\WINDOWS.0\system32\AQCKGen.dll
2008-11-26 21:29:07 ----A---- C:\WINDOWS.0\system32\ANIWZCS2.dll
2008-11-26 21:29:07 ----A---- C:\WINDOWS.0\system32\ANICtl.dll
2008-11-26 21:29:07 ----A---- C:\WINDOWS.0\system32\aIPH.dll
2008-11-26 21:28:56 ----D---- C:\Program Files\ANI
2008-11-26 21:28:56 ----A---- C:\WINDOWS.0\system32\ANIOApi.dll
2008-11-26 21:28:48 ----D---- C:\WINDOWS.0\LastGood
2008-11-26 21:28:46 ----D---- C:\Program Files\D-Link
2008-11-26 17:19:39 ----A---- C:\WINDOWS.0\resetlog.txt
2008-11-26 16:30:15 ----D---- C:\Documents and Settings\HipHopMenace.HIPHOPME-82533D\Application Data\Malwarebytes
2008-11-26 16:30:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-26 16:30:07 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-11-26 12:08:17 ----D---- C:\WINDOWS.0\pss
2008-11-26 11:36:47 ----A---- C:\WINDOWS.0\gmer.ini
2008-11-26 11:36:46 ----A---- C:\WINDOWS.0\gmer_uninstall.cmd
2008-11-26 11:36:46 ----A---- C:\WINDOWS.0\gmer.exe
2008-11-26 11:36:46 ----A---- C:\WINDOWS.0\gmer.dll
2008-11-26 11:36:33 ----SHD---- C:\RECYCLER
2008-11-26 11:32:11 ----D---- C:\ComboFix
2008-11-26 11:29:30 ----D---- C:\WINDOWS.0\temp
2008-11-26 11:29:29 ----A---- C:\ComboFix.txt
2008-11-26 11:23:36 ----A---- C:\Boot.bak
2008-11-26 11:23:30 ----RASHD---- C:\cmdcons
2008-11-26 11:22:21 ----D---- C:\WINDOWS.0\ERDNT
2008-11-26 10:45:22 ----A---- C:\VundoFix.txt
2008-11-25 18:14:11 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com
2008-11-25 18:14:00 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-25 18:14:00 ----D---- C:\Documents and Settings\HipHopMenace.HIPHOPME-82533D\Application Data\SUPERAntiSpyware.com
2008-11-25 12:39:18 ----D---- C:\Program Files\Enigma Software Group
2008-11-25 12:07:01 ----SHD---- C:\WINDOWS.0\S2V2aW4
2008-11-23 15:19:26 ----A---- C:\WINDOWS.0\system32\a3116e73-.txt
2008-11-20 21:20:29 ----D---- C:\WINDOWS.0\Easy Rapidshare Points
2008-11-15 07:53:30 ----HDC---- C:\WINDOWS.0\$NtUninstallKB957097$
2008-11-15 07:53:27 ----HDC---- C:\WINDOWS.0\$NtUninstallKB954459$
2008-11-15 07:53:21 ----HDC---- C:\WINDOWS.0\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-11-26 21:41:47 ----D---- C:\WINDOWS.0\Prefetch
2008-11-26 21:35:56 ----D---- C:\Program Files\Mozilla Firefox
2008-11-26 21:33:39 ----D---- C:\Documents and Settings
2008-11-26 21:32:21 ----SHD---- C:\WINDOWS.0\Installer
2008-11-26 21:32:21 ----D---- C:\WINDOWS.0
2008-11-26 21:32:21 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-26 21:32:18 ----RD---- C:\Program Files
2008-11-26 21:32:18 ----D---- C:\WINDOWS.0\system32\drivers
2008-11-26 21:32:18 ----D---- C:\WINDOWS.0\system32
2008-11-26 21:32:18 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Lavasoft
2008-11-26 21:29:54 ----AC---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2008-11-26 21:29:07 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-26 21:28:48 ----HD---- C:\WINDOWS.0\inf
2008-11-26 21:28:48 ----D---- C:\WINDOWS.0\system32\CatRoot
2008-11-26 21:28:48 ----D---- C:\WINDOWS.0\security
2008-11-26 21:26:11 ----D---- C:\WINDOWS.0\system32\CatRoot2
2008-11-26 21:26:05 ----AC---- C:\WINDOWS.0\iTouch.ini
2008-11-26 21:24:51 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2008-11-26 17:23:22 ----D---- C:\WINDOWS.0\system32\dllcache
2008-11-26 17:21:37 ----D---- C:\Program Files\TopDesk
2008-11-26 14:51:34 ----SHD---- C:\System Volume Information
2008-11-26 14:51:34 ----D---- C:\WINDOWS.0\system32\Restore
2008-11-26 14:46:19 ----D---- C:\Program Files\Thoosje Sidebar V2.3
2008-11-26 11:27:08 ----A---- C:\WINDOWS.0\system.ini
2008-11-26 11:25:30 ----D---- C:\WINDOWS.0\system32\config
2008-11-26 11:24:57 ----D---- C:\WINDOWS.0\AppPatch
2008-11-26 11:24:57 ----D---- C:\Program Files\Common Files
2008-11-26 11:23:36 ----RASH---- C:\boot.ini
2008-11-25 18:14:03 ----SD---- C:\Documents and Settings\HipHopMenace.HIPHOPME-82533D\Application Data\Microsoft
2008-11-25 13:12:07 ----SD---- C:\WINDOWS.0\Tasks
2008-11-25 12:30:15 ----D---- C:\WINDOWS.0\Debug
2008-11-25 12:28:19 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Viewpoint
2008-11-25 12:28:11 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Corporation
2008-11-25 12:25:42 ----D---- C:\Program Files\Common Files\AVSMedia
2008-11-25 12:25:40 ----D---- C:\Program Files\AVS4YOU
2008-11-25 12:24:44 ----RSD---- C:\WINDOWS.0\Fonts
2008-11-24 22:06:51 ----D---- C:\Program Files\FlashGet
2008-11-24 22:04:11 ----AC---- C:\WINDOWS.0\NeroDigital.ini
2008-11-16 22:23:50 ----D---- C:\Documents and Settings\HipHopMenace.HIPHOPME-82533D\Application Data\Aim
2008-11-16 08:55:59 ----D---- C:\Program Files\PokerStars
2008-11-15 07:53:30 ----HD---- C:\WINDOWS.0\$hf_mig$
2008-11-15 07:53:12 ----D---- C:\WINDOWS.0\WinSxS
2008-11-14 10:37:28 ----D---- C:\WINDOWS.0\Help
2008-11-03 16:10:25 ----AC---- C:\WINDOWS.0\system32\MRT.exe
2008-10-27 09:46:23 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS.0\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 intelppm;Intel Processor Driver; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS.0\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS.0\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ANIO;ANIO Service; \??\C:\WINDOWS.0\system32\ANIO.SYS []
R2 PfModNT;PfModNT; \??\C:\WINDOWS.0\system32\drivers\PfModNT.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS.0\system32\DRIVERS\rspndr.sys [2007-01-01 62336]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS.0\system32\DRIVERS\A3AB.sys [2007-05-24 547744]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS.0\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS.0\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS.0\system32\DRIVERS\ctsfm2k.sys [2005-12-07 142336]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS.0\system32\drivers\ctusfsyn.sys [2007-02-26 171008]
R3 gmer;gmer; C:\WINDOWS.0\System32\DRIVERS\gmer.sys [2008-11-26 85969]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS.0\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2007-01-01 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS.0\system32\drivers\RtkHDAud.sys [2006-11-14 4225920]
R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS.0\System32\Drivers\LCcFltr.Sys [2004-03-03 14095]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS.0\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2007-01-01 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS.0\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS.0\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS.0\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS.0\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS.0\system32\DRIVERS\ctoss2k.sys [2005-12-07 114688]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 t3;SB Xtreme Audio Notebook; C:\WINDOWS.0\system32\drivers\t3.sys [2007-06-18 735744]
R3 t3filt;t3filt; C:\WINDOWS.0\system32\drivers\t3filt.sys [2007-08-19 1656960]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS.0\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS.0\system32\drivers\NSDriver.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS.0\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS.0\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS.0\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS.0\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS.0\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS.0\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS.0\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS.0\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS.0\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS.0\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS.0\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS.0\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS.0\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS.0\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS.0\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS.0\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS.0\system32\Ati2evxx.exe [2008-05-12 540672]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS.0\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-02-17 20543]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-02-17 127035]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-02-17 61503]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
S2 ATI Smart;ATI Smart; C:\WINDOWS.0\system32\ati2sgag.exe [2008-05-12 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-13 14336]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-19 654848]
S4 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-02-17 139264]

-----------------EOF-----------------

Edited by HHMenace, 27 November 2008 - 12:43 AM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 13 December 2008 - 06:02 AM

Hello.. Sorry of our late reply.. If you still need our help, please run RSIT again and post the fresh RSIT log.txt here for my review..

Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 18 December 2008 - 10:39 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users