Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

intervalhehehe virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 friscobite

friscobite

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 04 December 2008 - 12:35 AM

i downloaded an infected copy of winrar and my computer was infected with the intervalheheheh trojan. I've used AVG and various other malware removal software, but im still having issues with Firefox browser opening with Chinese font. if you try to go to google or yahoo or other search engines it pops up a phony microsoft website. anyway i know i'm being redunant in my word's as other's have posted the same issues. i've pasted a copy of the file log from hijackthis. can someone look these over and tell me what areas i've missed if any. i'm almost to the point of crashing the whole system and doing a clean install of windows. thanks for any assistance.
Logfile of random's system information tool 1.04 (written by random/random)
Run by user at 2008-12-03 23:20:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (70%) free of 38 GB
Total RAM: 1279 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:48 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\user.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206765517897
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6084 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ErrorKiller Scheduled Scan.job
C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-03 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-03 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-03 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-01-31 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-01-31 450560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-02 136600]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2004-07-14 57344]
"LTSMMSG"=C:\WINDOWS\LTSMMSG.exe [2002-05-08 32768]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-06-01 257088]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-03 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-02-08 95800]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-08-30 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe"="C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe:*:Enabled:Belkin Wireless Utility"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\Program Files\Windows Defender\MSASCui.exe"="C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:Windows Defender"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1f98330-c0db-11dd-a9ad-00804529b6af}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3b5b420-b9a8-11dc-a8a0-00804529b6af}]
shell\AutoRun\command - E:\Autorun.exe /run
shell\Shell00\command - E:\Autorun.exe /run
shell\Shell01\command - E:\Autorun.exe /action
shell\Shell02\command - E:\Autorun.exe /uninstall


======List of files/folders created in the last 1 months======

2008-12-03 23:20:30 ----D---- C:\rsit
2008-12-03 22:43:59 ----D---- C:\Program Files\Trend Micro
2008-12-03 22:41:17 ----SHD---- C:\RECYCLER
2008-12-03 21:32:15 ----A---- C:\ComboFix.txt
2008-12-03 21:28:33 ----A---- C:\Boot.bak
2008-12-03 21:28:22 ----RASHD---- C:\cmdcons
2008-12-03 21:26:42 ----A---- C:\WINDOWS\zip.exe
2008-12-03 21:26:42 ----A---- C:\WINDOWS\VFIND.exe
2008-12-03 21:26:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-03 21:26:42 ----A---- C:\WINDOWS\SWSC.exe
2008-12-03 21:26:42 ----A---- C:\WINDOWS\SWREG.exe
2008-12-03 21:26:42 ----A---- C:\WINDOWS\sed.exe
2008-12-03 21:26:42 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-03 21:26:42 ----A---- C:\WINDOWS\grep.exe
2008-12-03 21:26:42 ----A---- C:\WINDOWS\fdsv.exe
2008-12-03 21:26:34 ----D---- C:\WINDOWS\ERDNT
2008-12-03 21:26:34 ----D---- C:\Qoobox
2008-12-03 10:13:31 ----D---- C:\Program Files\Mozilla Firefox
2008-12-03 09:09:52 ----HD---- C:\$AVG8.VAULT$
2008-12-03 09:00:14 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-03 08:59:49 ----D---- C:\Documents and Settings\user\Application Data\AVGTOOLBAR
2008-12-03 08:59:23 ----D---- C:\Program Files\AVG
2008-12-03 08:59:23 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-02 21:17:34 ----D---- C:\Program Files\Common Files\Scanner
2008-12-02 19:45:02 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-02 19:44:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-02 19:44:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-02 19:42:34 ----D---- C:\Documents and Settings\user\Application Data\U3
2008-12-02 18:12:44 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 18:12:44 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 18:12:44 ----A---- C:\WINDOWS\system32\java.exe
2008-12-02 18:12:44 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-24 17:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-24 17:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-24 17:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-14 10:50:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-14 10:50:39 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 21:40:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 21:34:52 ----D---- C:\WINDOWS\Prefetch
2008-11-13 21:30:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-13 21:30:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-13 21:30:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-13 21:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-13 21:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-13 21:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-11-13 21:29:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-13 21:29:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-13 21:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-13 21:29:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-13 21:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-13 21:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-13 21:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-13 21:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-13 21:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-13 21:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-13 21:27:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-13 21:18:33 ----D---- C:\Program Files\Messenger
2008-11-13 21:17:45 ----D---- C:\WINDOWS\system32\scripting
2008-11-13 21:17:43 ----D---- C:\WINDOWS\l2schemas
2008-11-13 21:17:42 ----D---- C:\WINDOWS\system32\en
2008-11-13 21:17:42 ----D---- C:\Program Files\msn
2008-11-13 21:17:41 ----D---- C:\WINDOWS\system32\bits
2008-11-13 21:10:37 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-13 21:03:18 ----D---- C:\WINDOWS\network diagnostic
2008-11-13 20:55:18 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

======List of files/folders modified in the last 1 months======

2008-12-03 23:20:48 ----D---- C:\WINDOWS\Temp
2008-12-03 23:08:33 ----SD---- C:\WINDOWS\Tasks
2008-12-03 23:04:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-03 22:43:59 ----RD---- C:\Program Files
2008-12-03 22:41:18 ----D---- C:\WINDOWS
2008-12-03 22:32:53 ----D---- C:\Program Files\Registry Mechanic
2008-12-03 22:32:47 ----SHD---- C:\WINDOWS\Installer
2008-12-03 22:32:45 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-03 22:32:45 ----D---- C:\WINDOWS\security
2008-12-03 22:32:43 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-03 22:32:43 ----D---- C:\WINDOWS\system32
2008-12-03 21:30:55 ----A---- C:\WINDOWS\system.ini
2008-12-03 21:29:58 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 21:29:57 ----D---- C:\WINDOWS\AppPatch
2008-12-03 21:29:57 ----D---- C:\Program Files\Common Files
2008-12-03 21:28:33 ----RASH---- C:\boot.ini
2008-12-03 21:26:41 ----SHD---- C:\System Volume Information
2008-12-03 21:26:41 ----D---- C:\WINDOWS\system32\Restore
2008-12-03 10:18:04 ----D---- C:\Documents and Settings
2008-12-03 08:59:21 ----D---- C:\WINDOWS\WinSxS
2008-12-03 08:59:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 08:58:33 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2008-12-03 08:50:47 ----D---- C:\Documents and Settings\user\Application Data\Mozilla
2008-12-03 06:39:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-03 06:38:45 ----HD---- C:\WINDOWS\inf
2008-12-02 18:11:57 ----D---- C:\Program Files\Java
2008-12-02 18:06:48 ----D---- C:\WINDOWS\Help
2008-12-02 16:49:15 ----D---- C:\WINDOWS\system32\config
2008-12-02 16:48:58 ----D---- C:\WINDOWS\system32\wbem
2008-12-02 16:48:57 ----D---- C:\WINDOWS\Registration
2008-11-27 09:26:09 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-24 17:37:25 ----A---- C:\WINDOWS\imsins.BAK
2008-11-24 17:37:19 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-14 11:21:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-13 21:36:52 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-13 21:35:34 ----A---- C:\WINDOWS\setuplog.txt
2008-11-13 21:33:59 ----D---- C:\WINDOWS\system32\Setup
2008-11-13 21:33:54 ----RSD---- C:\WINDOWS\Fonts
2008-11-13 21:18:17 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-13 21:18:16 ----D---- C:\WINDOWS\ime
2008-11-13 21:17:46 ----D---- C:\WINDOWS\system32\usmt
2008-11-13 21:17:46 ----D---- C:\WINDOWS\system32\en-us
2008-11-13 21:17:43 ----D---- C:\Program Files\Internet Explorer
2008-11-13 21:17:41 ----D---- C:\WINDOWS\PeerNet
2008-11-13 21:17:41 ----D---- C:\Program Files\Movie Maker
2008-11-13 21:09:52 ----D---- C:\WINDOWS\system32\npp
2008-11-13 21:09:52 ----D---- C:\WINDOWS\mui
2008-11-13 21:09:46 ----D---- C:\WINDOWS\msagent
2008-11-13 21:09:35 ----D---- C:\WINDOWS\srchasst
2008-11-13 21:09:29 ----D---- C:\Program Files\NetMeeting
2008-11-13 21:09:21 ----D---- C:\WINDOWS\system32\Com
2008-11-13 21:08:55 ----D---- C:\Program Files\Windows Media Player
2008-11-13 21:08:54 ----D---- C:\Program Files\Windows NT
2008-11-13 21:08:54 ----D---- C:\Program Files\Outlook Express
2008-11-13 21:08:41 ----D---- C:\Program Files\Common Files\System
2008-11-13 21:07:05 ----D---- C:\WINDOWS\system32\oobe
2008-11-13 21:06:57 ----D---- C:\WINDOWS\system
2008-11-13 21:00:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-13 20:55:17 ----D---- C:\WINDOWS\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-03 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-03 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-03-11 17801]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-03 76040]
R2 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2002-01-31 251120]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-08-30 1540608]
R3 BLKWGN;Belkin Wireless G Notebook Card Service; C:\WINDOWS\system32\DRIVERS\BLKWGN.sys [2005-06-01 463872]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HOTKEY;Panasonic Hotkey Driver; C:\WINDOWS\system32\DRIVERS\HOTKEY.SYS [2002-07-29 8576]
R3 LucentSoftModem;Lucent Technologies Soft Modem; C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-05-08 808939]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\wlanndi5.SYS []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\combofix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2005-11-23 16512]
S3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2006-04-04 13824]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 55344]
S3 pwi_mdfl;Curitel PC Card Filter; C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 9200]
S3 pwi_mdm;Curitel PC Card Drivers; C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter; C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 69632]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2006-06-14 29184]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XPAD910;XPADFilter Service 910; C:\WINDOWS\system32\DRIVERS\xpad910.sys [2006-02-07 29405]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2005-05-04 36864]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-08-30 413696]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-03 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-02 152984]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-01 501312]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-03 23:20:52

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belkin Wireless Utility-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1C523473-52A7-4548-9EA4-AEFBE085B407}
CNetX Flash Format-->"C:\Program Files\Microsoft ActiveSync\CNetX\Flash Format\uInstall.exe" C:\Program Files\Microsoft ActiveSync\CNetX\Flash Format\FLSH4MAT.uil
Curitel PC Card Software-->C:\Program Files\CURITEL\Curitel PC Card\PWI_Uninstall.exe
e-Sword-->MsiExec.exe /I{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
Game Elements GGE910 Wireless PC Control Pad-->C:\PROGRA~1\GAMEEL~1\UNWISE.EXE C:\PROGRA~1\GAMEEL~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Lucent Technologies Soft Modem AMR-->ltremove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mouse Suite-->PMUninst.exe MouseSuite98
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Oce im2830 Series Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{43D04577-3193-40FF-8021-B75FF252EB05}\SETUP.EXE" -l0x9
OLYMPUS Master 2-->MsiExec.exe /X{CB49B376-1136-44B4-83FA-036334B59937}
Pocket e-Sword (2003)-->MsiExec.exe /I{3B012053-6771-48DD-A5F2-1BDB43B3B7A6}
PocketNester-->C:\Program Files\Microsoft ActiveSync\PocketNester\Uninstall.exe PocketNester
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Super Mario Bros. Screensaver-->C:\Program Files\V2W\Super Mario Bros.\Uninstall.exe
Synaptics TouchPad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tabasco Dance Hall Screen Saver-->C:\WINDOWS\Tabasco Dance Hall.scr /u
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com
O1 - Hosts: 123.251.143.110 www.1.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com
O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfld.com
O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com
O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.251.143.110 www.ghfhj.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 123.251.143.110 www.3.com
O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60311
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com
O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com
O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com
O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60311
O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com
O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.gg.com
O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com
O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasndfd.com
O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com
O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com
O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com
O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispy.com
O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com
O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com
O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com
O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com
O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com
O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com
O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:38 PM

Posted 15 December 2008 - 04:39 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:38 PM

Posted 20 December 2008 - 04:59 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users